Does WF Cookie Consent have any unpatched vulnerabilities?

No. All known vulnerabilities in WF Cookie Consent have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WF Cookie Consent compatible with WordPress 6.5.8?

According to WordPress.org data, WF Cookie Consent 1.2.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is WF Cookie Consent updated?

WF Cookie Consent was last updated on Jun 11, 2024. Frequent updates are generally a positive security signal.

What is WF Cookie Consent's security score?

WF Cookie Consent has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WF Cookie Consent Security & Risk Analysis

wordpress.org/plugins/wf-cookie-consent

The wunderfarm-way to show how your website complies with the EU Cookie Law - very easy, 100% responsive and with multi-language support!

10K active installs v1.2.0 PHP + WP 3.0.1+ Updated Jun 11, 2024

compliancecookie-lawcookiebarcookielawcookies

A · Safe

CVEs total1

Unpatched0

Last CVEMay 1, 2018

Plugin page Download

Safety Verdict

Is WF Cookie Consent Safe to Use in 2026?

Generally Safe

Score 92/100

WF Cookie Consent has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 1, 2018Updated 1yr ago

Risk Assessment

The "wf-cookie-consent" plugin version 1.2.0 shows a mixed security posture. While the static analysis indicates a clean bill of health regarding entry points, dangerous functions, SQL injection, file operations, and external requests, there are notable concerns. The output escaping is only 38% properly done, which is a significant weakness that could lead to cross-site scripting vulnerabilities. Furthermore, the complete lack of capability checks and nonce checks across all identified entry points (even though there are none currently) is a structural concern that could become a risk if new entry points are added without proper security considerations. The plugin's vulnerability history shows a single medium-severity CVE in 2018, which was related to Cross-site Scripting and is currently patched. This suggests that while historical vulnerabilities have been addressed, the output escaping issue could be a recurring or latent risk.

Key Concerns

Low percentage of properly escaped output
No capability checks on entry points
No nonce checks on entry points
Past medium severity XSS vulnerability

Vulnerabilities

WF Cookie Consent Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2018-10371medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WF Cookie Consent <= 1.1.3 - Cross-Site Scripting

May 1, 2018 Patched in 1.1.4 (2093d)

Code Analysis

Analyzed Mar 16, 2026

WF Cookie Consent Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

38% escaped16 total outputs

Attack Surface

WF Cookie Consent Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwp_enqueue_scriptswf-cookie-consent.php:23

actionwp_footerwf-cookie-consent.php:104

actionadmin_menuwf-cookie-consent.php:124

actionadmin_initwf-cookie-consent.php:216

actionadmin_noticeswf-cookie-consent.php:291

Maintenance & Trust

WF Cookie Consent Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJun 11, 2024

PHP min version

Downloads726K

Community Trust

Rating100/100

Number of ratings27

Active installs10K

Alternatives

WF Cookie Consent Alternatives

Ilmenite Cookie Consent

ilmenite-cookie-consent

A simple, developer-friendly WordPress plugin with minimum bloat that lets visitors know that the site is using cookies.

2K No CVEs

WP GDPR Cookie Consent

wp-gdpr-cookie-consent

The Most Light-Weight, Simple and Complete GDPR Cookie Consent WP Plugin.

100 No CVEs

WP Consent API

wp-consent-api

100

Simple Consent API to read and register the current consent category.

200K No CVEs

Cookie Bar

cookie-bar

Cookie Bar allows you to discreetly inform visitors that your website uses cookies.

10K 2 CVEs

Cookie-Script.com

cookie-script-com

Cookie-Script.com WordPress plugin.

10K 1 CVE

Developer Profile

WF Cookie Consent Developer Profile

wunderfarm

3 plugins · 11K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

2093 days

View full developer profile

Detection Fingerprints

How We Detect WF Cookie Consent

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wf-cookie-consent/js/cookiechoices.min.js

Script Paths