WP-Safety

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Security & Risk Analysis

wordpress.org/plugins/wpconsent-cookies-banner-privacy-suite

Improve WordPress privacy compliance. Custom GDPR / CCPA cookie consent banner, full site cookie scanner, automatic script blocking and cookie policy

100K active installs v1.1.3.1 PHP 7.0+ WP 5.6+ Updated Feb 24, 2026
consentcookiecookie-consentcookie-noticegdpr
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Safe to Use in 2026?

Generally Safe

Score 100/100

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The wpconsent-cookies-banner-privacy-suite plugin exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and a high percentage of properly escaped output, suggesting a general awareness of secure coding practices. The absence of dangerous functions and critical/high severity taint flows is also a strong positive indicator. However, there are notable areas of concern that warrant attention.

The plugin has a significant attack surface with 26 entry points, and alarmingly, one AJAX handler lacks authentication checks. This unprotected entry point represents a potential avenue for unauthorized actions if exploited. Furthermore, all SQL queries are executed without prepared statements, introducing a risk of SQL injection vulnerabilities, especially if any user-supplied data indirectly influences these queries. While taint analysis found no critical or high severity issues, the presence of one unsanitized path flow suggests a need for careful review of data handling.

The absence of any historical vulnerabilities could indicate a proactive security approach or simply a lack of past discoveries. However, the identified code-level risks, particularly the unauthenticated AJAX handler and the lack of prepared statements for SQL queries, should be addressed promptly to strengthen the plugin's security. The plugin's strengths lie in its output escaping and lack of known exploits, but its potential for undiscovered vulnerabilities due to poor SQL practices and an unprotected entry point necessitates caution.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries without prepared statements
Vulnerabilities
None known

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
0 prepared
Unescaped Output
55
782 escaped
Nonce Checks
29
Capability Checks
17
File Operations
6
External Requests
9
Bundled Libraries
0

SQL Query Safety

0% prepared10 total queries

Output Escaping

93% escaped837 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
<class-wpconsent-scanner> (includes\class-wpconsent-scanner.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Attack Surface

Entry Points26
Unprotected1

AJAX Handlers 24

authwp_ajax_wpconsent_add_categoryincludes\admin\admin-ajax.php:3
authwp_ajax_wpconsent_edit_categoryincludes\admin\admin-ajax.php:4
authwp_ajax_wpconsent_delete_categoryincludes\admin\admin-ajax.php:5
authwp_ajax_wpconsent_manage_serviceincludes\admin\admin-ajax.php:7
authwp_ajax_wpconsent_delete_serviceincludes\admin\admin-ajax.php:8
authwp_ajax_wpconsent_get_servicesincludes\admin\admin-ajax.php:9
authwp_ajax_wpconsent_manage_cookieincludes\admin\admin-ajax.php:11
authwp_ajax_wpconsent_delete_cookieincludes\admin\admin-ajax.php:12
authwp_ajax_wpconsent_search_pagesincludes\admin\admin-ajax.php:14
authwp_ajax_wpconsent_auto_configureincludes\admin\admin-ajax.php:16
authwp_ajax_wpconsent_save_banner_layoutincludes\admin\admin-ajax.php:18
authwp_ajax_wpconsent_complete_onboardingincludes\admin\admin-ajax.php:20
authwp_ajax_wpconsent_generate_cookie_policyincludes\admin\admin-ajax.php:22
authwp_ajax_wpconsent_search_contentincludes\admin\admin-ajax.php:24
authwp_ajax_wpconsent_save_scanner_itemsincludes\admin\admin-ajax.php:25
authwp_ajax_wpconsent_reset_to_defaultsincludes\admin\admin-ajax.php:27
authwp_ajax_wpconsent_save_usage_trackingincludes\admin\admin-ajax.php:29
authwp_ajax_wpconsent_verify_sslincludes\admin\admin-ajax.php:31
authwp_ajax_wpconsent_notice_dismissincludes\admin\class-wpconsent-admin-notice.php:66
authwp_ajax_wpconsent_notification_dismissincludes\admin\class-wpconsent-notifications.php:53
authwp_ajax_wpconsent_scan_websiteincludes\class-wpconsent-scanner.php:100
authwp_ajax_wpconsent_scan_pageincludes\class-wpconsent-scanner.php:101
authwp_ajax_wpconsent_connect_urlincludes\lite\admin\class-wpconsent-connect.php:33
noprivwp_ajax_wpconsent_connect_processincludes\lite\admin\class-wpconsent-connect.php:34

Shortcodes 2

[wpconsent_cookie_policy] includes\cookie-policy-shortcode.php:12
[wpconsent_preferences_button] includes\preferences-button-shortcode.php:12
WordPress Hooks 67
actionadmin_enqueue_scriptsincludes\admin\admin-scripts.php:12
actionadmin_noticesincludes\admin\class-wpconsent-admin-notice.php:63
actionwpconsent_admin_noticesincludes\admin\class-wpconsent-admin-notice.php:65
actionwpconsent_admin_pageincludes\admin\class-wpconsent-admin-notice.php:69
actionadmin_initincludes\admin\class-wpconsent-admin-notice.php:72
actionadmin_menuincludes\admin\class-wpconsent-admin-page-loader.php:69
filterparent_fileincludes\admin\class-wpconsent-admin-page-loader.php:72
actionwpconsent_admin_notifications_updateincludes\admin\class-wpconsent-notifications.php:55
actionload-options-privacy.phpincludes\admin\class-wpconsent-privacy-integration.php:25
actionadmin_enqueue_scriptsincludes\admin\class-wpconsent-privacy-integration.php:28
actionwp_dashboard_setupincludes\admin\class-wpconsent-reminders.php:18
actionadmin_initincludes\admin\class-wpconsent-reminders.php:20
actionadmin_initincludes\admin\class-wpconsent-review.php:22
filteradmin_footer_textincludes\admin\class-wpconsent-review.php:25
actioninitincludes\admin\class-wpconsent-usage-tracking.php:50
actionwpconsent_usage_tracking_cronincludes\admin\class-wpconsent-usage-tracking.php:51
actionadmin_initincludes\admin\onboarding.php:12
actionadmin_initincludes\admin\pages\class-wpconsent-admin-page-banner.php:60
filterwpconsent_admin_js_dataincludes\admin\pages\class-wpconsent-admin-page-banner.php:89
actionadmin_initincludes\admin\pages\class-wpconsent-admin-page-cookies.php:51
filterwpconsent_admin_js_dataincludes\admin\pages\class-wpconsent-admin-page-cookies.php:52
filterwpconsent_admin_js_dataincludes\admin\pages\class-wpconsent-admin-page-dashboard.php:36
actionadmin_body_classincludes\admin\pages\class-wpconsent-admin-page-onboarding.php:66
filterwpconsent_admin_js_dataincludes\admin\pages\class-wpconsent-admin-page-onboarding.php:67
filterwpconsent_admin_js_dataincludes\admin\pages\class-wpconsent-admin-page-onboarding.php:68
actionadmin_initincludes\admin\pages\class-wpconsent-admin-page-tools.php:51
actionadmin_initincludes\admin\pages\class-wpconsent-admin-page-tools.php:52
actionadmin_initincludes\admin\pages\class-wpconsent-admin-page-tools.php:53
filterwpconsent_admin_js_dataincludes\admin\pages\class-wpconsent-admin-page-tools.php:54
actionadmin_menuincludes\admin\pages\class-wpconsent-admin-page.php:96
actionwpconsent_admin_pageincludes\admin\pages\class-wpconsent-admin-page.php:107
actionwpconsent_admin_pageincludes\admin\pages\class-wpconsent-admin-page.php:108
actionadmin_enqueue_scriptsincludes\admin\pages\class-wpconsent-admin-page.php:109
filteradmin_body_classincludes\admin\pages\class-wpconsent-admin-page.php:110
actionin_admin_footerincludes\admin\pages\class-wpconsent-admin-page.php:111
actionwp_footerincludes\class-wpconsent-banner.php:33
actionwp_enqueue_scriptsincludes\class-wpconsent-content-placeholder.php:44
actiontemplate_redirectincludes\class-wpconsent-cookie-blocking.php:44
actionshutdownincludes\class-wpconsent-cookie-blocking.php:45
filterwpconsent_skip_script_blockingincludes\class-wpconsent-cookie-blocking.php:46
filterwpconsent_skip_script_blockingincludes\class-wpconsent-cookie-blocking.php:47
filterwpconsent_skip_script_blockingincludes\class-wpconsent-cookie-blocking.php:48
actioninitincludes\class-wpconsent-cookies.php:31
actioninitincludes\class-wpconsent-cookies.php:32
actionadmin_initincludes\class-wpconsent-install.php:22
filterwpconsent_banner_outputincludes\compatibility\bricks.php:12
filterwpconsent_should_block_scriptsincludes\compatibility\bricks.php:13
filterwpconsent_banner_outputincludes\compatibility\divi.php:12
filterwpconsent_should_block_scriptsincludes\compatibility\divi.php:13
actionedd_view_receiptincludes\compatibility\easy-digital-downloads.php:12
filterwpconsent_banner_outputincludes\compatibility\easy-digital-downloads.php:18
actionplugins_loadedincludes\compatibility\loader.php:40
filterrocket_lrc_exclusionsincludes\compatibility\wp-rocket.php:12
actionwp_enqueue_scriptsincludes\frontend-scripts.php:12
actionwp_headincludes\frontend-scripts.php:13
actionadmin_menuincludes\lite\admin\class-wpconsent-admin-page-loader-lite.php:22
actionadmin_headincludes\lite\admin\class-wpconsent-admin-page-loader-lite.php:23
actionadmin_headincludes\lite\admin\class-wpconsent-admin-page-loader-lite.php:24
actionwpconsent_admin_page_content_wpconsent-cookiesincludes\lite\admin\class-wpconsent-connect.php:32
actionwpconsent_admin_pageincludes\lite\admin\notices.php:12
actionwpconsent_admin_page_content_wpconsent-cookiesincludes\lite\admin\notices.php:13
actionactivate_wpconsent-premium/wpconsent-premium.phpwpconsent.php:38
actionactivate_wpconsent-cookies-banner-privacy-suite/wpconsent.phpwpconsent.php:51
actiondeactivate_wpconsent-cookies-banner-privacy-suite/wpconsent.phpwpconsent.php:69
actionadmin_initwpconsent.php:84
actionadmin_noticeswpconsent.php:119
actionplugins_loadedwpconsent.php:259

Scheduled Events 2

wpconsent_admin_notifications_update
wpconsent_usage_tracking_cron
Maintenance & Trust

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.0
Downloads668K

Community Trust

Rating96/100
Number of ratings44
Active installs100K
Alternatives

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Alternatives

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

cookie-law-info

A
100

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M 1 CVE
Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

cookiebot

B
72

Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.

100K 1 unpatched
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

gdpr-cookie-consent

A
89

WPLP Cookie Consent helps WordPress website owners display cookie consent banners, manage user preferences, and control third-party scripts in line wi &hellip;

10K 10 CVEs
Lightweight Cookie Notice – Cookie Banner for Cookie Consent

Lightweight Cookie Notice – Cookie Banner for Cookie Consent

lightweight-cookie-notice-free

A
100

This is the free version of Lightweight Cookie Notice, the lightweight and customizable cookie plugin for WordPress.

5K No CVEs
Simple GDPR Cookie Compliance

Simple GDPR Cookie Compliance

simple-gdpr-cookie-compliance

A
99

Simple GDPR Cookie Compliance is a simple plugin that helps to display cookie notice on your WordPress website.

5K 1 CVE
Developer Profile

WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA) Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
795 days
View full developer profile
Detection Fingerprints

How We Detect WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/css/admin.css/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/css/frontend.css/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/admin.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/frontend.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/onboarding.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/vendor/choices.min.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/vendor/tinymce/tinymce.min.js
Script Paths
/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/admin.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/frontend.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/onboarding.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/vendor/choices.min.js/wp-content/plugins/wpconsent-cookies-banner-privacy-suite/assets/js/vendor/tinymce/tinymce.min.js
Version Parameters
wpconsent-cookies-banner-privacy-suite/assets/css/admin.css?ver=wpconsent-cookies-banner-privacy-suite/assets/css/frontend.css?ver=wpconsent-cookies-banner-privacy-suite/assets/js/admin.js?ver=wpconsent-cookies-banner-privacy-suite/assets/js/frontend.js?ver=wpconsent-cookies-banner-privacy-suite/assets/js/onboarding.js?ver=wpconsent-cookies-banner-privacy-suite/assets/js/vendor/choices.min.js?ver=wpconsent-cookies-banner-privacy-suite/assets/js/vendor/tinymce/tinymce.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpconsent-bannerwpconsent-cookies-banner-containerwpconsent-cookies-settings-section
HTML Comments
<!-- wpconsent start --><!-- wpconsent end --><!-- WPConsent Admin Notice --><!-- wpconsent-cookie-notice -->
Data Attributes
data-wpconsent-optionsdata-wpconsent-id
JS Globals
WPConsentFrontendwpconsent_settingswpconsent_strings
Shortcode Output
[wpconsent_cookie_banner][wpconsent_cookie_settings]
FAQ

Frequently Asked Questions about WPConsent – Cookie Consent Banner for Privacy Compliance (GDPR / CCPA)