Changeset 3461682 for simple-gdpr-cookie-compliance

Timestamp:

02/15/2026 08:15:51 AM (6 weeks ago)

Author:

themebeez

Message:

Update to version 2.0.1 from GitHub

Location:

simple-gdpr-cookie-compliance

Files:

• tags/2.0.1 (copied) (copied from simple-gdpr-cookie-compliance/trunk)
• tags/2.0.1/README.txt (modified) (3 diffs)
• tags/2.0.1/includes/udp/class-udp-agent.php (modified) (1 diff)
• tags/2.0.1/postcss.config.cts (deleted)
• tags/2.0.1/simple-gdpr-cookie-compliance.php (modified) (3 diffs)
• tags/2.0.1/tailwind.config.ts (deleted)
• trunk/README.txt (modified) (3 diffs)
• trunk/includes/udp/class-udp-agent.php (modified) (1 diff)
• trunk/postcss.config.cts (deleted)
• trunk/simple-gdpr-cookie-compliance.php (modified) (3 diffs)
• trunk/tailwind.config.ts (deleted)

simple-gdpr-cookie-compliance/tags/2.0.1/README.txt

@@ -5 +5 @@
 Tags: cookie notice, GDPR, CCPA, cookie privacy, cookie consent
 Requires at least: 5.6
-Tested up to: 6.7
+Tested up to: 6.9.1
 Requires PHP: 7.4
-Stable tag: 2.0.0
+Stable tag: 2.0.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -67 +67 @@
 = Is this a free plugin? =
 
-Yes, it is. Simple GDPR Cookie Compliance will remain free forever.
-
-= How do I customize my message? =
-
-Click on Simple GDPR on your dashboard. It will lead you to the plugin's page where you can find options to customize your message.
+Short answer is, yes. Simple GDPR Cookie Compliance will remain free forever. None of the existing and upcoming features will be locked behind a pro/premium plan. Consider supporting the project development by [donating](https://donation.creamcode.org).
+
+= How do I customize the plugin setting =
+
+You can customize the plugin setting by navigating to Dashboard > Simple GDPR page. You can customize the message, color, cookie expiration date, and other settings from there.
+
+= Dealing with the cache plugin =
+
+Since `2.0.0` we have made the dynamic CSS generated by the plugin cacheable. If you are using a cache plugin, you may need to clear the cache after changing the plugin settings.
 
 = Do you provide free support? =
@@ -89 +93 @@
 
 == Changelog ==
+
+= 2.0.1 - 15 February, 2026 =
+
+- Fix: Broken Access Control in UDP Agent (CVSS 5.3). Credits to Legion Hunter. Unauthenticated attacker can update option value for "udp_agent_allow_tracking" via "init" hook due to missing authorization and nonce check in it's callback function "on_init".
 
 = 2.0.0 - 06 February, 2025 =

simple-gdpr-cookie-compliance/tags/2.0.1/includes/udp/class-udp-agent.php

@@ -173 +173 @@
      */
     private function process_user_tracking_choice() {
+        // Verify if the user is logged in and has the capability to manage options.
+        if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
+            wp_safe_redirect( home_url() );
+            exit;
+        }
 
         $users_choice = isset( $_GET['udp-agent-allow-access'] ) ? sanitize_text_field( wp_unslash( $_GET['udp-agent-allow-access'] ) ) : ''; //phpcs:ignore

simple-gdpr-cookie-compliance/tags/2.0.1/simple-gdpr-cookie-compliance.php

@@ -10 +10 @@
  * Plugin URI:        https://themebeez.com/plugins/simple-gdpr-cookie-compliance
  * Description:       Simple GDPR Cookie Compliance is a simple plugin that helps to display cookie notice on your WordPress website.
- * Version:           2.0.0
+ * Version:           2.0.1
  * Requires at least: 5.6
  * Requires PHP:      7.4
- * Tested up to:      6.7
+ * Tested up to:      6.9.1
  * Author:            themebeez
  * Author URI:        https://themebeez.com/
@@ -20 +20 @@
  * Text Domain:       simple-gdpr-cookie-compliance
  * Domain Path:       /languages
- * Tags:              cookie notice, GDPR, CCPA, cookie privacy, cookie consent
+ * Tags:              cookie notice, cookie banner, GDPR cookie, cookie privacy, cookie consent
  */
 
@@ -33 +33 @@
  * Rename this for your plugin and update it as you release new versions.
  */
-define( 'SIMPLE_GDPR_COOKIE_COMPLIANCE_VERSION', '2.0.0' );
+define( 'SIMPLE_GDPR_COOKIE_COMPLIANCE_VERSION', '2.0.1' );
 define( 'SIMPLE_GDPR_COOKIE_COMPLIANCE_BASENAME', plugin_basename( __FILE__ ) );
 

simple-gdpr-cookie-compliance/trunk/README.txt

@@ -5 +5 @@
 Tags: cookie notice, GDPR, CCPA, cookie privacy, cookie consent
 Requires at least: 5.6
-Tested up to: 6.7
+Tested up to: 6.9.1
 Requires PHP: 7.4
-Stable tag: 2.0.0
+Stable tag: 2.0.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -67 +67 @@
 = Is this a free plugin? =
 
-Yes, it is. Simple GDPR Cookie Compliance will remain free forever.
-
-= How do I customize my message? =
-
-Click on Simple GDPR on your dashboard. It will lead you to the plugin's page where you can find options to customize your message.
+Short answer is, yes. Simple GDPR Cookie Compliance will remain free forever. None of the existing and upcoming features will be locked behind a pro/premium plan. Consider supporting the project development by [donating](https://donation.creamcode.org).
+
+= How do I customize the plugin setting =
+
+You can customize the plugin setting by navigating to Dashboard > Simple GDPR page. You can customize the message, color, cookie expiration date, and other settings from there.
+
+= Dealing with the cache plugin =
+
+Since `2.0.0` we have made the dynamic CSS generated by the plugin cacheable. If you are using a cache plugin, you may need to clear the cache after changing the plugin settings.
 
 = Do you provide free support? =
@@ -89 +93 @@
 
 == Changelog ==
+
+= 2.0.1 - 15 February, 2026 =
+
+- Fix: Broken Access Control in UDP Agent (CVSS 5.3). Credits to Legion Hunter. Unauthenticated attacker can update option value for "udp_agent_allow_tracking" via "init" hook due to missing authorization and nonce check in it's callback function "on_init".
 
 = 2.0.0 - 06 February, 2025 =

simple-gdpr-cookie-compliance/trunk/includes/udp/class-udp-agent.php

@@ -173 +173 @@
      */
     private function process_user_tracking_choice() {
+        // Verify if the user is logged in and has the capability to manage options.
+        if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
+            wp_safe_redirect( home_url() );
+            exit;
+        }
 
         $users_choice = isset( $_GET['udp-agent-allow-access'] ) ? sanitize_text_field( wp_unslash( $_GET['udp-agent-allow-access'] ) ) : ''; //phpcs:ignore

simple-gdpr-cookie-compliance/trunk/simple-gdpr-cookie-compliance.php

@@ -10 +10 @@
  * Plugin URI:        https://themebeez.com/plugins/simple-gdpr-cookie-compliance
  * Description:       Simple GDPR Cookie Compliance is a simple plugin that helps to display cookie notice on your WordPress website.
- * Version:           2.0.0
+ * Version:           2.0.1
  * Requires at least: 5.6
  * Requires PHP:      7.4
- * Tested up to:      6.7
+ * Tested up to:      6.9.1
  * Author:            themebeez
  * Author URI:        https://themebeez.com/
@@ -20 +20 @@
  * Text Domain:       simple-gdpr-cookie-compliance
  * Domain Path:       /languages
- * Tags:              cookie notice, GDPR, CCPA, cookie privacy, cookie consent
+ * Tags:              cookie notice, cookie banner, GDPR cookie, cookie privacy, cookie consent
  */
 
@@ -33 +33 @@
  * Rename this for your plugin and update it as you release new versions.
  */
-define( 'SIMPLE_GDPR_COOKIE_COMPLIANCE_VERSION', '2.0.0' );
+define( 'SIMPLE_GDPR_COOKIE_COMPLIANCE_VERSION', '2.0.1' );
 define( 'SIMPLE_GDPR_COOKIE_COMPLIANCE_BASENAME', plugin_basename( __FILE__ ) );