eu-privacy/cookie plugin security risk?

[fstorch]

I've installed the
EU e-Privacy Directive package from Michael Richey to prepare for the big change.
https://www.richeyweb.com/software/joomla/packages/9-eu-e-privacy-directive

Although I don't use any multi-page form or public thumbs/ratings, I think it's better to prove that the law has been take care of.

Unfortunately I noticed, that when I use the Accept cookies button on a public form(not logged in, so public), I'll see a group that should be shown only to logged in users.
I also can navigate to lists without ever logging in. And when I submit a form, the user is stored empty.

Tried on chrome and edge where I have never logged in before.
While it would be logical to contact Michael on this first, I'm very unsettled, that a plugin can disable Joomla's/Fabrik's security.

 

[Sophist]

I use this plugin myself. It is one of the few plugins that actually stops the use of cookies entirely until the user has accepted cookies. I have included Access Level Settings in my Fabrik List and Element settings right from the off, and I have never had any issues like this - so it is possible that your Menu / List / Element access settings are not quite correct.

If you would like to describe what Access settings you have used on Lists and Elements, I will see if I can help.

S

 

[fstorch]

Appreciate your help.
List view, Entry view and Edit are limited to registered.
Registered is still Registered, Manager, Super Users

Internal Menu is disallowed for Public.

Menu Entries are limited to registered.

The internal group is unlimited/Public (otherwise the insert TS and Insert User don't work) , but all Elements are at least limited to Registered.

This all works fine, until I click on the Accept Cookie Button.
Display Type is Joomla Module.

And I think I now found the culrpit:
On the extended Tab of the plugin, the view level was "Registered".
Changed it to "Public" and security seems to work fine again.
Probably misunderstood the meaning.
Thanks for your help.