Vulnerability Description
Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Followmedarling | Cookies And Content Security Policy | <= 2.29 |
Related Weaknesses (CWE)
References
- http://cookies.comNot Applicable
- http://johan.comNot Applicable
- https://gist.github.com/piotrmaciejbednarski/f738145c0ab24a110649dc16907e395bProduct
- https://github.com/piotrmaciejbednarski/CVE-2025-51529ExploitThird Party Advisory
FAQ
What is CVE-2025-51529?
CVE-2025-51529 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (databas...
How severe is CVE-2025-51529?
CVE-2025-51529 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-51529?
Check the references section above for vendor advisories and patch information. Affected products include: Followmedarling Cookies And Content Security Policy.