CVE-2025-51529 | THREATINT

Description

Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-19 | Updated 2025-08-19 | Assigner mitre

References

cookies.com

johan.com

gist.github.com/...ednarski/f738145c0ab24a110649dc16907e395b

github.com/piotrmaciejbednarski/CVE-2025-51529

cve.org (CVE-2025-51529)

nvd.nist.gov (CVE-2025-51529)

Download JSON