CVE-2025-51529

MEDIUM

Followmedarling Cookies And Content S... - Improper Access Control

Title source: rule

Description

Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.

Exploits (1)

nomisec WORKING POC 1 stars

by piotrmaciejbednarski · poc

https://github.com/piotrmaciejbednarski/CVE-2025-51529

View Code ZIP pw:eip

References (4)

[Not Applicable] http://cookies.com

[Not Applicable] http://johan.com

[Product] https://gist.github.com/piotrmaciejbednarski/f738145c0ab24a110649dc16907e395b

[Exploit, Third Party Advisory] https://github.com/piotrmaciejbednarski/CVE-2025-51529

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 28.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

followmedarling/cookies_and_content_security_policy < 2.29

Published Aug 19, 2025

Tracked Since Feb 18, 2026