CVE-2025-51529

5.3 MEDIUM
Published: August 19, 2025 Modified: October 21, 2025
View on NVD

Description

Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://cookies.com
Source: cve@mitre.org
Not Applicable
http://johan.com
Source: cve@mitre.org
Not Applicable
https://gist.github.com/piotrmaciejbednarski/f738145c0ab24a110649dc16907e395b
Source: cve@mitre.org
Product
https://github.com/piotrmaciejbednarski/CVE-2025-51529
Source: cve@mitre.org
Exploit Third Party Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.1%
27th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-284

Affected Vendors

followmedarling

Related CVEs

CVE-2026-0824 3.5
CVE-2026-0822 6.3
CVE-2025-13393 4.3
CVE-2025-12379 6.4
CVE-2026-0821 7.3