cleantalk
Vulnerabilities and Security Researches

Cookies and Content Security Policy, CVE-2025-51529

CVE, Research URL

CVE-2025-51529

Home page URL

Security reports for Cookies and Content Security Policy

Application

Cookies and Content Security Policy

Published on
Aug 19, 2025
Research Description
Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.
Affected versions
Min -, max 2.29.
Status
vulnerable
Previous vulnerability researches
Flexible Map (CVE-2025-8622) , Aug 20, 2025
New vulnerability
WP Activity Log , Aug 21, 2025
Online Booking & Scheduling Calendar for WordPress by vcita (CVE-2025-54677) , Aug 21, 2025
Superb Addons – WordPress Editor Blocks & Patterns and Elementor Sections & Elements , Aug 21, 2025
PHP Compatibility Checker , Aug 21, 2025
Infility Global (CVE-2025-47650) , Aug 21, 2025