WordPress · Jonkastonka Cookies/Content Security Policy · CVE-2025-51529
Name of the Vulnerable Software and Affected Versions:
jonkastonka Cookies and Content Security Policy plugin versions through 2.29
Description:
Incorrect access control in the AJAX endpoint functionality allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the `wp ajax nopriv cacsp insert consent data` endpoint.
Recommendations:
Update jonkastonka Cookies and Content Security Policy plugin to a version later than 2.29.