CVE-2025-51529 – This vulnerability allows remote attackers to c... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers to cause denial of service through database resource exhaustion in the jonkastonka Cookies and Content Security Policy plugin. Attackers can send unlimited database write operations to an AJAX endpoint without authentication, affecting WordPress sites using vulnerable plugin versions up to 2.29.

💻 Affected Systems

Products:

jonkastonka Cookies and Content Security Policy plugin

Versions: through version 2.29

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Cookies And Content Security Policy by Followmedarling

View all CVEs affecting Cookies And Content Security Policy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database server exhaustion leading to service unavailability, potential data corruption, and extended downtime requiring database recovery.

🟠

Likely Case

Degraded database performance, increased latency for legitimate users, and potential temporary service disruption until attack traffic stops.

🟢

If Mitigated

Minimal impact with proper rate limiting, database connection limits, and monitoring in place to detect and block excessive requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on GitHub, making this easily exploitable by attackers with basic scripting knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.30 or later

Vendor Advisory: http://cookies.com

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Cookies and Content Security Policy' plugin
4. Click 'Update Now' if update is available
5. Alternatively, download version 2.30+ from WordPress repository and replace plugin files

🔧 Temporary Workarounds

Block vulnerable endpoint via .htaccess

Apache

Prevent access to the vulnerable AJAX endpoint at web server level

RewriteEngine On
RewriteRule ^wp-admin/admin-ajax\.php\?action=cacsp_insert_consent_data - [F,L]

Implement rate limiting

all

Add rate limiting for AJAX requests at web server or application firewall level

🧯 If You Can't Patch

Temporarily disable the plugin if not critically needed
Implement WAF rules to block requests to wp_ajax_nopriv_cacsp_insert_consent_data endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for 'Cookies and Content Security Policy' version 2.29 or earlier

Check Version:

wp plugin list --name='Cookies and Content Security Policy' --field=version

Verify Fix Applied:

Confirm plugin version is 2.30 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

High frequency of POST requests to /wp-admin/admin-ajax.php with action=cacsp_insert_consent_data
Database connection errors or slow query logs showing excessive writes

Network Indicators:

Unusually high traffic to WordPress AJAX endpoints from single or multiple sources
Pattern of repeated identical POST requests

SIEM Query:

source="web_server" AND uri_path="/wp-admin/admin-ajax.php" AND query_string="*action=cacsp_insert_consent_data*" | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-51529

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-284

EPSS Score: 0.09% exploit probability (25.6th percentile)

Published: August 19, 2025

Last Updated: October 21, 2025

🔗 References

http://cookies.com Not Applicable
http://johan.com Not Applicable
https://gist.github.com/piotrmaciejbednarski/f738145c0ab24a110649dc16907e395b Product
https://github.com/piotrmaciejbednarski/CVE-2025-51529 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-51529, you might also want to check these: