5.3
CVE-2025-51529
- EPSS 0.51%
- Veröffentlicht 19.08.2025 00:00:00
- Zuletzt bearbeitet 21.10.2025 14:25:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIncorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (database server resource exhaustion) via unlimited database write operations to the wp_ajax_nopriv_cacsp_insert_consent_data endpoint.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Followmedarling ≫ Cookies And Content Security Policy SwPlatformwordpress Version <= 2.29
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.391 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://cookies.com
http://johan.com
https://gist.github.com/piotrmaciejbednarski/f738145c0ab24a110649dc16907e395b
https://github.com/piotrmaciejbednarski/CVE-2025-51529