Johan Jonk Stenstroem WordPress Cookies and Content Security Policy Plugin Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the WordPress Cookies and Content Security Policy plugin, developed by Johan Jonk Stenstroem, and all versions prior to 2.29. The issue arises from incorrect access control in the AJAX endpoint 'wp_ajax_nopriv_cacsp_insert_consent_data', which is available to unauthenticated users. This vulnerability allows remote attackers to exhaust database server resources by sending unlimited write operations, leading to significant CPU and disk I/O exhaustion.

Impact

Exploitation of this vulnerability causes database server resource exhaustion, rapidly depleting CPU and disk I/O resources.

Reproduction

The vulnerability can be reproduced by sending concurrent POST requests to the 'wp-admin/admin-ajax.php' endpoint. Each request should include the 'action' parameter set to 'cacsp_insert_consent_data', along with 'accepted_cookies' and 'expires' data. This can be automated using a script that simulates multiple threads sending these requests, effectively overwhelming the server's database handling capacity.

Remediation

To address this vulnerability, it is recommended to add nonce verification for AJAX calls, implement rate limiting per IP address, and ensure proper validation of user inputs.