CVE-2023-40600
WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.
Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Exactly WWW EWWW Image Optimizer. Solo funciona cuando debug.log está activado. Este problema afecta a EWWW Image Optimizer: desde n/a hasta 7.2.0.
The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debug_log function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-17 CVE Reserved
- 2023-11-14 CVE Published
- 2023-11-20 First Exploit
- 2024-08-02 CVE Updated
- 2024-10-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerability?_s_id=cve | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/RandomRobbieBF/CVE-2023-40600 | 2023-11-20 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ewww Search vendor "Ewww" | Image Optimizer Search vendor "Ewww" for product "Image Optimizer" | < 7.2.1 Search vendor "Ewww" for product "Image Optimizer" and version " < 7.2.1" | wordpress |
Affected
|