7.5
CVE-2023-40600
- EPSS 2.04%
- Veröffentlicht 30.11.2023 15:15:07
- Zuletzt bearbeitet 29.04.2026 10:16:15
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
LoginWordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.
Mögliche Gegenmaßnahme
EWWW Image Optimizer: Update to version 7.2.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ewww ≫ Image Optimizer SwPlatformwordpress Version < 7.2.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
EWWW Image Optimizer
Version
*-7.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.04% | 0.786 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| audit@patchstack.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/d20ff1a8-8794-41e1-9e66-1cda90f9ff77