https://github.com/randomrobbiebf/cve-2023-40600

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log
https://github.com/randomrobbiebf/cve-2023-40600

Last synced: 4 months ago
JSON representation

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

Host: GitHub
URL: https://github.com/randomrobbiebf/cve-2023-40600
Owner: RandomRobbieBF
Created: 2023-11-20T19:05:50.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-11-20T19:06:43.000Z (over 2 years ago)
Last Synced: 2025-07-27T14:05:24.482Z (11 months ago)
Size: 1000 Bytes
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2023-40600
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

### Description

The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debug_log function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled.

```
Severity: medium
CVE ID: CVE-2023-40600
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Plugin Slug: ewww-image-optimizer
WPScan URL: https://www.wpscan.com/plugin/ewww-image-optimizer
Reference URL: https://www.wordfence.com/threat-intel/vulnerabilities/id/d20ff1a8-8794-41e1-9e66-1cda90f9ff77?source=api-prod
Diff URL: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2964259%40ewww-image-optimizer&old=2941029%40ewww-image-optimizer&sfp_email=&sfph_mail=
```

POC
---

```
/wp-content/plugins/ewww-image-optimizer/debug.log
```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/randomrobbiebf/cve-2023-40600

Awesome Lists containing this project

README