Skip to content
/ CVE-2023-40600 Public

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RandomRobbieBF/CVE-2023-40600

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2023-40600

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

Description

The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debug_log function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled.

Severity: medium
CVE ID: CVE-2023-40600
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Plugin Slug: ewww-image-optimizer
WPScan URL: https://www.wpscan.com/plugin/ewww-image-optimizer
Reference URL: https://www.wordfence.com/threat-intel/vulnerabilities/id/d20ff1a8-8794-41e1-9e66-1cda90f9ff77?source=api-prod
Diff URL: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2964259%40ewww-image-optimizer&old=2941029%40ewww-image-optimizer&sfp_email=&sfph_mail=

POC

 /wp-content/plugins/ewww-image-optimizer/debug.log

About

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published