CVE-2023-40600 MEDIUM

CVE-2023-40600: WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

Vendor Exactly Www
Product EWWW Image Optimizer
Weakness CWE-200 · Info exposure
Published November 30, 2023
Last update April 29, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.

Key dates

02Disclosure timeline

November 30, 2023 CVE published
April 29, 2026 Record updated