CVE-2023-40600 WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure

🗓️ 30 Nov 2023 15:00:09Reported by PatchstackType

WordPress EWWW Image Optimizer Plugin Sensitive Data Exposur

Reporter	Title	Published	Views	Family All 15
GithubExploit	Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ewww Image_Optimizer	20 Nov 202319:05	–	githubexploit
Circl	CVE-2023-40600	1 Dec 202314:37	–	circl
CNNVD	WordPress Plugin EWWW Image Optimizer Information Disclosure Vulnerability	30 Nov 202300:00	–	cnnvd
CVE	CVE-2023-40600	30 Nov 202315:00	–	cve
Nuclei	EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure	3 Apr 202607:34	–	nuclei
NVD	CVE-2023-40600	30 Nov 202315:15	–	nvd
OpenVAS	WordPress EWWW Image Optimizer Plugin < 7.2.1 Information Disclosure Vulnerability	4 Dec 202300:00	–	openvas
Patchstack	WordPress EWWW Image Optimizer Plugin <= 7.2.0 is vulnerable to Sensitive Data Exposure	14 Nov 202300:00	–	patchstack
Prion	Code injection	30 Nov 202315:15	–	prion
Positive Technologies	PT-2023-27531	30 Nov 202300:00	–	ptsecurity

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ewww-image-optimizer",
    "product": "EWWW Image Optimizer",
    "vendor": "Exactly WWW",
    "versions": [
      {
        "changes": [
          {
            "at": "7.2.1",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "7.2.0",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerability

29 Apr 2026 09:51Current

7.7High risk

Vulners AI Score7.7

CVSS 3.15.3

EPSS0.46927

CWE-200