3 matches found
CVE-2023-40600
Affected software: WordPress EWWW Image Optimizer plugin ≤ 7.2.0. Vulnerability: Sensitive information exposure via the debug_log function, allowing unauthenticated access to sensitive debug data when debug logging is enabled. Root cause/vector: debug_log writes internal data to logs accessible t...
CVE-2016-20010
The CVE-2016-20010 vulnerability affects the WordPress plugin EWWW Image Optimizer prior to 2.8.5. The issue arises because it relies on a protection mechanism involving boolval that is not available before PHP 5.5, enabling remote command execution on affected installations. Affected product: EW...
CVE-2020-36750
The CVE-2020-36750 entry concerns the WordPress EWWW Image Optimizer plugin. Affected component: ewww_ngg_bulk_init() function in versions up to and including 5.8.1. Root cause: insufficient nonce validation leads to a Cross-Site Request Forgery (CSRF). Impact: unauthenticated attackers could tri...