Medium severity5.3NVD Advisory· Published Nov 30, 2023· Updated Apr 29, 2026

CVE-2023-40600

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.

Affected products

Ewww/Image Optimizer
cpe:2.3:a:ewww:image_optimizer:*:*:*:*:*:wordpress:*:*
Range: <7.2.1

Patches

bee242e02d66

https://github.com/nosilver4u/ewww-image-optimizervia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerabilitynvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.038
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000