The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debug_log function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled. [已公开] id: CVE-2023-40600 info: name: EWWW Image Optimizer <= 7.2.0 - Unauthenticated Information Disclosure author: Shivam Kamboj severity: medium description: | The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debug_log function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled. impact: Attackers can access sensitive embedded data, potentially leading to information disclosure and further exploitation. remediation: Remove debug information and update to the latest version of EWWW Image Optimizer. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-40600 - https://patchstack.com/database/wordpress/plugin/ewww-image-optimizer/vulnerability/wordpress-ewww-image-optimizer-plugin-7-2-0-sensitive-data-exposure-vulnerability - https://www.wordfence

未知