VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Apr 10, 2024

EWWW Image Optimizer Vulnerabilities

Review known vulnerability records for the WordPress plugin EWWW Image Optimizer (`ewww-image-optimizer`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-31924 and CVE-2023-40600, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
1
Patch Coverage
100%
Last Updated
May 07, 2024
Priority CVE Quick Links

Fast paths into EWWW Image Optimizer CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2016-20010 Critical 2.8.5
CVE-2016-20010 EWWW Image Optimizer Remote Code Execution

EWWW Image Optimizer <= 2.8.4 - Remote Code Execution

CVE-2014-6243 Medium 2.0.2
CVE-2014-6243 EWWW Image Optimizer Cross-Site Scripting

EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting

CVE-2023-40600 Medium 7.2.1
CVE-2023-40600 EWWW Image Optimizer Sensitive Information Exposure

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

CVE-2024-31924 Medium 7.3.0
CVE-2024-31924 EWWW Image Optimizer Cross-Site Request Forgery

EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery

CVE-2020-36750 Medium 5.9
CVE-2020-36750 EWWW Image Optimizer Cross-Site Request Forgery

EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for EWWW Image Optimizer so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 0 high severity findings.
Recent CVEs
CVE-2024-31924 and CVE-2023-40600
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for EWWW Image Optimizer

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-31924
CVE-2024-31924: EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery

The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.3. This is due to missing or incorrect nonce validation on the check_for_optin() and check_for_optout() functions. This makes it possible for unauth...

Published
Apr 10, 2024
Patched Release
7.3.0
Affected Versions
Versions up to 7.2.3
Next Step
Update to 7.3.0 or newer if supported.
Open CVE-2024-31924 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-40600
CVE-2023-40600: EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

The EWWW Image Optimizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.0 via the debug_log function. This makes it possible for unauthenticated attackers to extract sensitive debug data when debug logging is enabled...

Published
Nov 14, 2023
Patched Release
7.2.1
Affected Versions
Versions up to 7.2.0
Next Step
Update to 7.2.1 or newer if supported.
Open CVE-2023-40600 Report Open CVE Reference
Plugin Medium Patched: Yes
EWWW Image Optimizer <= 7.2.0 - Sensitive Information Exposure

The EWWW Image Optimizer for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.2.0 due to the plugin saving debug logs in predictable locations. This can allow unauthenticated attackers to obtain information about installation paths, fi...

Published
Sep 08, 2023
Patched Release
7.2.1
Affected Versions
Versions before 7.2.1
Next Step
Update to 7.2.1 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2020-36750
CVE-2020-36750: EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass

The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to pe...

Published
Sep 06, 2020
Patched Release
5.9
Affected Versions
Versions up to 5.8.1
Next Step
Update to 5.9 or newer if supported.
Open CVE-2020-36750 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2016-20010
CVE-2016-20010: EWWW Image Optimizer <= 2.8.4 - Remote Code Execution

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. Version 2.8.4 provides a partial fix.

Published
Jun 08, 2016
Patched Release
2.8.5
Affected Versions
Versions up to 2.8.4
Next Step
Update to 2.8.5 or newer if supported.
Open CVE-2016-20010 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2014-6243
CVE-2014-6243: EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properl...

Published
Oct 09, 2014
Patched Release
2.0.2
Affected Versions
Versions up to 2.0.1
Next Step
Update to 2.0.2 or newer if supported.
Open CVE-2014-6243 Report Open CVE Reference