Vulnerabilities and security researches forewww-image-optimizer ewww-image-optimizer

Jun 07, 2024

CVE, Research URL: CVE-2023-40600
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: Nov 30, 2023
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2016-20010
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: May 05, 2021
Research Description: EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2014-6243
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: Oct 10, 2014
Research Description: Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: -
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: Jun 07, 2023
Research Description: Rejected reason: CVE split into individual CVE IDs for each software record.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-36750
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: Jul 12, 2023
Research Description: The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-31924
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: Apr 10, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3.
Affected versions: Min -, max -.
Status: vulnerable

Jun 25, 2025

PSC, Research URL: PSC-2025-64576
Home page URL: Security reports for EWWW Image Optimizer
Application: EWWW Image Optimizer
Date: Jun 25, 2025
Research Description: EWWW Image Optimizer (EWWW IO) is a high-performance WordPress plugin designed to enhance site speed and SEO by automatically optimizing image files across your entire website. Whether you’re dealing with the WordPress Media Library, theme assets, or third-party plugin images, EWWW IO ensures that every image is compressed efficiently without compromising quality. The plugin supports a wide range of formats, including JPG, PNG, WebP, SVG, PDF, and the next-gen AVIF, with adaptive and intelligent conversion to deliver optimal file types for every use case. EWWW IO can perform all optimizations locally on your server using powerful image processing tools or offload them to specialized servers via Easy IO CDN. With features such as lazy loading, bulk optimization, WebP/AVIF conversion, and comprehensive plugin compatibility, it serves as a complete image performance suite. EWWW IO is not only built for speed but also engineered with strong security practices, having earned the Plugin Security Certification (PSC) from CleanTalk.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED