Okay, that's good enough for now, because your answer to #1 gives some clue. Sudo expects a password to be entered, at least that has to be corrected for your approach to work.
#2 confirms it is owned by root and is SUID, so the error in the log should'f be taken literally.
Add "NOPASSWD" to the sudoers line for www-data and try it again.
I.e. it should become
www-data ALL=(ALL:ALL) NOPASSWD:ALL
ADDED LATER: (and when you have it setup and tested I'd suggest you to narrow this down from ALL to just your script, a bit more secure setup)