Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6923
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it poss...
NA
CVE-2023-4774
The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
Braekling Connect Matomo
NA
CVE-2023-33211
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in André Bräkling WP-Matomo Integration (WP-Piwik) plugin <= 1.0.27 versions.
Wp-matomo Integration Project Wp-matomo Integration
NA
CVE-2023-23659
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
Mainwp Motomo
NA
CVE-2017-20175
A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to...
Mediawiki Matomo
4.3
CVSSv2
CVE-2022-33156
The matomo_integration (aka Matomo Integration) extension prior to 1.3.2 for TYPO3 allows XSS.
Matomo Integration
10
CVSSv2
CVE-2020-29578
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access.
Matomo Piwik Fpm-alpine Docker Image 3
Matomo Piwik Fpm-alpine Docker Image 3.5
Matomo Piwik Fpm-alpine Docker Image 3.5.1
Matomo Piwik Fpm-alpine Docker Image 3.6
Matomo Piwik Fpm-alpine Docker Image 3.6.0
4.3
CVSSv2
CVE-2013-0194
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
Matomo Matomo
4.3
CVSSv2
CVE-2013-0195
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
Matomo Matomo
4.3
CVSSv2
CVE-2013-0193
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
Matomo Matomo
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »