Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6923
The Matomo Analytics – Ethical Stats. Powerful Insights. plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the idsite parameter in all versions up to, and including, 4.15.3 due to insufficient input sanitization and output escaping. This makes it poss...
5.4
CVSSv3
CVE-2023-4774
The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
Braekling Connect Matomo
4.8
CVSSv3
CVE-2023-33211
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in André Bräkling WP-Matomo Integration (WP-Piwik) plugin <= 1.0.27 versions.
Wp-matomo Integration Project Wp-matomo Integration
8.8
CVSSv3
CVE-2023-23659
Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions.
Mainwp Motomo
6.1
CVSSv3
CVE-2017-20175
A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to...
Mediawiki Matomo
6.1
CVSSv3
CVE-2022-33156
The matomo_integration (aka Matomo Integration) extension prior to 1.3.2 for TYPO3 allows XSS.
Matomo Integration
9.8
CVSSv3
CVE-2020-29578
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote malicious user to achieve root access.
Matomo Piwik Fpm-alpine Docker Image 3
Matomo Piwik Fpm-alpine Docker Image 3.5
Matomo Piwik Fpm-alpine Docker Image 3.5.1
Matomo Piwik Fpm-alpine Docker Image 3.6
Matomo Piwik Fpm-alpine Docker Image 3.6.0
6.1
CVSSv3
CVE-2013-0193
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195.
Matomo Matomo
6.1
CVSSv3
CVE-2013-0194
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195.
Matomo Matomo
6.1
CVSSv3
CVE-2013-0195
Cross-site Scripting (XSS) in Piwik prior to 1.10.1 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194.
Matomo Matomo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »