CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38766 – WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability
https://notcve.org/view.php?id=CVE-2024-38766
12 Jul 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1. The Matomo Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into perfo... • https://patchstack.com/database/wordpress/plugin/matomo/vulnerability/wordpress-matomo-analytics-plugin-5-1-0-cross-site-request-forgery-csrf-leading-to-notice-dismissal-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0195
https://notcve.org/view.php?id=CVE-2013-0195
20 Nov 2019 — Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Piwik versiones anteriores a 1.10.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. NOTA: Esta es una vulnerabilidad diferente de CVE-2013-0193 y CVE-2013-0194. • http://www.openwall.com/lists/oss-security/2013/01/17/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0194
https://notcve.org/view.php?id=CVE-2013-0194
20 Nov 2019 — Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Piwik versiones anteriores a la versión 1.10.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. NOTA: Esta es una vulnerabilidad diferente de CVE-2013-0193 y CVE-2013-0195. • http://www.openwall.com/lists/oss-security/2013/01/17/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0193
https://notcve.org/view.php?id=CVE-2013-0193
20 Nov 2019 — Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Piwik versiones anteriores a la versión 1.10.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados. NOTA: Esta es una vulnerabilidad diferente de CVE-2013-0194 y CVE-2013-0195. • http://www.openwall.com/lists/oss-security/2013/01/17/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2015-7816 – Piwik 2.14.3 PHP Object Injection
https://notcve.org/view.php?id=CVE-2015-7816
04 Nov 2015 — The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. La función DisplayTopKeywords en plugins/Referrers/Controller.php en Piwik en versiones anteriores a 2.15.0 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP, ejecutar ataques de SSRF y ejecutar código PHP arbitrario a... • https://packetstorm.news/files/id/134220 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 4CVE-2015-7815 – Piwik 2.14.3 Local File Inclusion
https://notcve.org/view.php?id=CVE-2015-7815
04 Nov 2015 — Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. Vulnerabilidad de salto de directorio en core/ViewDataTable/Factory.php en Piwik en versiones anteriores a 2.15.0 permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través del parámetro viewDataTable. Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability. • https://packetstorm.news/files/id/134219 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2013-2633
https://notcve.org/view.php?id=CVE-2013-2633
21 Mar 2013 — Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters. Piwik anterior a v1.11 acepta entradas desde una petición POST en lugar de una petición GET en circunstancias sin especificar, lo que puede permitir ataques para conseguir información a través del aprovechamiento de los parámetros del login. • http://piwik.org/blog/2013/03/piwik-1-11 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2013-1844
https://notcve.org/view.php?id=CVE-2013-1844
21 Mar 2013 — Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Piwik anterior a v1.11 que permite a atacantes remotos inyectar un script web o HTML a través de vectores no especificados. • http://piwik.org/blog/2013/03/piwik-1-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-4541
https://notcve.org/view.php?id=CVE-2012-4541
19 Nov 2012 — Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Piwik antes de v1.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://piwik.org/blog/2012/10/piwik-1-9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 67EXPL: 0CVE-2011-0399
https://notcve.org/view.php?id=CVE-2011-0399
10 Jan 2011 — Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. Piwik antes de 1.1 no previene la representación del formulario de conexión dentro de un marco en un documento HTML de terceros, lo que facilita a los atacantes remotos realizar ataques de clickjacking mediante un sitio web manipulado. • http://dev.piwik.org/trac/ticket/1679 •