CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38766 – WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability
https://notcve.org/view.php?id=CVE-2024-38766
12 Jul 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1. The Matomo Analytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into perfo... • https://patchstack.com/database/wordpress/plugin/matomo/vulnerability/wordpress-matomo-analytics-plugin-5-1-0-cross-site-request-forgery-csrf-leading-to-notice-dismissal-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20175 – DaSchTour matomo-mediawiki-extension Username Piwik.hooks.php cross site scripting
https://notcve.org/view.php?id=CVE-2017-20175
05 Feb 2023 — A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. • https://github.com/DaSchTour/matomo-mediawiki-extension/commit/681324e4f518a8af4bd1f93867074c728eb9923d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2015-7816 – Piwik 2.14.3 PHP Object Injection
https://notcve.org/view.php?id=CVE-2015-7816
04 Nov 2015 — The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header. La función DisplayTopKeywords en plugins/Referrers/Controller.php en Piwik en versiones anteriores a 2.15.0 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP, ejecutar ataques de SSRF y ejecutar código PHP arbitrario a... • https://packetstorm.news/files/id/134220 •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 4CVE-2015-7815 – Piwik 2.14.3 Local File Inclusion
https://notcve.org/view.php?id=CVE-2015-7815
04 Nov 2015 — Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. Vulnerabilidad de salto de directorio en core/ViewDataTable/Factory.php en Piwik en versiones anteriores a 2.15.0 permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través del parámetro viewDataTable. Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability. • https://packetstorm.news/files/id/134219 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •