5 matches found
CVE-2023-4774
The WP-Matomo Integration WP-Piwik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2023-4774
The WP-Matomo Integration WP-Piwik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2023-4774
WP-Matomo Integration (WP-Piwik) for WordPress is affected by CVE-2023-4774 via a stored XSS in the wp-piwik shortcode. Versions up to and including 1.0.28 are vulnerable due to insufficient input sanitization and output escaping on shortcode attributes, allowing authenticated attackers with cont...
CVE-2023-4774 WP-Matomo Integration (WP-Piwik) <= 1.0.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP-Matomo Integration WP-Piwik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
WordPress WP-Piwik Plugin <= 1.0.28 is vulnerable to Cross Site Scripting (XSS)
Software WP-Piwik Type Plugin Vulnerable versions = 1.0.28 Fixed in 1.0.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4774 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f64120d18a7 Credits Lana Codes Required privilege...