CVE-2025-34104

An authenticated remote code execution vulnerability exists in Piwik now Matomo versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP archive, leading to arbitrary PHP code...

CVE-2013-1844

Cross-site scripting XSS vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...