WordPress Plugin Vulnerabilities

WP-Piwik <= 1.0.4 - Cross-Site Scripting (XSS)

Description

The WP-Matomo Integration (WP-Piwik) WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-piwik
Fixed in 1.0.5

References

CVE
CVE-2015-9405
URL
https://github.com/braekling/WP-Piwik/commit/5110bfdb437a9f19b185ba8af33776fcb5e19940

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
70c62011-a2ce-4a81-8ab8-25acaa26a931

Timeline

Publicly Published
2015-10-13 (about 10 years ago)
Added
2015-10-15 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-20
Title
LSX Tour Operator < 2.0.0 - Author+ Stored XSS via SVG File Upload
Published
2022-12-20
Title
Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS
Published
2024-10-25
Title
Editor Custom Color Palette < 3.3.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Published
2024-10-14
Title
Primary Addon for Elementor < 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-29
Title
JetSmartFilters < 3.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting