WordPress Plugin Vulnerabilities

WP-Piwik <= 1.0.10 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The WP-Matomo Integration (WP-Piwik) WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-piwik
Fixed in 1.0.10

References

URL
https://www.pluginvulnerabilities.com/2016/08/29/persistent-cross-site-scripting-xss-vulnerability-in-wp-piwik/
URL
https://plugins.trac.wordpress.org/changeset/1489152/wp-piwik

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Claude Godlewski
Verified
No
WPVDB ID
aaf48d3b-52be-4e6e-9c13-05ba3295d3ff

Timeline

Publicly Published
2016-09-02 (about 9 years ago)
Added
2016-09-06 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2017-07-31
Title
Event List < 0.7.10 - XSS
Published
2016-01-06
Title
WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
Published
2025-12-12
Title
Livemesh SiteOrigin Widgets < 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets
Published
2024-06-28
Title
Atarim < 3.32 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2026-05-11
Title
Shortcodely <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'widget_area' Shortcode Attribute