Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

matomoteam — Vulnerabilities & Security Advisories 3

Browse all 3 CVE security advisories affecting matomoteam. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Matomoteam develops open-source monitoring and observability solutions, primarily focused on system performance metrics and log aggregation. Their products have historically been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The team has addressed multiple CVEs in their software stack, with some instances allowing unauthorized access to sensitive monitoring data. While no major public security incidents have been documented, their consistent vulnerability pattern suggests a need for enhanced security testing in their development lifecycle.

Top products by matomoteam: Connect Matomo – Analytics Dashboard for WordPress Matomo Analytics – Powerful, Privacy-First Insights for WordPress Matomo Analytics
CVE IDTitleCVSSSeverityPublished
CVE-2024-38766 WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability — Matomo AnalyticsCWE-352 4.3 Medium2025-01-02
CVE-2023-6923 Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite — Matomo Analytics – Powerful, Privacy-First Insights for WordPressCWE-79 6.1 Medium2024-02-20
CVE-2023-4774 WP-Matomo Integration (WP-Piwik) <= 1.0.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Connect Matomo – Analytics Dashboard for WordPressCWE-79 6.4 Medium2023-09-22

This page lists every published CVE security advisory associated with matomoteam. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.