Reflected Cross-Site Scripting Vulnerability in Matomo Analytics Plugin for WordPress
CVE-2023-6923
6.1MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 29 February 2024
What is CVE-2023-6923?
The Matomo Analytics plugin for WordPress is subject to a Reflected Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This flaw allows unauthenticated attackers to inject arbitrary web scripts by manipulating the idsite parameter in all versions up to and including 4.15.3. If an unsuspecting user clicks a malicious link, this could compromise the security of their session, leading to potential data breaches or account takeover.
Affected Version(s)
Matomo Analytics – Ethical Stats. Powerful Insights. * <= 4.15.3