Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-4774: Changeset 2969705 for wp-piwik – WordPress Plugin Repository

The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp-piwik’ shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#vulnerability#web#java#wordpress#php#auth

wp-piwik/trunk/README.md

r1799568

r2969705

1

# WP-Matomo (former WP-Piwik)

1

# Connect Matomo (former WP-Matomo, WP-Piwik)

2

2

3

3

This [WordPress](https://wordpress.org) plugin adds a [Matomo](http://matomo.org) stats site to your blog’s dashboard. It’s also able to add the Matomo tracking code to your blog.

7

7

To use this plugin you will need your own Matomo instance. If you do not already have a Matomo setup, you have two simple options: use either [self-hosted](http://matomo.org/) or [cloud-hosted](http://matomo.org/hosting/).

8

8

9

This repository was created to develop and maintain WP-Matomo (WP-Piwik). Please see the WordPress plugin directory if you like to use this plugin: https://wordpress.org/plugins/wp-piwik/

9

This repository was created to develop and maintain Connect Matomo (WP-Matomo, WP-Piwik). Please see the WordPress plugin directory if you like to use this plugin: https://wordpress.org/plugins/wp-piwik/

wp-piwik/trunk/classes/WP_Piwik.php

r2915519

r2969705

4

4

5

5

/**

6

* The main WP-Matomo class configures, registers and manages the plugin

6

* The main Connect Matomo class configures, registers and manages the plugin

7

7

*

8

8

* @author André Bräkling [email protected]

11

11

class WP_Piwik {

12

12

13

private static $revisionId = 2023052101, $version = '1.0.28', $blog\_id, $pluginBasename = NULL, $logger, $settings, $request, $optionsPageId;

13

private static $revisionId = 2023091601, $version = '1.0.29', $blog\_id, $pluginBasename = NULL, $logger, $settings, $request, $optionsPageId;

14

14

15

15

/\*\*

197

197

 \*/

198

198

private function installPlugin($isUpdate = false) {

199

    self::$logger->log ( 'Running WP-Matomo installation' );

199

    self::$logger->log ( 'Running Connect Matomo installation' );

200

200

    if (! $isUpdate)

201

201

        $this->addNotice ( 'install', sprintf ( \_\_ ( '%s %s installed.', 'wp-piwik' ), self::$settings->getNotEmptyGlobalOption ( 'plugin\_display\_name' ), self::$version ), \_\_ ( 'Next you should connect to Matomo', 'wp-piwik' ) );

208

208

 \*/

209

209

public function uninstallPlugin() {

210

    self::$logger->log ( 'Running WP-Matomo uninstallation' );

210

    self::$logger->log ( 'Running Connect Matomo uninstallation' );

211

211

    if (! defined ( 'WP\_UNINSTALL\_PLUGIN' ))

212

212

        exit ();

219

219

 \*/

220

220

private function updatePlugin() {

221

    self::$logger->log ( 'Upgrade WP-Matomo to ' . self::$version );

221

    self::$logger->log ( 'Upgrade Connect Matomo to ' . self::$version );

222

222

    $patches = glob ( dirname ( \_\_FILE\_\_ ) . DIRECTORY\_SEPARATOR . '..' . DIRECTORY\_SEPARATOR . 'update' . DIRECTORY\_SEPARATOR . '\*.php' );

223

223

    $isPatched = false;

wp-piwik/trunk/classes/WP_Piwik/Admin/Settings.php

r2915519

r2969705

104

104

105

105

    if (! self::$wpPiwik->isConfigured ())

106

        $this->showBox ( 'updated', 'info', sprintf ( '%s <a href="%s">%s</a> %s <a href="%s">%s</a>.', \_\_ ( 'WP-Matomo is a WordPress plugin to show a selection of Matomo stats in your WordPress admin dashboard and to add and configure your Matomo tracking code. To use this you will need your own Matomo instance. If you do not already have a Matomo setup, you have two simple options: use either', 'wp-piwik' ), 'http://piwik.org/', \_\_ ( 'a self-hosted Matomo', 'wp-piwik' ), \_\_ ( 'or', 'wp-piwik' ), 'https://www.innocraft.cloud/?pk\_campaign=WP-Matomo', \_\_ ( 'a cloud-hosted Matomo by InnoCraft', 'wp-piwik' ) ) );

106

        $this->showBox ( 'updated', 'info',  \_\_ ( 'Before you can complete the setup, make sure you have a Matomo instance running. If you don\\'t have one, you can', 'wp-piwik' ) .' <a href="https://matomo.org/start-free-analytics-trial/" target="\_blank">' . \_\_ ('create a free account', 'wp-piwik' ) .'</a> ' . \_\_ ('or ', 'wp-piwik' ) .'<a href="https://wordpress.org/plugins/matomo/" target="\_blank">' . \_\_ ('install the "Matomo for WordPress" plugin', 'wp-piwik' ) .'</a> ' . \_\_ ('instead.', 'wp-piwik' ) );

107

107

108

108

    if (! function\_exists ( 'curl\_init' ) && ! ini\_get ( 'allow\_url\_fopen' ))

395

395

396

396

/\*\*

397

 \* Show an option's description

398

 \*

399

 \* @param string $id option id

400

 \* @param string $description option description

401

 \* @param boolean $hideDescription set to false to show description initially (default: true)

402

 \* @return string full description HTML

403

 \*/

404

private function getDescription($id, $description, $hideDescription = true) {

405

    return sprintf ( '<span class="dashicons dashicons-editor-help" onclick="jQuery(\\'#%s-desc\\').toggleClass(\\'hidden\\');"></span> <p class="description' . ($hideDescription ? ' hidden' : '') . '" id="%1$s-desc">%s</p>', $id, $description );

406

}

407

408

/\*\*

409

397

 \* Show a checkbox option

410

398

 \*

418

406

 \*/

419

407

private function showCheckbox($id, $name, $description, $isHidden = false, $groupName = '', $hideDescription = true, $onChange = '') {

420

    printf ( '<tr class="' . $groupName . ($isHidden ? ' hidden' : '') . '"><th scope="row"><label for="%2$s">%s</label>:</th><td><input type="checkbox" value="1"' . (self::$settings->getGlobalOption ( $id ) ? ' checked="checked"' : '') . ' onchange="jQuery(\\'#%s\\').val(this.checked?1:0);%s" /><input id="%2$s" type="hidden" name="wp-piwik\[%2$s\]" value="' . ( int ) self::$settings->getGlobalOption ( $id ) . '" /> %s</td></tr>', $name, $id, $onChange, $this->getDescription ( $id, $description, $hideDescription ) );

421

}

408

    $this->showInputWrapper($id, $name, $description, $isHidden, $groupName, $hideDescription, function() use ($id, $onChange) {

409

        ?>

410

        <input type="checkbox" value="1" <?=(self::$settings->getGlobalOption ( $id ) ? ' checked="checked"' : '')?> onchange="jQuery('<?=$onChange?>').val(this.checked?1:0);" />

411

        <input id="<?=$id?>" type="hidden" name="wp-piwik\[<?=$id?>\]" value="<?=( int ) self::$settings->getGlobalOption ( $id )?>" />

412

        <?php

413

    });

414

}

415

416

/\*\*

417

 \* Display the input with the extra elements around it

418

 \*

419

 \* @param string $id option id

420

 \* @param string $name descriptive option name

421

 \* @param string $description option description

422

 \* @param boolean $isHidden set to true to initially hide the option (default: false)

423

 \* @param string $groupName define a class name to access a group of option rows by javascript (default: empty)

424

 \* @param boolean $hideDescription $hideDescription set to false to show description initially (default: true)

425

 \* @param callable $input function to inject the input into the wrapper

426

 \* @param string $rowName define a class name to access the specific option row by javascript (default: empty)

427

 \*

428

 \* @return void

429

 \*/

430

private function showInputWrapper($id, $name, $description, $isHidden, $groupName, $hideDescription, $input, $rowName = false) {

431

    ?>

432

    <tr class="<?=$groupName?> <?=$rowName?> <?=$isHidden ? 'hidden': ''?>">

433

        <td colspan="2" class="wp-piwik-input-row">

434

            <label for="<?=$id?>"><?= \_\_( $name, 'wp-piwik' ) ?>:</label>

435

            <?php $input()?>

436

            <?php if (!empty($description)) : ?>

437

                <span class="dashicons dashicons-editor-help" onclick="jQuery('#<?=$id?>-desc').toggleClass('hidden');"></span>

438

                <p class="description <?=$hideDescription ? 'hidden' : '' ?>" id="<?=$id?>-desc">

439

                    <?= \_\_( $description, 'wp-piwik' ) ?>

440

                </p>

441

            <?php endif; ?>

442

        </td>

443

    </tr>

444

    <?php

445

}

422

446

423

447

/\*\*

436

460

 \*/

437

461

private function showTextarea($id, $name, $rows, $description, $isHidden, $groupName, $hideDescription = true, $onChange = '', $isReadonly = false, $global = true) {

438

    printf (

439

        '<tr class="' . $groupName . ($isHidden ? ' hidden' : '') . '"><th scope="row"><label for="%2$s">%s</label>:</th><td><textarea cols="80" rows="' . $rows . '" id="%s" name="wp-piwik\[%2$s\]" onchange="%s"' . ($isReadonly ? ' readonly="readonly"' : '') . '>%s</textarea> %s</td></tr>', $name, $id, $onChange, ($global ? self::$settings->getGlobalOption ( $id ) : self::$settings->getOption ( $id )), $this->getDescription ( $id, $description, $hideDescription ) );

462

    $this->showInputWrapper($id, $name, $description, $isHidden, $groupName, $hideDescription, function() use ($id, $onChange, $rows, $isReadonly, $global) {

463

        ?>

464

            <textarea cols="80" rows="<?=$rows?>" id="<?=$id?>" name="wp-piwik\[<?=$id?>\]" onchange="<?=$onChange?>" <?=($isReadonly ? ' readonly="readonly"' : '')?>>

465

                <?=($global ? self::$settings->getGlobalOption ( $id ) : self::$settings->getOption ( $id ))?>

466

            </textarea>

467

        <?php

468

    });

440

469

}

441

470

462

491

 \*/

463

492

private function showInput($id, $name, $description, $isHidden = false, $groupName = '', $rowName = false, $hideDescription = true, $wide = false) {

464

    printf ( '<tr class="%s%s"%s><th scope="row"><label for="%5$s">%s:</label></th><td><input '.($wide?'class="wp-piwik-wide" ':'').'name="wp-piwik\[%s\]" id="%5$s" value="%s" /> %s</td></tr>', $isHidden ? 'hidden ' : '', $groupName ? $groupName : '', $rowName ? ' id="' . $groupName . '-' . $rowName . '"' : '', $name, $id, htmlentities(self::$settings->getGlobalOption( $id ), ENT\_QUOTES, 'UTF-8', false), !empty($description) ? $this->getDescription ( $id, $description, $hideDescription ) : '' );

493

    $this->showInputWrapper($id, $name, $description, $isHidden, $groupName, $hideDescription, function() use ($id) {

494

        ?>

495

        <input name="wp-piwik\[<?=$id?>\]" id="<?=$id?>" value="<?=htmlentities(self::$settings->getGlobalOption( $id ), ENT\_QUOTES, 'UTF-8', false)?>" >

496

        <?php

497

    }, $rowName);

465

498

}

466

499

479

512

 \*/

480

513

private function showSelect($id, $name, $options = array(), $description = '', $onChange = '', $isHidden = false, $groupName = '', $hideDescription = true, $global = true) {

481

    $optionList = '';

482

514

    $default = $global ? self::$settings->getGlobalOption ( $id ) : self::$settings->getOption ( $id );

483

    if (is\_array ( $options ))

484

        foreach ( $options as $key => $value )

485

            $optionList .= sprintf ( '<option value="%s"' . ($key == $default ? ' selected="selected"' : '') . '>%s</option>', $key, $value );

486

    printf ( '<tr class="' . $groupName . ($isHidden ? ' hidden' : '') . '"><th scope="row"><label for="%2$s">%s:</label></th><td><select name="wp-piwik\[%s\]" id="%2$s" onchange="%s">%s</select> %s</td></tr>', $name, $id, $onChange, $optionList, $this->getDescription ( $id, $description, $hideDescription ) );

515

516

    $this->showInputWrapper($id, $name, $description, $isHidden, $groupName, $hideDescription, function() use ($id, $onChange, $options, $default) {

517

        ?>

518

        <select name="wp-piwik\[<?=$id?>\]" id="<?=$id?>" onchange="<?=$onChange?>">

519

            <?php foreach ($options as $key => $value) : ?>

520

                <option value="<?=$key?>" <?=($key == $default ? ' selected="selected"' : '')?> ><?=$value?></option>

521

            <?php endforeach; ?>

522

        </select>

523

        <?php

524

    });

487

525

}

488

526

586

624

 \*/

587

625

public function showSupport() {

588

    ?><ul>

589

        <li><?php \_e('The best place to get help:', 'wp-piwik'); ?> <a href="https://wordpress.org/support/plugin/wp-piwik" target="\_BLANK"><?php \_e('WP-Matomo support forum','wp-piwik'); ?></a></li>

626

    ?>

627

    <h2><?php \_e('How can we help?', 'wp-piwik'); ?></h2>

628

629

    <form method="get" action="https://matomo.org" target="\_blank" rel="noreferrer noopener">

630

        <input type="text" name="s" style="width:300px;"><input type="submit" class="button-secondary" value="<?php \_e('Search on', 'wp-piwik'); ?> matomo.org">

631

    </form>

632

    <ul class="wp-piwik-help-list">

633

        <li><a target="\_blank" rel="noreferrer noopener"

634

               href="https://matomo.org/docs/"><?php \_e('User guides', 'wp-piwik'); ?></a>

635

            - <?php \_e('Learn how to configure Matomo and how to effectively analyse your data', 'wp-piwik'); ?></li>

636

        <li><a target="\_blank" rel="noreferrer noopener"

637

               href="https://matomo.org/faq/wordpress/"><?php \_e('Matomo for WordPress FAQs', 'wp-piwik'); ?></a>

638

            - <?php \_e('Get answers to frequently asked questions', 'wp-piwik'); ?></li>

639

        <li><a target="\_blank" rel="noreferrer noopener"

640

               href="https://matomo.org/faq/"><?php \_e('General FAQs', 'wp-piwik'); ?></a>

641

            - <?php \_e('Get answers to frequently asked questions', 'wp-piwik'); ?></li>

642

        <li><a target="\_blank" rel="noreferrer noopener"

643

               href="https://forum.matomo.org/"><?php \_e('Forums', 'wp-piwik'); ?></a>

644

            - <?php \_e('Get help directly from the community of Matomo users', 'wp-piwik'); ?></li>

645

        <li><a target="\_blank" rel="noreferrer noopener"

646

               href="https://glossary.matomo.org"><?php \_e('Glossary', 'wp-piwik'); ?></a>

647

            - <?php \_e('Learn about commonly used terms to make the most of Matomo Analytics', 'wp-piwik'); ?></li>

648

        <li><a target="\_blank" rel="noreferrer noopener"

649

               href="https://matomo.org/support-plans/"><?php \_e('Support Plans', 'wp-piwik'); ?></a>

650

            - <?php \_e('Let our experienced team assist you online on how to best utilise Matomo', 'wp-piwik'); ?></li>

651

        <li><a href="https://local.wordpressplugin.matomo.org/wp-admin/admin.php?page=matomo-systemreport&#038;tab=troubleshooting"><?php \_e('Troubleshooting', 'wp-piwik'); ?></a>

652

            - <?php \_e('Click here if you are having Trouble with Matomo', 'wp-piwik'); ?></li>

653

    </ul>

654

655

    <ul>

656

        <li><?php \_e('Contact Matomo support here:', 'wp-piwik'); ?> <a href="https://matomo.org/contact/" target="\_BLANK"><?php \_e('https://matomo.org/contact/','wp-piwik'); ?></a></li>

657

        <li><?php \_e('Find support for this plugin here:', 'wp-piwik'); ?> <a href="https://wordpress.org/support/plugin/wp-piwik" target="\_BLANK"><?php \_e('WP-Matomo support forum','wp-piwik'); ?></a></li>

590

658

        <li><?php \_e('Please don\\'t forget to vote the compatibility at the','wp-piwik'); ?> <a href="http://wordpress.org/extend/plugins/wp-piwik/" target="\_BLANK">WordPress.org Plugin Directory</a>.</li>

591

659

    </ul>

wp-piwik/trunk/classes/WP_Piwik/Settings.php

r2915519

r2969705

58

58

        ),

59

59

        'perpost\_stats' => "disabled",

60

        'plugin\_display\_name' => 'WP-Matomo',

60

        'plugin\_display\_name' => 'Connect Matomo',

61

61

        'piwik\_shortcut' => false,

62

62

        'shortcodes' => false,

wp-piwik/trunk/classes/WP_Piwik/Widget/OptOut.php

r2057495

r2969705

1

1

<?php

2

2

3

namespace WP\_Piwik\\Widget;

3

namespace WP_Piwik\Widget;

4

4

5

class OptOut extends \\WP\_Piwik\\Widget {

6

7

    public $className = \_\_CLASS\_\_;

8

9

    protected function configure($prefix = '', $params = array()) {

10

        $this->parameter = $params;

11

    }

5

class OptOut extends \WP_Piwik\Widget

6

{

12

7

13

    public function show() {

14

        $protocol = (isset ( $\_SERVER \['HTTPS'\] ) && $\_SERVER \['HTTPS'\] != 'off') ? 'https' : 'http';

15

        switch (self::$settings->getGlobalOption ( 'piwik\_mode' )) {

16

            case 'php' :

17

                $PIWIK\_URL = $protocol . ':' . self::$settings->getGlobalOption ( 'proxy\_url' );

18

                break;

19

            case 'cloud' :

20

                $PIWIK\_URL = 'https://' . self::$settings->getGlobalOption ( 'piwik\_user' ) . '.innocraft.cloud/';

21

                break;

22

            case 'cloud-matomo':

23

                $PIWIK\_URL = 'https://' . self::$settings->getGlobalOption ( 'matomo\_user' ) . '.matomo.cloud/';

24

                break;

25

            default :

26

                $PIWIK\_URL = self::$settings->getGlobalOption ( 'piwik\_url' );

27

        }

28

        $this->out ( '<iframe frameborder="no" width="'.(isset($this->parameter\['width'\])?$this->parameter\['width'\]:'').'" height="'.(isset($this->parameter\['height'\])?$this->parameter\['height'\]:'').'" src="'.$PIWIK\_URL.'index.php?module=CoreAdminHome&action=optOut&'.(isset($this->parameter\['idsite'\])?'idsite='.$this->parameter\['idsite'\].'&':'').'language='.(isset($this->parameter\['language'\])?$this->parameter\['language'\]:'en').'"></iframe>' );

29

    }

30

31

}

8

public $className = \_\_CLASS\_\_;

9

10

protected function configure($prefix = '', $params = array())

11

{

12

    $this->parameter = $params;

13

}

14

15

public function show()

16

{

17

    $protocol = (isset ($\_SERVER \['HTTPS'\]) && $\_SERVER \['HTTPS'\] != 'off') ? 'https' : 'http';

18

    switch (self::$settings->getGlobalOption('piwik\_mode')) {

19

        case 'php' :

20

            $PIWIK\_URL = $protocol . ':' . self::$settings->getGlobalOption('proxy\_url');

21

            break;

22

        case 'cloud' :

23

            $PIWIK\_URL = 'https://' . self::$settings->getGlobalOption('piwik\_user') . '.innocraft.cloud/';

24

            break;

25

        case 'cloud-matomo':

26

            $PIWIK\_URL = 'https://' . self::$settings->getGlobalOption('matomo\_user') . '.matomo.cloud/';

27

            break;

28

        default :

29

            $PIWIK\_URL = self::$settings->getGlobalOption('piwik\_url');

30

    }

31

    $width = (isset($this->parameter\['width'\]) ? esc\_attr($this->parameter\['width'\]) : '');

32

    $height = (isset($this->parameter\['height'\]) ? esc\_attr($this->parameter\['height'\]) : '');

33

    $idSite = (isset($this->parameter\['idsite'\]) ? 'idsite=' . (int)$this->parameter\['idsite'\] . '&' : '');

34

    $language = (isset($this->parameter\['language'\]) ? esc\_url($this->parameter\['language'\]) : 'en');

35

    $this->out('<iframe frameborder="no" width="' . $width . '" height="' . $height . '" src="' . $PIWIK\_URL . 'index.php?module=CoreAdminHome&action=optOut&' . $idSite . 'language=' . $language . '"></iframe>');

36

}

37

38

}

wp-piwik/trunk/css/wp-piwik.css

r1203337

r2969705

1

1

.wp-piwik-hidden {

2

2

display: none;

3

}

4

5

.wp-piwik-help-list {

6

list-style-type: disc;

7

margin-left: 20px;

8

}

9

10

.wp-piwik-input-row label {

11

display: block;

12

}

13

14

.wp-piwik-input-row input[type=text], .wp-piwik-input-row input:not([type]) {

15

width: 70%;

16

}

17

18

.wp-piwik-input-row p {

19

width: 70%;

3

20

}

4

21

wp-piwik/trunk/languages/wp-piwik.pot

r2057495

r2969705

81

81

“your sites as different websites.”

82

82

msgstr “”

83

"You are running a WordPress %s blog network (WPMU). Connect Matomo will handle "

84

“your sites as different websites.”

83

85

84

86

#: classes/WP_Piwik/Admin/Settings.php:62

88

90

“the »Connect to Matomo« section below.”

89

91

msgstr “”

92

"Connect Matomo %s was not able to connect to Matomo using your configuration. Check "

93

“the »Connect to Matomo« section below.”

90

94

91

95

#: classes/WP_Piwik/Admin/Settings.php:64

95

99

“During connection the following error occured: <br /><code>%s</code>”

96

100

msgstr “”

101

"Connect Matomo %s was not able to connect to Matomo using your configuration. "

102

“During connection the following error occured: <br /><code>%s</code>”

97

103

98

104

#: classes/WP_Piwik/Admin/Settings.php:67

102

108

“Matomo« section below.”

103

109

msgstr “”

110

"Connect Matomo %s has to be connected to Matomo first. Check the »Connect to "

111

“Matomo« section below.”

104

112

105

113

#: classes/WP_Piwik/Admin/Settings.php:71

130

138

“have a Matomo setup, you have two simple options: use either”

131

139

msgstr “”

140

"Connect Matomo is a WordPress plugin to show a selection of Matomo stats in your "

141

"WordPress admin dashboard and to add and configure your Matomo tracking code. "

142

"To use this you will need your own Matomo instance. If you do not already "

143

“have a Matomo setup, you have two simple options: use either”

132

144

133

145

#: classes/WP_Piwik/Admin/Settings.php:106

148

160

“and not connect to InnoCraft Cloud.”

149

161

msgstr “”

162

"Neither cURL nor fopen are available. So Connect Matomo can not use the HTTP API "

163

“and not connect to InnoCraft Cloud.”

150

164

151

165

#: classes/WP_Piwik/Admin/Settings.php:109

168

182

“configurations. WP-Matomo will connect to Matomo using http(s).”

169

183

msgstr “”

184

"This is the default option for a self-hosted Matomo and should work for most "

185

“configurations. Connect Matomo will connect to Matomo using http(s).”

170

186

171

187

#: classes/WP_Piwik/Admin/Settings.php:111

251

267

“If your blog is not added to Matomo yet, WP-Matomo will add a new site.”

252

268

msgstr “”

269

"Check this to automatically choose your blog from your Matomo sites by URL. "

270

“If your blog is not added to Matomo yet, Connect Matomo will add a new site.”

253

271

254

272

#: classes/WP_Piwik/Admin/Settings.php:131

257

275

“WP-Matomo %s was not able to get sites with at least view access: <br /><code>”

258

276

“%s</code>”

259

msgstr “”

277

msgstr “Connect Matomo %s was not able to get sites with at least view access: <br /><code>”

278

“%s</code>”

260

279

261

280

#: classes/WP_Piwik/Admin/Settings.php:141

401

420

#: classes/WP_Piwik/Admin/Settings.php:195

402

421

msgid “WP-Matomo display name”

403

msgstr “”

422

msgstr “Connect Matomo display name”

404

423

405

424

#: classes/WP_Piwik/Admin/Settings.php:195

425

444

“tracking code.”

426

445

msgstr “”

446

"Connect Matomo will not add the tracking code. Use this, if you want to add the "

447

"tracking code to your template files or you use another plugin to add the "

448

“tracking code.”

427

449

428

450

#: classes/WP_Piwik/Admin/Settings.php:208

779

801

“or Cloud mode.”

780

802

msgstr “”

803

"Choose whether Connect Matomo should use cURL or fopen to connect to Matomo in HTTP "

804

“or Cloud mode.”

781

805

782

806

#: classes/WP_Piwik/Admin/Settings.php:305

796

820

#: classes/WP_Piwik/Admin/Settings.php:308

797

821

msgid “Choose whether WP-Matomo should use POST or GET in HTTP or Cloud mode.”

798

msgstr “”

822

msgstr “Choose whether Connect Matomo should use POST or GET in HTTP or Cloud mode.”

799

823

800

824

#: classes/WP_Piwik/Admin/Settings.php:310

907

931

#: classes/WP_Piwik/Admin/Settings.php:338

908

932

msgid “Show always if WP-Matomo is updated”

909

msgstr “”

933

msgstr “Show always if Connect Matomo is updated”

910

934

911

935

#: classes/WP_Piwik/Admin/Settings.php:339

912

936

msgid “Show only if WP-Matomo is updated and settings were changed”

913

msgstr “”

937

msgstr “Show only if Connect Matomo is updated and settings were changed”

914

938

915

939

#: classes/WP_Piwik/Admin/Settings.php:341

1005

1029

“much better.”

1006

1030

msgstr “”

1031

"Thank you very much, all users who send me mails containing criticism, "

1032

"commendation, feature requests and bug reports! You help me to make Connect Matomo "

1033

“much better.”

1007

1034

1008

1035

#: classes/WP_Piwik/Admin/Settings.php:565

wp-piwik/trunk/readme.txt

r2915519

r2969705

1

=== WP-Matomo Integration (WP-Piwik) ===

1

=== Connect Matomo (WP-Matomo, WP-Piwik) ===

2

2

3

3

Contributors: Braekling

4

4

Requires at least: 5.0

5

5

Tested up to: 6.2

6

Stable tag: 1.0.28

6

Stable tag: 1.0.29

7

7

Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6046779

8

8

Tags: matomo, tracking, statistics, stats, analytics

143

143

144

144

== Changelog ==

145

146

= 1.0.29 =

147

* Rename plugin to “Connect Matomo”

148

* Fix a XSS vulnerability

145

149

146

150

= 1.0.28 =

wp-piwik/trunk/wp-piwik.php

r2915524

r2969705

1

1

<?php

2

2

/*

3

Plugin Name: WP-Matomo Integration

3

Plugin Name: Connect Matomo

4

4

5

5

Plugin URI: http://wordpress.org/extend/plugins/wp-piwik/

7

7

Description: Adds Matomo statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.

8

8

9

Version: 1.0.28

9

Version: 1.0.29

10

10

Author: André Bräkling

11

11

Author URI: https://www.braekling.de

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE