Hello , I found a upload form that is shown to any user. We can even upload files without getting access to a panel .. Here is the upload form : http://crowdfunding.piwik.org/wp-content/plugins/ignitiondeck/templates/admin/_productForm.php
A malicious attacker could use this to upload a malicious PHP script then he will take control of your website..
Please make sure you patch it & answering me. Keywords: bug upload hacker
I couldn't find that the form uploads a file. It seems it just reloads the page without uploading the file. Thanks for the report! See http://piwik.org/security/