Skip to main content

Fathom Analytics

1 CVEs product

Monthly

CVE-2021-41836 MEDIUM PATCH This Month

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Fathom Analytics
NVD
CVSS 3.1
4.8
EPSS
0.6%
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy