CVE-2021-41836: 
WordPress vulnerability analysis and mitigation

The Fathom Analytics WordPress plugin version 3.0.4 and earlier contained a Stored Cross-Site Scripting (XSS) vulnerability. The issue was discovered in December 2021 and was assigned CVE-2021-41836. The vulnerability affected the Analytics tab functionality due to insufficient input validation and escaping (NVD).

The vulnerability was rated with a CVSS score of 4.8 (Medium) severity. The issue stemmed from insufficient input validation and escaping in the Analytics tab functionality, which could allow attackers to inject malicious scripts. The vulnerability was particularly concerning in multi-site WordPress installations, where it could be exploited to gain access to super administrator accounts (Wordfence).

If exploited, the vulnerability could allow an administrator to inject XSS code into the Analytics tab and potentially gain unauthorized access to super administrator accounts on WordPress multi-site installations. This could lead to privilege escalation and compromise of the affected WordPress sites (WordPress Plugin Repository).

The vulnerability was patched in Fathom Analytics version 3.0.5, released on December 7, 2021. Site administrators are strongly advised to update to this version or later to protect against this security issue (WordPress Plugin Repository).