Vulnerabilities and security researches for include-mastodon-feed

Nov 22, 2024

CVE, Research URL: CVE-2024-11455
Home page URL: Security reports for Include Mastodon Feed
Application: Include Mastodon Feed
Date: Nov 21, 2024
Research Description: Include Mastodon Feed [include-mastodon-feed] <= 1.9.5 (unfixed) CVE-2024-11455 [en] The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-22660
Home page URL: Security reports for Include Mastodon Feed
Application: Include Mastodon Feed
Date: -
Research Description: Include Mastodon Feed [include-mastodon-feed] < 1.9.10 CVE-2025-22660
Affected versions: Min -, max -.
Status: vulnerable