Does FediBoost have any unpatched vulnerabilities?

No. All known vulnerabilities in FediBoost have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FediBoost compatible with WordPress 6.9.4?

According to WordPress.org data, FediBoost 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is FediBoost compatible with PHP 7.4+?

FediBoost requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FediBoost updated?

FediBoost was last updated on Unknown. Frequent updates are generally a positive security signal.

What is FediBoost's security score?

FediBoost has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FediBoost Security & Risk Analysis

wordpress.org/plugins/fediboost

Automatically boost WordPress posts on connected Mastodon accounts when published via ActivityPub.

0 active installs v1.0.1 PHP 7.4+ WP 6.9+ Updated Unknown

activitypubboostfediversemastodonsocial

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FediBoost Safe to Use in 2026?

Generally Safe

Score 100/100

FediBoost has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The fediboost v1.0.1 plugin exhibits a strong security posture based on the provided static analysis. It has a minimal attack surface with no apparent unprotected entry points, and it heavily utilizes prepared statements for all SQL queries, which is a significant strength. The high percentage of properly escaped output and the presence of capability checks further reinforce its defensive coding practices. The vulnerability history is also exceptionally clean, with no recorded CVEs, suggesting a history of security consciousness or simply a lack of past issues.

Key Concerns

Flows with unsanitized paths detected
External HTTP requests made (potential for SSRF)
Nonce check present, but only 1 total

Vulnerabilities

None known

FediBoost Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

FediBoost Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

97% escaped34 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

handle_connect_request (admin\class-admin.php:333)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

FediBoost Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 16

actionadmin_menuadmin\class-admin.php:74

actionadmin_initadmin\class-admin.php:75

actionadmin_enqueue_scriptsadmin\class-admin.php:76

actionadmin_noticesadmin\class-admin.php:77

actionadmin_noticesadmin\class-admin.php:78

actionadmin_post_fediboost_connectadmin\class-admin.php:81

actionadmin_post_fediboost_oauth_callbackadmin\class-admin.php:82

actionadmin_initadmin\class-admin.php:85

actionadmin_noticesfediboost.php:27

actionadmin_initfediboost.php:172

actionadmin_noticesfediboost.php:202

actionadmin_noticesfediboost.php:226

actionplugins_loadedfediboost.php:251

actionwp_after_insert_postincludes\class-boost.php:93

actionactivitypub_outbox_processing_completeincludes\class-boost.php:101

actionhttp_api_curlincludes\class-oauth.php:130

Maintenance & Trust

FediBoost Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads187

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

FediBoost Alternatives

ActivityPub

activitypub

Connect your site to the Open Social Web and let millions of users follow, share, and interact with your content from Mastodon, Pixelfed, and more.

6K 5 CVEs

Enable Mastodon Apps

enable-mastodon-apps

100

Allow accessing your WordPress with Mastodon clients. Just enter your own blog URL as your instance.

600 No CVEs

Link Verification for Mastodon

link-verification-for-mastodon

An unofficial WordPress plugin to quickly verify a link on your Mastodon profile.

500 No CVEs

Add Fediverse Icons to Jetpack

add-fediverse-icons-to-jetpack

Adds Fediverse icons to Jetpack's Social Menu module.

100 No CVEs

Author rel=me Link

author-rel-me-link

100

Add a rel="me" link to the head of an author page, if the author has a website set in their profile.

0 No CVEs

Developer Profile

FediBoost Developer Profile

Brandon Kraft

6 plugins · 41K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FediBoost

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fediboost/admin/css/fediboost-admin.css/wp-content/plugins/fediboost/admin/js/fediboost-admin.js

Script Paths

/wp-content/plugins/fediboost/admin/js/fediboost-admin.js

Version Parameters

fediboost/admin/css/fediboost-admin.css?ver=fediboost/admin/js/fediboost-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

fediboost-admin-wrapfediboost-connect-buttonfediboost-oauth-buttonfediboost-reconnect-warning

HTML Comments

FediBoost Admin Wrap Start FediBoost Admin Wrap End

Data Attributes

data-fediboost-nonce

JS Globals

fediboost_admin_params

FAQ