/!\ important /!\

There's news going around that a js-injection vulnerability has been discovered in Pleroma. Akkoma may also be affected. I'll look into it as soon as I can.

For now I recommend creating a separate user for moderation/admin access, take those privileges away from your current user, and revoke all active auth-tokens via settings > Security > section "OAuth tokens" (this implies you will need to log in again)

I'll send an update once I can look into it more properly and know more.