cleantalk
Vulnerabilities and Security Researches

Inactive Logout, 46dbd77684eef58bd540295eb5726e7431e5561a

CVE, Research URL

46dbd77684eef58bd540295eb5726e7431e5561a

Home page URL

Security reports for Inactive Logout

Application

Inactive Logout

Published on
Sep 20, 2023
Research Description
Inactive Logout [inactive-logout] < 3.2.3 Inactive Logout <= 3.2.2 - Missing Authorization The Inactive Logout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ina_reset_adv_settings() function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's settings.
Affected versions
max 3.2.3.
Status
vulnerable
Previous vulnerability researches
Inactive Logout (CVE-2025-11922) , Nov 10, 2025
Inactive Logout (CVE-2023-44142) , Jun 10, 2024
Inactive Logout (46dbd77684eef58bd540295eb5726e7431e5561a) , Jun 07, 2024
New vulnerability
IgnitionDeck Crowdfunding Platform (CVE-2025-62918) , Nov 10, 2025
Oboxmedia Ads (CVE-2025-11827) , Nov 10, 2025
Product Table For WooCommerce (CVE-2025-62008) , Nov 10, 2025
Slick Google Map (CVE-2025-48078) , Nov 10, 2025
SpendeOnline.org (CVE-2025-11875) , Nov 10, 2025