cleantalk
Vulnerabilities and Security Researches

Inactive Logout, CVE-2025-11922

CVE, Research URL

CVE-2025-11922

Home page URL

Security reports for Inactive Logout

Application

Inactive Logout

Published on
Nov 01, 2025
Research Description
The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ina_redirect_page_individual_user' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.6.0.
Status
vulnerable
Previous vulnerability researches
Inactive Logout (CVE-2025-11922) , Nov 10, 2025
Inactive Logout (CVE-2023-44142) , Jun 10, 2024
Inactive Logout (46dbd77684eef58bd540295eb5726e7431e5561a) , Jun 07, 2024
New vulnerability
IgnitionDeck Crowdfunding Platform (CVE-2025-62918) , Nov 10, 2025
Oboxmedia Ads (CVE-2025-11827) , Nov 10, 2025
Product Table For WooCommerce (CVE-2025-62008) , Nov 10, 2025
Slick Google Map (CVE-2025-48078) , Nov 10, 2025
SpendeOnline.org (CVE-2025-11875) , Nov 10, 2025