[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpwarC67i-XRL-10BqScKiZ6s0JAFPW2SOndO2Hjwcuk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":74,"crawl_stats":38,"alternatives":81,"analysis":185,"fingerprints":319},"inactive-logout","Inactive Logout","3.6.1","Deepen Bajracharya","https:\u002F\u002Fprofiles.wordpress.org\u002Fj_3rk\u002F","\u003Cp>Protect your WordPress users’ sessions from prying eyes and snoopers!\u003C\u002Fp>\n\u003Cp>The Inactive Logout plugin automatically terminates idle user sessions, safeguarding your site if users leave their sessions unattended.\u003C\u002Fp>\n\u003Cp>A simple plugin which is easy to configure and use. After installing and activating it, just set the idle timeout from the plugin settings. From then on, any unattended idle WordPress sessions will be automatically terminated. You can also display a custom message to users, warning them that their session is about to end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Try it out ==> \u003Ca href=\"https:\u002F\u002Ftastewp.org\u002Fplugins\u002Finactive-logout\u002F\" title=\"Demo Link\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FEATURES:\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change idle timeout time.\u003C\u002Fli>\n\u003Cli>Count down of 10 seconds before actual logout. You can remove this feature if you dont want it.\u003C\u002Fli>\n\u003Cli>Add only \u003Cstrong>Wake Up!\u003C\u002Fstrong> message where user will not logout but instead a wakeup message will be shown upon inactive.\u003C\u002Fli>\n\u003Cli>Custom Popup Message.\u003C\u002Fli>\n\u003Cli>Show idle message for non authenticated users or redirect them.\u003C\u002Fli>\n\u003Cli>Concurrent user logouts.\u003C\u002Fli>\n\u003Cli>Toast notification on Logout.\u003C\u002Fli>\n\u003Cli>Redirect to a Different Page instead of Popup box. Create a page such as timeout page and add your content there by creating a blank template or style it as you wish according to your theme.\u003C\u002Fli>\n\u003Cli>Multiple User Role Configurations for individual timeout and session logout redirects.\u003C\u002Fli>\n\u003Cli>Logout to custom page or existing page.\u003C\u002Fli>\n\u003Cli>Clean UI\u003C\u002Fli>\n\u003Cli>WooCommerce Supported.\u003C\u002Fli>\n\u003Cli>Multisite Support: Override all sites with one setting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>EXTEND OTHER FEATURES:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Few of the key features to \u003Cstrong>\u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002Fpricing\u002F\" title=\"Inactive Logout Pro\" rel=\"nofollow ugc\">Inactive Logout Pro\u003C\u002Fa>\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto browser close logout after defined duration.\u003C\u002Fli>\n\u003Cli>Fully functional multi-tab support.\u003C\u002Fli>\n\u003Cli>User Based Logout\u003C\u002Fli>\n\u003Cli>Track Visitors based on \u003Cstrong>(Login time, logout time, browser, online status, session duration, role, os, IP)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Force Logout All Users\u003C\u002Fli>\n\u003Cli>Logout Specific User(s)\u003C\u002Fli>\n\u003Cli>Bulk Logout Users\u003C\u002Fli>\n\u003Cli>Concurrent Login Limits.\u003C\u002Fli>\n\u003Cli>Last Login Activity\u003C\u002Fli>\n\u003Cli>Override Multiple Login priority\u003C\u002Fli>\n\u003Cli>User Lock whenever certain limit login has been reached.\u003C\u002Fli>\n\u003Cli>Track user login sessions.\u003C\u002Fli>\n\u003Cli>Logout redirects.\u003C\u002Fli>\n\u003Cli>Login redirects.\u003C\u002Fli>\n\u003Cli>Email notification and email template overrides for Locked concurrent session.\u003C\u002Fli>\n\u003Cli>Disable inactive logout for specified pages according to your need. Check this \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Ftechies23\u002F6d2852eedd6ae56c486056e021e4ee48\" title=\"documentation\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong> for additional post type support.\u003C\u002Fli>\n\u003Cli>Disable native wordpress login popup after logout\u003C\u002Fli>\n\u003Cli>Modal Customizer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>**See the \u003Ca href=\"https:\u002F\u002Finactive-logout.com\u002F\" title=\"Inactive Logout\" rel=\"nofollow ugc\">Inactive Logout\u003C\u002Fa> homepage for further information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please consider giving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finactive-logout\u002Freviews\u002F#new-post\" title=\"5 star thumbs up\" rel=\"ugc\">5 star thumbs up\u003C\u002Fa> if you found this useful.\u003C\u002Fstrong>\u003C\u002Fp>\n","Automatically logout idle user sessions, with logout redirections and concurrent limit logins all in one place.",20000,656143,94,106,"2025-12-09T05:09:00.000Z","6.9.4","6.6","7.4",[20,21,22,23,24],"concurrent-login-limit","idle-logout","logout","security","user-redirection","https:\u002F\u002Finactive-logout.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finactive-logout.3.6.1.zip",96,3,0,"2025-10-31 13:27:51","2026-03-15T15:16:48.613Z",[33,49,64],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-11922","inactive-logout-authenticated-subscriber-stored-cross-site-scripting","Inactive Logout \u003C= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting","The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ina_redirect_page_individual_user' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=3.5.5","3.6.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-01 01:47:43",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffde110ae-c559-4d45-91c0-a3dd5ff05c4d?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2023-44142","inactive-logout-missing-authorization","Inactive Logout \u003C= 3.2.2 - Missing Authorization","The Inactive Logout plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ina_reset_adv_settings() function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's settings.","\u003C3.2.3","3.2.3",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2023-09-20 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc583ef34-ddec-4d6c-9685-ef4bce5e785e?source=api-prod",125,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":59,"updated_date":60,"references":72,"days_to_patch":63},"WF-d9189eb3-be7f-42e1-92cc-b48af5615eb9-inactive-logout","inactive-logout-cross-site-request-forgery","Inactive Logout \u003C= 3.2.2 - Cross-Site Request Forgery","The Inactive Logout plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ina_reset_adv_settings() function in versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd9189eb3-be7f-42e1-92cc-b48af5615eb9?source=api-prod",{"slug":75,"display_name":7,"profile_url":8,"plugin_count":76,"total_installs":77,"avg_security_score":27,"avg_patch_time_days":78,"trust_score":79,"computed_at":80},"j_3rk",2,40000,246,76,"2026-04-04T02:42:05.088Z",[82,105,125,145,162],{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":101,"download_link":102,"security_score":103,"vuln_count":28,"unpatched_count":29,"last_vuln_date":104,"fetched_at":31},"protected-posts-logout-button","Protected Posts Logout Button","1.4.6","Nate Reist","https:\u002F\u002Fprofiles.wordpress.org\u002Fnatereist\u002F","\u003Cp>This plugin simply adds a logout button to the content of any password protected post. Sometimes clients want a password protected page to share information with privileged individuals and the default 10 days for the cookie to expire is too long for their liking. So I wrote a little plugin to do this with AJAX and set the cookie to expire immediately, well actually 10 days in the past.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works logged in or out as a WordPress user.\u003C\u002Fli>\n\u003Cli>Uses the same functionality WordPress uses to set post cookies.\u003C\u002Fli>\n\u003Cli>Has a simple settings page to make everything easier.\u003C\u002Fli>\n\u003Cli>Allows you to alert user they have logged out.\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically adds a logout button to your password protected content.",1000,33408,98,13,"2023-02-16T00:46:00.000Z","6.1.10","2.8","",[22,99,100],"password-protected-posts-logout-button","wordpress-security","http:\u002F\u002Fmindutopia.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-posts-logout-button.1.4.6.zip",84,"2023-02-20 00:00:00",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":29,"num_ratings":29,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":122,"download_link":123,"security_score":124,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"clear-logout","Clear Logout","1.4","Ayesh Karunaratne","https:\u002F\u002Fprofiles.wordpress.org\u002Fayeshrajans\u002F","\u003Cp>This plugin ensures that when users of your website (including site administrators), the browsers are instructed to clear all residue such as cookies and caches to enhance the security.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FHeaders\u002FClear-Site-Data\" rel=\"nofollow ugc\">\u003Ccode>Clear-Site-Data\u003C\u002Fcode> HTTP header\u003C\u002Fa> is sent when a user logs out, which supported browsers will react by removing all existing cookies, cache, and other storage. It will \u003Cstrong>not\u003C\u002Fstrong> remove saved passwords, permissions, adblocker rules, and other data that are supposed to be permanent.\u003C\u002Fp>\n\u003Cp>This plugin prevents possible security vulnerabilities such as clicking the “Back” button in the browser after logging out revealing the pages that should not have been accessible after logging out. Furthermore, this cleans the browser cache, which prevents accessing authenticated media assets (such as purchased images) from the browser cache of a victim.\u003C\u002Fp>\n","A tiny WordPress plugin to clear all browser data related to the site upon logout (With Clear-Site-Data header).",90,3501,"2023-07-23T12:29:00.000Z","6.3.8","5.1","7.1",[120,22,121,23],"authentication","password","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclear-logout\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclear-logout.1.4.zip",85,{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":29,"num_ratings":29,"last_updated":135,"tested_up_to":16,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":142,"download_link":143,"security_score":144,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"users-login-monitor","Users Login Monitor","5.22","wpgear","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgear\u002F","\u003Cp>Ext Security.\u003Cbr \u002F>\nDashboard & Daily-Digest about users activity.\u003Cbr \u002F>\nNow the console has a widget that displays last login users, whith: Date-Time, IP address (whith Whois info) and Device type\u002FBrowser.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Even without going to the site admin area, you will be informed about the activity of the current day.\u003C\u002Fli>\n\u003Cli>Any person can be a recipient of notifications. Not necessarily the Administrator.\u003C\u002Fli>\n\u003Cli>Now in the Admin console you have a new widget with a list of users in order of decreasing Login time.\u003C\u002Fli>\n\u003Cli>Determine and save the IP address, device and browser details, from which the was made Login. (if your server is configured correctly). For better informational content, in order to be able to determine the parameters of the User’s devices (OS, Browser, Type Device), you should have a PHP extension on the server: “Browscap”. Alternatively, you can use the Lite-Version – Plugin: “quick-browscap” from the official WP repository.\u003C\u002Fli>\n\u003Cli>It is important to understand that the time to enter the site and the time of the last activity of the user are different events.\u003C\u002Fli>\n\u003Cli>Displays “Login Success” Statistics for each User.\u003C\u002Fli>\n\u003Cli>Displays Count “Users Activity” in Admin Bar.\u003C\u002Fli>\n\u003C\u002Ful>\n","A freeware plugin, for daily-notify site administrator, about users who logged in during the day.",30,2487,"2026-02-26T09:01:00.000Z","4.1","5.4",[139,22,140,23,141],"login","members","users","https:\u002F\u002Fwpgear.xyz\u002Fusers-login-monitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusers-login-monitor.zip",100,{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":29,"num_ratings":29,"last_updated":155,"tested_up_to":156,"requires_at_least":157,"requires_php":97,"tags":158,"homepage":160,"download_link":161,"security_score":124,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"invalidate-logged-out-cookies","Invalidate Logged Out Cookies","0.1.1","laceous","https:\u002F\u002Fprofiles.wordpress.org\u002Flaceous\u002F","\u003Cp>\u003Cstrong>Due to lack of interest (both my own and based on the number of downloads) this plugin will not be updated for WP 3.0\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WordPress’ auth cookies include a built-in expiration date (either 2 or 14 days depending on if the ‘Remember Me’ option is checked). Even if you remove the client-side cookie (by manually logging out or just closing your browser if ‘Remember Me’ wasn’t checked when logging in) the data that was stored within the cookie is still valid until the expiration date is reached.\u003C\u002Fp>\n\u003Cp>This could be an issue if someone managed to “steal” your cookie(s). They would still be able to access your website for some time into the future.\u003C\u002Fp>\n\u003Cp>This plugin will immediately invalidate your auth cookies when you manually log out. This, of course, also means that you have to manually click ‘Log out’ for this plugin to work properly (you can’t just close your browser to remove any cookies that expire at the end of the session). This won’t prevent session hijacking, but should limit the amount of time that an attacker can access your website.\u003C\u002Fp>\n","This plugin will immediately invalidate your auth cookies when you manually log out.",10,2183,"2010-05-22T00:43:00.000Z","2.9.2","2.9",[159,139,22,23],"cookies","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Finvalidate-logged-out-cookies\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvalidate-logged-out-cookies.zip",{"slug":163,"name":164,"version":165,"author":166,"author_profile":167,"description":168,"short_description":169,"active_installs":170,"downloaded":171,"rating":13,"num_ratings":172,"last_updated":173,"tested_up_to":16,"requires_at_least":174,"requires_php":175,"tags":176,"homepage":181,"download_link":182,"security_score":27,"vuln_count":183,"unpatched_count":29,"last_vuln_date":184,"fetched_at":31},"wordfence","Wordfence Security – Firewall, Malware Scan, and Login Security","8.1.4","Mark Maunder","https:\u002F\u002Fprofiles.wordpress.org\u002Fmmaunder\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fi4ZN2TwlaBE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>THE MOST POPULAR WORDPRESS FIREWALL & SECURITY SCANNER\u003C\u002Fh4>\n\u003Cp>WordPress security requires a team of dedicated analysts researching the latest malware variants and WordPress exploits, turning them into firewall rules and malware signatures, and releasing those to customers in real-time.\u003C\u002Fp>\n\u003Cp>Choose the right protection for you: \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fpricing\u002F\" rel=\"nofollow ugc\">Wordfence Free, Premium, Care or Response\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Wordfence is widely acknowledged as the number one WordPress security research team in the World. Our plugin provides a comprehensive suite of security features, and our team’s research is what powers our plugin and provides the level of security that we are known for.\u003C\u002Fp>\n\u003Cp>At Wordfence, WordPress security isn’t a division of our business – WordPress security is all we do. We employ a global 24-hour dedicated incident response team that provides our priority customers with a 1 hour response time for any security incident.\u003C\u002Fp>\n\u003Cp>The sun never sets on our global security team and we run a sophisticated threat intelligence platform to aggregate, analyze and produce ground breaking security research on the newest security threats.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Wordfence Security includes an endpoint firewall, malware scanner, robust login security features, live traffic views, and more.\u003C\u002Fstrong> Our \u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002F\" rel=\"nofollow ugc\">Threat Defense Feed\u003C\u002Fa> arms Wordfence with the newest firewall rules, malware signatures, and malicious IP addresses it needs to keep your website safe.\u003C\u002Fp>\n\u003Cp>Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available.\u003C\u002Fp>\n\u003Ch3>🔥 WORDPRESS FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002F\" rel=\"nofollow ugc\">Web Application Firewall\u003C\u002Fa>\u003C\u002Fstrong> identifies and blocks malicious traffic. Built and maintained by a large team focused 100% on WordPress security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time firewall rule and malware signature [Premium]\u003C\u002Fstrong> updates via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002F\" rel=\"nofollow ugc\">Real-time IP Blocklist\u003C\u002Fa> [Premium]\u003C\u002Fstrong> blocks all requests from the most malicious IPs, protecting your site while reducing load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protects your site at the endpoint\u003C\u002Fstrong>, enabling deep integration with WordPress. Unlike cloud alternatives, it does not break encryption, cannot be bypassed and cannot leak data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fscan\u002F\" rel=\"nofollow ugc\">Integrated malware scanner\u003C\u002Fa>\u003C\u002Fstrong> blocks requests that include malicious code or content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ffirewall\u002Fbrute-force\u002F\" rel=\"nofollow ugc\">Protection from brute force\u003C\u002Fa>\u003C\u002Fstrong> attacks by limiting login attempts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📡 WORDPRESS SECURITY SCANNER\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Malware scanner\u003C\u002Fstrong> checks core files, themes and plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time malware signature updates [Premium]\u003C\u002Fstrong> via the Threat Defense Feed (free version is delayed by 30 days).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compares with WordPress.org repository\u003C\u002Fstrong> your core files, themes and plugins, checking their integrity and reporting any changes to you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Repair WordPress core, theme, and plugin files\u003C\u002Fstrong> that have changed by overwriting them with a pristine, original version. Delete any files that don’t belong easily within the Wordfence interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Malware Removal Tools\u003C\u002Fstrong> “Delete File” and “Delete All Deletable Files” options allow for efficient malware removal. Remember to investigate the scan results and backup files first!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your site for known security vulnerabilities\u003C\u002Fstrong> and alerts you to any issues. Also alerts you to potential security issues when a plugin has been closed or abandoned.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks your content safety\u003C\u002Fstrong> by scanning file contents, posts and comments for dangerous URLs and suspicious content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Checks to see if your site or IP have been blocklisted [Premium]\u003C\u002Fstrong> for malicious activity, generating spam or other security issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔒 LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Ftwo-factor-authentication\u002F\" rel=\"nofollow ugc\">Two-factor authentication (2FA)\u003C\u002Fa>\u003C\u002Fstrong>, one of the most secure forms of remote system authentication available via any TOTP-based authenticator app or service.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F\" rel=\"nofollow ugc\">Login Page CAPTCHA\u003C\u002Fa>\u003C\u002Fstrong> stops bots from logging in.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Flogin-security\u002F#woocommerce-and-custom-integrations\" rel=\"nofollow ugc\">2FA for WooCommerce and custom integrations\u003C\u002Fa>\u003C\u002Fstrong> allow for 2FA to be setup on custom account pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XML-RPC\u003C\u002Fstrong> options including disabling or adding 2FA.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Security:\u003C\u002Fstrong> Block logins for administrators using known compromised passwords.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📋 SECURITY AUDIT LOG [Premium]\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Faudit-log\" rel=\"nofollow ugc\">The Audit Log\u003C\u002Fa>\u003C\u002Fstrong> monitors all changes and actions in security-sensitive areas of the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remote tamper-proof data storage\u003C\u002Fstrong> via Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Monitor events and actions\u003C\u002Fstrong> ranging  from user creation and editing to plugin\u002Ftheme installation and updates to post and page changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable\u003C\u002Fstrong> to log all events or significant events only, which includes all authentication, site configuration, and site functionality events.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🌐 WORDFENCE CENTRAL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fproducts\u002Fwordfence-central\u002F\" rel=\"nofollow ugc\">Wordfence Central\u003C\u002Fa>\u003C\u002Fstrong> is a powerful and efficient way to manage the security for multiple sites in one place.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Centralized management:\u003C\u002Fstrong> Efficiently assess the security status of all your websites in one view. View detailed security findings without leaving Wordfence Central.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Powerful templates\u003C\u002Fstrong> make configuring Wordfence a breeze.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly configurable alerts\u003C\u002Fstrong> can be delivered via email, SMS or Slack. Improve the signal to noise ratio by leveraging severity level options and a daily digest option.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track and alert on important security events\u003C\u002Fstrong> including administrator logins, breached password usage and surges in attack activity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free to use\u003C\u002Fstrong> for unlimited sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ SECURITY TOOLS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Ftools\u002Flive-traffic\u002F\" rel=\"nofollow ugc\">Live Traffic\u003C\u002Fa>\u003C\u002Fstrong> monitors visits and hack attempts not shown in other analytics packages in real time; including origin, their IP address, the time of day and time spent on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block attackers by IP\u003C\u002Fstrong> or build advanced rules based on IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wordfence.com\u002Fhelp\u002Fblocking\u002Fcountry-blocking\u002F\" rel=\"nofollow ugc\">Country blocking\u003C\u002Fa>\u003C\u002Fstrong> available with Wordfence Premium.\u003C\u002Fli>\n\u003C\u002Ful>\n","Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.",5000000,406617999,4829,"2025-12-20T21:06:00.000Z","4.7","7.0",[177,178,179,180,23],"2fa","firewall","malware","scanner","https:\u002F\u002Fwww.wordfence.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwordfence.8.1.4.zip",12,"2022-09-06 00:00:00",{"attackSurface":186,"codeSignals":283,"taintFlows":309,"riskAssessment":310,"analyzedAt":318},{"hooks":187,"ajaxHandlers":279,"restRoutes":280,"shortcodes":281,"cronEvents":282,"entryPointCount":29,"unprotectedCount":29},[188,194,198,202,206,209,213,216,221,225,230,233,236,241,245,248,252,256,259,264,266,270,274,276],{"type":189,"name":190,"callback":191,"file":192,"line":193},"action","admin_menu","registerMenu","core\\Backend\\Menu.php",19,{"type":189,"name":195,"callback":196,"file":192,"line":197},"network_admin_menu","multisiteMenu",20,{"type":189,"name":199,"callback":200,"file":201,"line":133},"admin_notices","admin_notice","core\\Base.php",{"type":189,"name":203,"callback":204,"file":201,"line":205},"plugins_loaded","loaded",32,{"type":189,"name":207,"callback":207,"file":201,"line":208},"init",33,{"type":189,"name":210,"callback":211,"file":201,"line":212},"wp_enqueue_scripts","scripts",35,{"type":189,"name":214,"callback":211,"file":201,"line":215},"admin_enqueue_scripts",36,{"type":217,"name":218,"callback":219,"priority":153,"file":201,"line":220},"filter","plugin_action_links","action_link",37,{"type":217,"name":222,"callback":223,"priority":153,"file":201,"line":224},"auth_cookie_expiration","auth_expiration",38,{"type":189,"name":214,"callback":226,"priority":227,"file":228,"line":229},"onlyEnqueueInactiveScripts",999999999,"core\\Compatibility.php",22,{"type":189,"name":231,"callback":226,"priority":227,"file":228,"line":232},"admin_head",23,{"type":189,"name":234,"callback":226,"priority":227,"file":228,"line":235},"admin_footer",24,{"type":189,"name":237,"callback":238,"file":239,"line":240},"wp_loaded","concurrent_logins","core\\ConcurrentLogin.php",18,{"type":189,"name":242,"callback":243,"file":244,"line":232},"admin_init","store","core\\Controllers\\AdminController.php",{"type":189,"name":246,"callback":247,"file":244,"line":235},"ina_before_settings_wrapper","ina_before_settings_wrap",{"type":189,"name":249,"callback":250,"file":244,"line":251},"ina_after_settings_wrapper","ina_after_settings_wrap",25,{"type":217,"name":253,"callback":253,"priority":254,"file":255,"line":153},"logout_redirect",99,"core\\LogoutHandler.php",{"type":189,"name":257,"callback":257,"priority":254,"file":255,"line":258},"wp_logout",11,{"type":189,"name":260,"callback":261,"priority":48,"file":262,"line":263},"wp_footer","dialog_modal","core\\Modal.php",14,{"type":189,"name":234,"callback":261,"priority":48,"file":262,"line":265},15,{"type":189,"name":267,"callback":268,"file":262,"line":269},"wp_head","toastStyles",16,{"type":189,"name":271,"callback":272,"file":262,"line":273},"login_footer","toastContent",17,{"type":189,"name":275,"callback":268,"file":262,"line":240},"login_head",{"type":189,"name":277,"callback":278,"file":262,"line":193},"template_redirect","maybeClearToastFlag",[],[],[],[],{"dangerousFunctions":284,"sqlUsage":285,"outputEscaping":290,"fileOperations":29,"externalRequests":29,"nonceChecks":292,"capabilityChecks":28,"bundledLibraries":305},[],{"prepared":29,"raw":48,"locations":286},[287],{"file":201,"line":288,"context":289},333,"$wpdb->get_col() with variable interpolation",{"escaped":291,"rawEcho":292,"locations":293},46,4,[294,297,299,302],{"file":262,"line":295,"context":296},29,"raw output",{"file":262,"line":298,"context":296},49,{"file":300,"line":301,"context":296},"views\\tabs\\tpl-inactive-logout-basic.php",178,{"file":303,"line":304,"context":296},"views\\tpl-inactive-logout-settings.php",31,[306],{"name":307,"version":38,"knownCves":308},"Select2",[],[],{"summary":311,"deductions":312},"The 'inactive-logout' plugin v3.6.1 exhibits a mixed security posture. On the positive side, the static analysis reveals a minimal attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events directly exposed without authentication or permission checks. The majority of output (92%) is properly escaped, and there are a reasonable number of nonce and capability checks. However, a significant concern arises from the presence of SQL queries that are not prepared, indicating a potential for SQL injection vulnerabilities if the data processed by these queries is not sufficiently sanitized.  The vulnerability history is a major red flag. With three known CVEs, all classified as medium severity and focused on Cross-Site Scripting (XSS), Missing Authorization, and Cross-Site Request Forgery (CSRF), this plugin has a demonstrated track record of security weaknesses. While there are no currently unpatched vulnerabilities, the past patterns suggest a tendency for insecure coding practices that can lead to exploitable flaws. The plugin's strengths lie in its limited attack surface and good output escaping, but these are overshadowed by the historical prevalence of critical vulnerability types and the presence of raw SQL queries.",[313,316],{"reason":314,"points":315},"SQL queries not using prepared statements",7,{"reason":317,"points":265},"History of 3 medium severity CVEs","2026-03-16T17:34:38.363Z",{"wat":320,"direct":333},{"assetPaths":321,"generatorPatterns":326,"scriptPaths":327,"versionParams":328},[322,323,324,325],"\u002Fwp-content\u002Fplugins\u002Finactive-logout\u002Fpublic\u002Fscripts\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Finactive-logout\u002Fpublic\u002Fvendor\u002Fselect2\u002Fjs\u002Fselect2.full.min.js","\u002Fwp-content\u002Fplugins\u002Finactive-logout\u002Fpublic\u002Fvendor\u002Fselect2\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Finactive-logout\u002Fpublic\u002Fscripts\u002Fadmin.js",[],[325,323],[329,330,331,332],"inactive-logout\u002Fpublic\u002Fscripts\u002Fadmin.css?ver=","inactive-logout\u002Fpublic\u002Fvendor\u002Fselect2\u002Fjs\u002Fselect2.full.min.js?ver=","inactive-logout\u002Fpublic\u002Fvendor\u002Fselect2\u002Fcss\u002Fselect2.min.css?ver=","inactive-logout\u002Fpublic\u002Fscripts\u002Fadmin.js?ver=",{"cssClasses":334,"htmlComments":340,"htmlAttributes":341,"restEndpoints":343,"jsGlobals":344,"shortcodeOutput":346},[335,336,337,338,339],"ina-major-update-warning__separator","ina-major-update-warning","ina-major-update-warning__icon","ina-major-update-warning__title","ina-major-update-warning__message",[],[342],"data-security-nonce",[],[345],"inactive_logout",[]]