Vulnerabilities and security researches forignitiondeck ignitiondeck

Nov 10, 2025

CVE, Research URL: CVE-2025-62918
Home page URL: Security reports for IgnitionDeck Crowdfunding Platform
Application: IgnitionDeck Crowdfunding Platform
Date: Oct 27, 2025
Research Description: Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.10.
Affected versions: max 2.0.10.
Status: vulnerable

Jul 28, 2024

CVE, Research URL: CVE-2024-4410
Home page URL: Security reports for IgnitionDeck Crowdfunding Platform
Application: IgnitionDeck Crowdfunding Platform
Date: Jul 27, 2024
Research Description: The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.
Affected versions: max 1.10.0.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: c36a71f8e4cbc20ef18ccea562829c33cfb8bde9
Home page URL: Security reports for IgnitionDeck Crowdfunding Platform
Application: IgnitionDeck Crowdfunding Platform
Date: Aug 01, 2014
Research Description: IgnitionDeck Crowdfunding Platform [ignitiondeck] < 1.2 WordPress IgnitionDeck Plugin <= 1.1 - Unspecified XSS This plugin is prone to a purchase form cross site scripting vulnerability. Upgrade this plugin.
Affected versions: max 1.2.
Status: vulnerable