cleantalk
Vulnerabilities and Security Researches

IgnitionDeck Crowdfunding Platform, CVE-2024-4410

CVE, Research URL

CVE-2024-4410

Home page URL

Security reports for IgnitionDeck Crowdfunding Platform

Application

IgnitionDeck Crowdfunding Platform

Published on
Jul 27, 2024
Research Description
The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.
Affected versions
max 1.10.0.
Status
vulnerable
Previous vulnerability researches
IgnitionDeck Crowdfunding Platform (CVE-2024-4410) , Jul 28, 2024
IgnitionDeck Crowdfunding Platform (CVE-2025-62918) , Nov 10, 2025
IgnitionDeck Crowdfunding Platform (c36a71f8e4cbc20ef18ccea562829c33cfb8bde9) , Jun 07, 2024
New vulnerability
Social proof testimonials and reviews by Repuso (CVE-2025-62071) , Nov 11, 2025
Error Log Viewer by BestWebSoft (CVE-2025-9950) , Nov 11, 2025
Fidelo Snippet (CVE-2025-53351) , Nov 11, 2025
Check Plagiarism (CVE-2025-11172) , Nov 11, 2025
Custom Post Type Attachment (CVE-2025-62907) , Nov 11, 2025