How severe is CVE-2024-4410?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2024-4410?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2024-4410 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

The IgnitionDeck Crowdfunding Platform plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.9.8. This is due to missing capability checks on various functions called via AJAX actions in the ~/classes/class-idf-wizard.php file. This makes it possible for authenticated attackers, with subscriber access or higher, to execute various AJAX actions. This includes actions to change the permalink structure, plugin settings and others.

Related Vulnerabilities

CVE-2019-3886

MEDIUM

CVSS:5.4(Medium)

An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission was allowed to invoke APIs depending on the guest agent, which could lead to potentially disclosing un...

CWE-8622019

CVE-2019-4158

MEDIUM

CVSS:5.4(Medium)

IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 1585...

CWE-8622019

CVE-2020-14213

MEDIUM

CVSS:5.4(Medium)

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).

CWE-8622020

CVE-2020-2204

MEDIUM

CVSS:5.4(Medium)

A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using at...

CWE-8622020

CVE-2020-6199

MEDIUM

CVSS:5.4(Medium)

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, ...

CWE-8622020

CVE-2020-6212

MEDIUM

CVSS:5.4(Medium)

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not...

CWE-8622020