CVE-2025-13696
- EPSS 0.06%
- Veröffentlicht 02.12.2025 07:24:30
- Zuletzt bearbeitet 02.12.2025 17:16:29
The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization ...
CVE-2025-26989
- EPSS 0.09%
- Veröffentlicht 03.03.2025 14:15:57
- Zuletzt bearbeitet 07.03.2025 19:45:52
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Form Builder Lite allows Stored XSS. This issue affects Zigaform – Form Builder Lite: from n/a through 7.4.2.
CVE-2025-26994
- EPSS 0.09%
- Veröffentlicht 03.03.2025 14:15:57
- Zuletzt bearbeitet 07.03.2025 19:45:52
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform – Price Calculator & Cos...
CVE-2024-13587
- EPSS 0.08%
- Veröffentlicht 18.02.2025 05:15:16
- Zuletzt bearbeitet 21.02.2025 18:26:02
The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitiz...
CVE-2024-13573
- EPSS 0.08%
- Veröffentlicht 18.02.2025 05:15:14
- Zuletzt bearbeitet 24.02.2025 15:40:57
The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user ...