CVE-2025-13696
- EPSS 0.07%
- Veröffentlicht 02.12.2025 07:24:30
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization ...
CVE-2025-26989
- EPSS 0.19%
- Veröffentlicht 03.03.2025 14:15:57
- Zuletzt bearbeitet 01.04.2026 17:19:18
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform zigaform-form-builder-lite allows Stored XSS.This issue affects Zigaform: from n/a through <= 7.4.2.
CVE-2025-26994
- EPSS 0.19%
- Veröffentlicht 03.03.2025 14:15:57
- Zuletzt bearbeitet 01.04.2026 17:19:19
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite zigaform-calculator-cost-estimation-form-builder-lite allows Stored XSS...
CVE-2024-13587
- EPSS 0.11%
- Veröffentlicht 18.02.2025 05:15:16
- Zuletzt bearbeitet 08.04.2026 17:18:03
The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and including, 7.4.7 due to insufficient input sanitiz...
CVE-2024-13573
- EPSS 0.11%
- Veröffentlicht 18.02.2025 05:15:14
- Zuletzt bearbeitet 08.04.2026 18:20:08
The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user ...