Vulnerabilities > Softdiscover > Zigaform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-03 | CVE-2025-26989 | Cross-site Scripting vulnerability in Softdiscover Zigaform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Form Builder Lite allows Stored XSS. | 6.1 |
| 2025-03-03 | CVE-2025-26994 | Cross-site Scripting vulnerability in Softdiscover Zigaform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. | 6.1 |
| 2025-02-18 | CVE-2024-13573 | Cross-site Scripting vulnerability in Softdiscover Zigaform The Zigaform – Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_rfvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-02-18 | CVE-2024-13587 | Cross-site Scripting vulnerability in Softdiscover Zigaform The Zigaform – Price Calculator & Cost Estimation Form Builder Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zgfm_fvar' shortcode in all versions up to, and including, 7.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |