Cross-Site Scripting Vulnerability in Zigaform Price Calculator Plugin by Softdiscover
CVE-2025-26994
6.1MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 3 March 2025
Summary
The Zigaform Price Calculator & Cost Estimation Form Builder Lite plugin by Softdiscover has a Cross-Site Scripting vulnerability due to improper input handling during web page generation. This flaw allows attackers to inject malicious scripts through stored input, potentially compromising user data and session integrity. Websites using this plugin, especially versions up to 7.4.2, are exposed to this security risk, making it essential for site owners to apply security patches and update their software to mitigate potential attacks.
Affected Version(s)
Zigaform – Price Calculator & Cost Estimation Form Builder Lite <= 7.4.2
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)