Zigaform – Form Builder Lite Security & Risk Analysis
wordpress.org/plugins/zigaform-form-builder-liteCreate forms with total control using this powerful drag-and-drop form builder, allowing you to build contact forms or any custom forms in minutes.
Is Zigaform – Form Builder Lite Safe to Use in 2026?
Generally Safe
Score 99/100Zigaform – Form Builder Lite has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The zigaform-form-builder-lite plugin version 7.6.9 presents a mixed security posture. While it demonstrates good practices by utilizing prepared statements for the majority of its SQL queries and incorporates a substantial number of nonce and capability checks, several areas raise significant concerns. The static analysis reveals a large attack surface with 7 AJAX handlers lacking authentication checks, which can be a direct entry point for attackers. Furthermore, the taint analysis highlights 21 high-severity flows with unsanitized paths, indicating a strong potential for various injection vulnerabilities, most notably cross-site scripting as suggested by the vulnerability history. The plugin's history of 2 medium-severity CVEs, both related to cross-site scripting, reinforces the risk posed by inadequate input sanitization. Although there are no currently unpatched CVEs and a majority of SQL queries are prepared, the identified untrusted paths and unprotected AJAX endpoints are critical weaknesses that warrant immediate attention. The plugin's reliance on bundled libraries like DataTables, jQuery, and TinyMCE also introduces a potential risk if these libraries are not kept up-to-date within the plugin itself, although the provided data does not explicitly detail their versions or associated vulnerabilities.
Key Concerns
- Unprotected AJAX handlers
- High severity taint flows with unsanitized paths
- Medium severity CVEs in vulnerability history
- Low percentage of properly escaped output
- Dangerous functions used (unserialize)
Zigaform – Form Builder Lite Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Zigaform – Form Builder Lite <= 7.4.2 - Unauthenticated Stored Cross-Site Scripting
Zigaform – Form Builder Lite <= 7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Zigaform – Form Builder Lite Release Timeline
Zigaform – Form Builder Lite Code Analysis
Dangerous Functions Found
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Zigaform – Form Builder Lite Attack Surface
AJAX Handlers 75
Shortcodes 7
WordPress Hooks 47
Maintenance & Trust
Zigaform – Form Builder Lite Maintenance & Trust
Maintenance Signals
Community Trust
Zigaform – Form Builder Lite Alternatives
WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More
wpforms-lite
The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder
fluentform
Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.
SureForms – Contact Form, Payment Form & Other Custom Form Builder
sureforms
The most beginner-friendly AI Form Builder for WordPress. Create contact, payment, quiz & custom forms with advanced features in minutes.
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder
everest-forms
The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.
Ultra Addons for Contact Form 7
ultimate-addons-for-contact-form-7
50+ Essential Addons for Contact Form 7 - Conditional Fields, Multi Step, Redirection, Columns, WooCommerce, Mailchimp & more
Zigaform – Form Builder Lite Developer Profile
4 plugins · 380 total installs
How We Detect Zigaform – Form Builder Lite
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/zigaform-form-builder-lite/css/uiform-admin.css/wp-content/plugins/zigaform-form-builder-lite/css/uiform-frontend.css/wp-content/plugins/zigaform-form-builder-lite/css/uiform-icons.css/wp-content/plugins/zigaform-form-builder-lite/css/uiform-select2.min.css/wp-content/plugins/zigaform-form-builder-lite/css/uiform-styles.css/wp-content/plugins/zigaform-form-builder-lite/css/uiform-wizard.css/wp-content/plugins/zigaform-form-builder-lite/js/uiform-admin.js/wp-content/plugins/zigaform-form-builder-lite/js/uiform-backend.js+5 more/wp-content/plugins/zigaform-form-builder-lite/js/uiform-admin.js/wp-content/plugins/zigaform-form-builder-lite/js/uiform-frontend.js/wp-content/plugins/zigaform-form-builder-lite/css/uiform-admin.css?ver=/wp-content/plugins/zigaform-form-builder-lite/css/uiform-frontend.css?ver=/wp-content/plugins/zigaform-form-builder-lite/css/uiform-icons.css?ver=/wp-content/plugins/zigaform-form-builder-lite/css/uiform-select2.min.css?ver=/wp-content/plugins/zigaform-form-builder-lite/css/uiform-styles.css?ver=/wp-content/plugins/zigaform-form-builder-lite/css/uiform-wizard.css?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-admin.js?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-backend.js?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-bootstrap.js?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-frontend.js?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-select2.full.min.js?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-sweetalert.min.js?ver=/wp-content/plugins/zigaform-form-builder-lite/js/uiform-validation.js?ver=HTML / DOM Fingerprints
uiform-containeruiform-rowuiform-coluiform-button-wrapperuiform-form-fieldsuiform-form-fielduiform-field-wrapuiform-label+7 more<!-- ZigaForm Main Files --><!-- ZigaForm Frontend Files --><!-- ZigaForm Admin Files --><!-- Zigaform required file -->data-uiform-iddata-uiform-field-iddata-uiform-ruledata-uiform-form-iduiform_datauiform_varsZIGAFORM_F_LITEUiform/wp-json/uiform/v1/forms/wp-json/uiform/v1/forms/(?P<id>[\d]+)/wp-json/uiform/v1/submit[uiform id=