CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

RedhatCVE•added 2026/01/24 3:18 p.m.•5 views

CVE-2026-24614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.10...

5.9CVSS5.9AI score0.00059EPSS

Exploits0References1

NVD•added 2026/01/23 3:16 p.m.•3 views

CVE-2026-24614

5.9CVSS0.00059EPSS

Exploits0References1

CVE•added 2026/01/23 2:29 p.m.•6 views

CVE-2026-24614

CVE-2026-24614 affects the WordPress plugin Flex QR Code Generator (flex-qr-code-generator). The vulnerability is a DOM-based XSS caused by improper neutralization during web page generation. Public references indicate impact on Flex QR Code Generator versions up to 1.2.8 (NVD/Red Hat) with Patch...

5.9CVSS5.9AI score0.00059EPSS

Exploits0References1

Vulnrichment•added 2026/01/23 2:29 p.m.•4 views

CVE-2026-24614 WordPress Flex QR Code Generator plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

5.9CVSS5.2AI score0.00059EPSS

Exploits0References1

CNNVD•added 2026/01/23 12:0 a.m.•2 views

WordPress plugin Flex QR Code Generator has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.9CVSS5.7AI score0.00059EPSS

Exploits0References1

Patchstack•added 2026/01/12 4:11 a.m.•5 views

WordPress Flex QR Code Generator plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Flex QR Code Generator versions = 1.2.10...

5.9CVSS5.3AI score0.00059EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/09 9:17 a.m.•2 views

CVE-2025-23831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through = 1.2.6...

6.5CVSS7.2AI score0.00335EPSS

Exploits0References1

Patchstack•added 2025/12/08 6:45 a.m.•11 views

WordPress Flex QR Code Generator plugin <= 1.2.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Flex QR Code Generator versions = 1.2.7...

9.8CVSS5.3AI score0.00373EPSS

Exploits1References1Affected Software1

Cvelist•added 2025/12/06 5:49 a.m.•22 views

CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

9.8CVSS0.00373EPSS

Exploits1References5

CNNVD•added 2025/12/06 12:0 a.m.•8 views

WordPress plugin Flex QR Code Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

9.8CVSS6.8AI score0.00373EPSS

Exploits1References5

NVD•added 2025/10/15 9:15 a.m.•6 views

CVE-2025-10041

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesaveqrcodetodb function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS0.00304EPSS

Exploits3References4

CVE•added 2025/10/15 8:25 a.m.•20 views

CVE-2025-10041

The CVE-2025-10041 entry concerns the Flex QR Code Generator WordPress plugin. Affected versions include all up to and including 1.2.5, where missing file type validation in the save_qr_code_to_db() function allows unauthenticated arbitrary file uploads, potentially enabling remote code execution...

9.8CVSS7.2AI score0.00304EPSS

Exploits3References4