WordPress QR Code for WooCommerce order emails, PDF invoices, packing slips plugin <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Cross-Site Scripting via Shortcode Attributes vulnerability discovered by WordFence in WordPress Plugin QR Code Tag for WC versions = 1.9.42...

EUVD-2023-57866

Malicious code in bioql PyPI...

EUVD-2025-9781

Malicious code in bioql PyPI...

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2025-32268

Cross-Site Request Forgery CSRF vulnerability in www.15.to QR Code Tag for WC qr-code-tag-for-wc-from-goaskle-com allows Cross Site Request Forgery.This issue affects QR Code Tag for WC: from n/a through = 1.9.42...

CVE-2025-32268

Cross-Site Request Forgery CSRF vulnerability in www.15.to QR Code Tag for WC qr-code-tag-for-wc-from-goaskle-com allows Cross Site Request Forgery.This issue affects QR Code Tag for WC: from n/a through = 1.9.42...

CVE-2025-32268 WordPress QR Code Tag for WC plugin <= 1.9.42 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in www.15.to QR Code Tag for WC qr-code-tag-for-wc-from-goaskle-com allows Cross Site Request Forgery.This issue affects QR Code Tag for WC: from n/a through = 1.9.42...

CVE-2025-32268 WordPress QR Code Tag for WC plugin <= 1.9.42 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in www.15.to QR Code Tag for WC qr-code-tag-for-wc-from-goaskle-com allows Cross Site Request Forgery.This issue affects QR Code Tag for WC: from n/a through = 1.9.42...

CVE-2025-32268

Technical details about CVE-2025-32268 are not publicly provided in the supplied documents. No confirmed affected products, versions, or fixes are disclosed here. Monitor for official advisories and updates.

WordPress QR Code Tag for WC plugin <= 1.9.42 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin QR Code Tag for WC versions = 1.9.42...

PT-2025-15022 · Unknown · Qr Code Tag For Wc

Name of the Vulnerable Software and Affected Versions: QR Code Tag for WC versions 1.9.36 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the QR Code Tag for WC, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.9.36 and...

QR Code Tag <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its qrcodetag shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2023-32182 · WordPress · Qr Code Tag

Name of the Vulnerable Software and Affected Versions: QR Code Tag plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'qrcodetag' shortcode, allowing authenticated...

WordPress QR Code Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software QR Code Tag Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1f923c2a1cd Credits Lana Codes Required privilege...