CVE-2023-34022

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rakib Hasan Dynamic QR Code Generator plugin = 0.0.5 versions...

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-51673

Cross-Site Request Forgery CSRF vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17...

CVE-2023-38477

Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0...

CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal...

CVE-2022-30729

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner...

CVE-2021-25333

Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code...

CVE-2021-33839

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code of a Private Meeting...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

CVE-2020-15834

An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface...

CVE-2015-9522

The Easy Digital Downloads EDD QR Code extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because addqueryarg is misused...

CVE-2019-17003

Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed...

PT-2025-46930

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 136.0.7103.59 Description An issue with the implementation of Lens in Google Chrome on iOS could allow a remote attacker to perform UI spoofing. This is achieved through a specially crafted QR code...

CVE-2025-46504

Cross-Site Request Forgery CSRF vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through = 1.2.5...

CVE-2025-27322

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bappa Mal QR Code for WooCommerce wc-qr-codes allows Reflected XSS.This issue affects QR Code for WooCommerce: from n/a through = 1.2.0...

WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by johska in WordPress Plugin Vasaio QR Code versions = 1.2.5...

CVE-2025-46504

Cross-Site Request Forgery CSRF vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through = 1.2.5...

CVE-2025-46504 WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Olar Marius Vasaio QR Code vasaio-qr-code allows Stored XSS.This issue affects Vasaio QR Code: from n/a through = 1.2.5...

CVE-2025-46504

CVE-2025-46504 concerns the WordPress plugin Vasaio QR Code (versions up to 1.2.5). The vulnerability is a CSRF-to-stored XSS issue, as reported by Patchstack and reflected in multiple feeds. Affected component is the Vasaio QR Code plugin itself; root cause is CSRF enabling stored XSS payload ex...

WordPress plugin Vasaio QR Code 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...