CVE-2025-23864

CVE-2025-23864 is a Stored XSS in WP Code Snippets WCS QR Code Generator (WordPress plugin) with vulnerable versions up to 1.0. Root cause: Improper input neutralization during web page generation. CVSSv3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L, base 6.5 (Medium). Connected Red Hat entry confirms ...

CVE-2025-23831 WordPress QR Code Generator plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through = 1.2.6...

CVE-2025-23831 WordPress QR Code Generator plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobstac QR Code Generator qrcode-wprhe allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through = 1.2.6...

CVE-2025-23831

CVE-2025-23831 describes a DOM-based XSS in the QR Code Generator (René Hermenau) via improper neutralization of input during web page generation. Affected: WordPress QR Code Generator plugin, version range from n/a through 1.2.6. Impact stated in sources as Cross-site Scripting (stored in Wordfe...

WordPress WCS QR Code Generator plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WCS QR Code Generator versions = 1.0...

WordPress QR Code Generator plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin QR Code Generator versions = 1.2.6...

WordPress plugin WCS QR Code Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin QR Code Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-22819

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Roberto Bottalico Qr Code and Barcode Scanner Reader qr-code-and-barcode-scanner-reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through = 1.0.0...

CVE-2025-22819

CVE-2025-22819 concerns the WordPress plugin Qr Code and Barcode Scanner Reader . The connected docs confirm a Stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation, affecting the plugin’s versions up to and including 1.0.0. The impact is ...

PT-2025-4727 · Unknown · 4Wpbari Qr Code/Barcode Scanner Reader

Name of the Vulnerable Software and Affected Versions: 4wpbari Qr Code and Barcode Scanner Reader versions n/a through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS, where an...

FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance

The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things IoT consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission FCC said. "Under thi...

CVE-2023-38477

Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0...

CVE-2023-38477 WordPress QR code MeCard/vCard generator plugin <= 1.6.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0...

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...

CVE-2024-6247

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : ZBar vulnerabilities (USN-7118-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7118-1 advisory. It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were...

USN-7118-1: ZBar vulnerabilities

It was discovered that ZBar did not properly handle certain QR codes. If a user or automated system using ZBar were tricked into opening a specially crafted file, an attacker could possibly use this to obtain sensitive information. CVE-2023-40889 It was discovered that ZBar did not properly handl...

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Cisco Talos' data, roughly 60% of all email containing a QR code is spam. Talos discovered two...

Fedora 41 : webkitgtk (2024-b142cc07d0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b142cc07d0 advisory. Fix login QR code not shown in WhatsApp web. Disable PSON by default again in GTK 3 API versions. Disable DMABuf video sink by default to prevent fi...