WordPress Qyrr plugin <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by CVEhunter in WordPress Plugin Qyrr versions = 2.0.7...

EUVD-2025-31695

Malicious code in bioql PyPI...

CVE-2025-10000

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-10000

CVE-2025-10000 affects the WordPress plugin Qyrr – simply and modern QR-Code creation up to version 2.0.7. The vulnerability arises from missing file type validation in the blob_to_file() function, allowing authenticated attackers with Contributor-level access or higher to upload arbitrary files ...

WordPress plugin Qyrr 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2021-24559

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

PT-2024-10890 · WordPress · Qyrr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Qyrr WordPress plugin versions prior to 0.7 Description: The issue allows for Cross-Site Scripting attacks due to the failure to escape the data-uri of the QR Code when outputting it in a src attribute. Additionally, the data uri to meta AJAX...

WordPress plugin Qyrr security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...