CVE-2026-2144 Magic Login Mail or QR Code <= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage

The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename QRCode.png in the publicly accessible WordPress uploads...

CVE-2025-14626

The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.9.42 due to insufficient input sanitization and output escaping on user supplied attributes...

PT-2026-1638

Name of the Vulnerable Software and Affected Versions QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress versions through 1.9.42 Description The plugin is susceptible to Stored Cross-Site Scripting through its shortcode due to inadequate input sanitization and...

WordPress Vasaio QR Code plugin <= 1.2.5 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by johska in WordPress Plugin Vasaio QR Code versions = 1.2.5...

WordPress plugin QR Code for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress QR Code for WooCommerce Plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin QR Code for WooCommerce versions = 1.2.0...