WordPress Qyrr plugin <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload vulnerability

Authenticated Contributor+ Arbitrary File Upload vulnerability discovered by CVEhunter in WordPress Plugin Qyrr versions = 2.0.7...

EUVD-2021-11471

Malware in sbrugna...

EUVD-2025-31695

Malicious code in bioql PyPI...

CVE-2025-10000

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-10000

The Qyrr – simply and modern QR-Code creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the blobtofile function in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-10000

CVE-2025-10000 affects the WordPress plugin Qyrr – simply and modern QR-Code creation up to version 2.0.7. The vulnerability arises from missing file type validation in the blob_to_file() function, allowing authenticated attackers with Contributor-level access or higher to upload arbitrary files ...

PT-2025-39928

Name of the Vulnerable Software and Affected Versions Qyrr – simply and modern QR-Code creation plugin for WordPress versions through 2.0.7 Description The Qyrr plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the blob to file function...

WordPress plugin Qyrr 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2021-24559

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

CVE-2021-24559

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

Cross site scripting

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

CVE-2021-24559

The CVE concerns the Qyrr WordPress plugin prior to version 0.7. The vulnerability stems from two issues: (1) the plugin does not escape the data-uri of the QR Code when outputting it in a src attribute, enabling Cross-Site Scripting, and (2) the data_uri_to_meta AJAX action lacks robust CSRF pro...

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

CVE-2021-24559 Qyrr < 0.7 - Authenticated (contributor+) Stored XSS

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

PT-2024-10890 · WordPress · Qyrr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Qyrr WordPress plugin versions prior to 0.7 Description: The issue allows for Cross-Site Scripting attacks due to the failure to escape the data-uri of the QR Code when outputting it in a src attribute. Additionally, the data uri to meta AJAX...

WordPress plugin Qyrr security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Qyrr – simply and modern QR-Code creation Plugin < 1.5 is vulnerable to Cross Site Scripting (XSS)

Software Qyrr – simply and modern QR-Code creation Type Plugin Vulnerable versions 1.5 Fixed in 1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Patrick Posner PSID b4effa18b733 Credits Rafie Muhamma...

WordPress Qyrr – simply and modern QR-Code creation plugin <= 0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Qyrr – simply and modern QR-Code creation plugin versions = 0.7. Solution Update the WordPress Qyrr – simply and modern QR-Code creation plugin to the latest available version at least 0.8...

WordPress Qyrr – simply and modern QR-Code creation plugin <= 0.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Qyrr – simply and modern QR-Code creation plugin versions = 0.7. Solution Update the WordPress Qyrr – simply and modern QR-Code creation plugin to the latest available version at least 0.8...