CVE-2025-12673

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

EUVD-2025-201530

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

CVE-2025-12673 Flex QR Code Generator <= 1.2.7 - Unauthenticated Arbitrary File Upload

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the updateqrcode function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site...

CVE-2025-12673

CVE-2025-12673 affects the WordPress plugin Flex QR Code Generator (versions up to ≤ 1.2.6; notes also reference ≤ 1.2.7). The root cause is missing file type validation in update_qr_code(), enabling unauthenticated users to upload arbitrary files via the logo upload path. Attacks can store uploa...

PT-2025-49333

Name of the Vulnerable Software and Affected Versions Flex QR Code Generator plugin for WordPress versions up to and including 1.2.6 Description The Flex QR Code Generator plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation. This occurs in the...