WP-Safety

API QRCode Generator Security & Risk Analysis

wordpress.org/plugins/api-qrcode-generator

Use QRCode Generator to create a image QRCode on any site of your blog.

10 active installs v1.0.1 PHP + WP 3.0.9+ Updated Feb 26, 2015
qr-codeqr-code-generatorqr-code-shortcodeqrcodeqrcode-generator
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is API QRCode Generator Safe to Use in 2026?

Generally Safe

Score 85/100

API QRCode Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "api-qrcode-generator" plugin v1.0.1 exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one entry point (a shortcode) and no detected AJAX handlers, REST API routes, or cron events that could be exploited. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and has no known vulnerabilities in its history. This suggests a potentially well-maintained and relatively secure plugin.

However, significant concerns arise from the lack of output escaping and the absence of nonce and capability checks. The static analysis reveals that 100% of its outputs are not properly escaped. This is a critical oversight that could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data or dynamic content is displayed without proper sanitization. The complete absence of nonce checks and capability checks for its single entry point (the shortcode) is also worrying. While the shortcode itself might not directly accept user input in a way that's obvious from this analysis, the lack of these fundamental security measures means that it's not protected against unauthorized execution or manipulation, leaving it open to potential privilege escalation or denial-of-service attacks if the shortcode's functionality can be triggered by an unauthenticated or unauthorized user.

In conclusion, while the plugin benefits from a small attack surface, secure SQL practices, and no vulnerability history, the critical issues of unescaped output and missing authorization checks for its shortcode present a significant risk. The absence of these essential security controls overshadows its strengths, making it a plugin that requires immediate attention to address these vulnerabilities.

Key Concerns

  • Unescaped output detected
  • Missing capability checks on entry points
  • Missing nonce checks on entry points
Vulnerabilities
None known

API QRCode Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

API QRCode Generator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

API QRCode Generator Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[qrcode] wp-qrcode.php:51
WordPress Hooks 4
filterplugin_action_linkswp-api-qrcode.php:60
actionadmin_menuwp-api-qrcode.php:64
filterplugin_row_metawp-api-qrcode.php:65
filterthe_contentwp-qrcode.php:52
Maintenance & Trust

API QRCode Generator Maintenance & Trust

Maintenance Signals

WordPress version tested2.0.0
Last updatedFeb 26, 2015
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

API QRCode Generator Alternatives

QR Code Generator

QR Code Generator

bms-qr-code

A
100

QR Code Wordpress plugin to insert a QR code in your blog. The qr code contains the current URL or any other text you like.

10 No CVEs
QR Code Composer – QR Code Generator

QR Code Composer – QR Code Generator

qr-code-composer

A
99

Generate QR codes for URLs, text, WiFi, email & more in seconds. No setup needed.

3K 1 CVE
Master QR Code Generator – Static QR Code Generator

Master QR Code Generator – Static QR Code Generator

master-qr-generator

A
100

Generates QR codes for every page, post, product, and custom post for the WordPress website.

400 No CVEs
Easy QR Code Generator

Easy QR Code Generator

easy-qr-code-generator

A
92

Generate custom and automatic site page URL QR codes.

100 No CVEs
Flex QR Code Generator

Flex QR Code Generator

flex-qr-code-generator

C
58

Generate customized or automated Nice QR codes for pages, posts or products and show the qrcode with shortcode, widget or block.

90 1 unpatched
Developer Profile

API QRCode Generator Developer Profile

jweblog

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect API QRCode Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
apiqr-settings
HTML Comments
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.The shortcode [qrcode] within your site to generate a qr code including the URL of the current site. This plugin is offered freely by QRCode Generator API Online [qrcode.jar.io].+6 more
Data Attributes
float:rightfloat:right;
Shortcode Output
<img style="float:right" src="https://chart.googleapis.com/chart?chs=alt="QR Code"width="150px"height="150px"
FAQ

Frequently Asked Questions about API QRCode Generator