Does Create QR Code have any unpatched vulnerabilities?

No. All known vulnerabilities in Create QR Code have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Create QR Code compatible with WordPress 2.9.2?

According to WordPress.org data, Create QR Code 1.4 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is Create QR Code updated?

Create QR Code was last updated on May 28, 2010. Frequent updates are generally a positive security signal.

What is Create QR Code's security score?

Create QR Code has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Create QR Code Security & Risk Analysis

wordpress.org/plugins/create-qr-code-wordpress-plugin

Automatically generates QR codes for your posts and pages.

20 active installs v1.4 PHP + WP 2.0.2+ Updated May 28, 2010

creategeneratemobileqr-codequick-response

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Create QR Code Safe to Use in 2026?

Generally Safe

Score 85/100

Create QR Code has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "create-qr-code-wordpress-plugin" v1.4 exhibits a mixed security posture. On one hand, the plugin boasts a clean vulnerability history with no known CVEs, suggesting a history of responsible development or low discoverability of flaws. The static analysis also indicates good practices regarding SQL queries, with all using prepared statements. Furthermore, there are no external HTTP requests or bundled libraries to worry about.

However, significant concerns arise from the code analysis. The complete lack of capability checks and nonce checks on any potential entry points is a major weakness. While the current attack surface appears zero, any future addition of AJAX, REST API, or shortcodes would be inherently unprotected. The most alarming finding is the taint analysis, which revealed one flow with an unsanitized path. Coupled with the fact that 100% of output is unescaped, this suggests a high probability of a stored XSS or path traversal vulnerability if user-supplied data is ever processed without proper sanitization and escaping.

Despite the absence of historical vulnerabilities, the current code analysis indicates critical weaknesses that, if exploited, could lead to severe security issues. The lack of output escaping and the identified unsanitized path flow are significant red flags that outweigh the plugin's clean history. While the current attack surface is zero, this can easily change, and the foundation for exploiting vulnerabilities is present.

Key Concerns

Unsanitized path flow found
100% of outputs are unescaped
No capability checks on entry points
No nonce checks on entry points

Vulnerabilities

None known

Create QR Code Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Create QR Code Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped6 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<qr_img> (scripts\php\qr_img.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Create QR Code Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menucreateqr.php:60

actionadmin_initcreateqr.php:68

Maintenance & Trust

Create QR Code Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedMay 28, 2010

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Create QR Code Alternatives

Bangladeshi Payment Gateways – Make Payment Using QR Code

bangladeshi-payment-gateways

100

Bangladeshi Payment Gateways for WooCommerce.

5K 1 CVE

WappPress – Convert Site to App Fast – WordPress to Mobile App Builder

wapppress-builds-android-app-for-website

Short Description:Convert your website into Mobile App in just one click – no coding needed. Instantly generate an APK or AAB.

1K 3 CVEs

Document Engine – Download Posts as PDF, PDF Embedder, Posts to PDF

document-engine

Document Engine is WordPress to PDF plugin that convert any post type to PDF format & can embed pdf document with PDF Viewer block

100 1 CVE

Generate Disable Mobile

generate-disable-mobile

Disable mobile functionality in GeneratePress

100 No CVEs

Generate Shortcode

generate-shortcode

100

Create and Generate your Shortcodes easily, create google adsense shortcodes, unlimited shortcodes, no options and easy to use.

100 No CVEs

Developer Profile

Create QR Code Developer Profile

Arjen Tienkamp

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Create QR Code

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/create-qr-code-wordpress-plugin/scripts/php/qr_img.php

HTML / DOM Fingerprints

CSS Classes

qrcodeqr

HTML Comments

Shortcode Output

<div class="qrcode">
<img class="qr" src="

FAQ