Does QR Code Composer – QR Code Generator have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is QR Code Composer – QR Code Generator compatible with WordPress 6.9.4?

According to WordPress.org data, QR Code Composer – QR Code Generator 3.0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is QR Code Composer – QR Code Generator compatible with PHP 5.2+?

QR Code Composer – QR Code Generator requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is QR Code Composer – QR Code Generator updated?

QR Code Composer – QR Code Generator was last updated on Jan 12, 2026. Frequent updates are generally a positive security signal.

What is QR Code Composer – QR Code Generator's security score?

QR Code Composer – QR Code Generator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

QR Code Composer – QR Code Generator Security & Risk Analysis

wordpress.org/plugins/qr-code-composer

Generate QR codes for URLs, text, WiFi, email & more in seconds. No setup needed.

3K active installs v3.0.4 PHP 5.2+ WP 4.6+ Updated Jan 12, 2026

qr-codeqr-code-generatorqrcodeshortcodewoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEApr 16, 2024

Download

Safety Verdict

Is QR Code Composer – QR Code Generator Safe to Use in 2026?

Generally Safe

Score 100/100

QR Code Composer – QR Code Generator has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 16, 2024Updated 4mo ago

Risk Assessment

The plugin "qr-code-composer" v3.0.4 demonstrates a generally strong security posture with several positive indicators. The absence of critical or high-severity taint flows and the complete absence of dangerous functions are excellent signs. Furthermore, all SQL queries utilize prepared statements, and a high percentage of output is properly escaped, significantly reducing the risk of common web vulnerabilities. The presence of nonce checks further strengthens its defenses against certain types of attacks.

However, there are areas for improvement. The plugin relies entirely on capability checks for its entry points, with no specific permission callbacks for REST API routes or AJAX handlers noted in the static analysis. While capability checks are present, the lack of explicit permission checks on potential entry points like AJAX and REST API routes could be a concern if not implemented thoroughly within the shortcode processing. The vulnerability history, while currently showing no unpatched issues, does indicate a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting that output escaping, despite its high percentage, might still have edge cases that require diligent review.

In conclusion, "qr-code-composer" v3.0.4 has a good foundation for security, particularly in its handling of database interactions and general output sanitization. The absence of critical static analysis issues is reassuring. However, a closer examination of the implementation of shortcodes and the thoroughness of capability checks on all entry points is recommended, especially considering the past XSS vulnerability. Continued vigilance in maintaining high output escaping standards and addressing any newly discovered vulnerabilities promptly will be crucial.

Key Concerns

No specific permission callbacks for REST API/AJAX
Medium severity XSS vulnerability in history
Potential for unescaped output in 8% of cases

Vulnerabilities

1 published

QR Code Composer – QR Code Generator Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-32560medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

QR Code Composer – Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 2.0.4 (23d)

Version History

QR Code Composer – QR Code Generator Release Timeline

v3.0.4Current

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.0.17

v2.0.16

v2.0.15

v2.0.14

v2.0.13

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.31 CVE

CVE-2024-32560

Code Analysis

Analyzed Mar 16, 2026

QR Code Composer – QR Code Generator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

359 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

92% escaped391 total outputs

Attack Surface

QR Code Composer – QR Code Generator Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[qrc_code_composer] admin\shortcode\class_qrc_customlinks.php:31

[qr_link_composer] admin\shortcode\class_qrc_customlinks.php:33

[qrc_phonenumber] admin\shortcode\class_qrc_customlinks.php:35

[qr_whatsapp_composer] admin\shortcode\class_qrc_customlinks.php:36

[qrc_vcard_single] admin\shortcode\class_qrc_customlinks.php:38

WordPress Hooks 33

actionadmin_menuadmin\class-qrc-admin-main.php:9

actionadmin_initadmin\class-qrc-plugin-redirect.php:8

actionadmin_enqueue_scriptsadmin\class-qrc-plugin-redirect.php:17

actionlogin_enqueue_scriptsadmin\class-qrc-plugin-redirect.php:19

actionadmin_initadmin\class-qrc_composer_settings.php:18

actionadmin_initadmin\class_qrc_admin_integration.php:19

actionadmin_initadmin\class_qrc_code_autogenertae.php:16

actionadmin_initadmin\class_qrc_code_logo_generator.php:19

actionadmin_initadmin\class_qrc_code_vcard.php:19

actionshow_user_profileadmin\class_qrc_shortcode.php:16

actionedit_user_profileadmin\class_qrc_shortcode.php:17

actionwoocommerce_account_dashboardadmin\class_qrc_shortcode.php:18

actionadmin_initadmin\class_qr_code_list_view.php:18

actionadmin_initadmin\class_qr_code_print.php:18

actionelementor/widgets/registerincludes\class-qrc-composer-elemnetor.php:34

actionelementor/frontend/after_enqueue_stylesincludes\class-qrc-composer-elemnetor.php:39

actionelementor/editor/before_enqueue_scriptsincludes\class-qrc-composer-elemnetor.php:44

actionelementor/elements/categories_registeredincludes\class-qrc-composer-elemnetor.php:46

actionadmin_enqueue_scriptsincludes\class-qrc_composer.php:127

actionadmin_enqueue_scriptsincludes\class-qrc_composer.php:128

filteradmin_footer_textincludes\class-qrc_composer.php:132

actionwp_enqueue_scriptsincludes\class-qrc_composer.php:149

actionwp_enqueue_scriptsincludes\class-qrc_composer.php:150

filterthe_contentincludes\class-qrc_composer.php:151

filterwoocommerce_product_tabsincludes\class-qrc_composer.php:155

actionwoocommerce_product_meta_endincludes\class-qrc_composer.php:159

actionwoocommerce_after_add_to_cart_formincludes\class-qrc_composer.php:162

actionwoocommerce_before_add_to_cart_formincludes\class-qrc_composer.php:165

actionadd_meta_boxesincludes\metadata\class-qrc-filed-data.php:360

actionadmin_initincludes\metadata\class_qrc_defaultmeta.php:15

actionsave_postincludes\metadata\class_qrc_defaultmeta.php:16

filterscript_loader_tagpublic\class-qrc_composer-public.php:106

actionupdate_option_active_pluginsqrc_composer.php:29

Maintenance & Trust

QR Code Composer – QR Code Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 12, 2026

PHP min version5.2

Downloads73K

Community Trust

Rating84/100

Number of ratings9

Active installs3K

Alternatives

QR Code Composer – QR Code Generator Alternatives

Master QR Code Generator – Fast & Easy QR Code Creator

master-qr-generator

100

Generates QR codes for every page, post, product, and custom post for the WordPress website.

400 No CVEs

Kaya QR Code Generator

kaya-qr-code-generator

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs

Flex QR Code Generator

flex-qr-code-generator

Generate customized or automated Nice QR codes for pages, posts or products and show the qrcode with shortcode, widget or block.

100 1 unpatched

QR Link Generator for WP

qr-link-generator-for-wp

Generates QR codes from a frontend form via shortcode and adds QR codes to WooCommerce products.

60 No CVEs

API QRCode Generator

api-qrcode-generator

Use QRCode Generator to create a image QRCode on any site of your blog.

10 No CVEs

Developer Profile

QR Code Composer – QR Code Generator Developer Profile

Sharabindu

7 plugins · 4K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

176 days

View full developer profile

Detection Fingerprints

How We Detect QR Code Composer – QR Code Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qr-code-composer/admin/css/qrc_composer-admin.css/wp-content/plugins/qr-code-composer/admin/css/jquery.datetimepicker.css/wp-content/plugins/qr-code-composer/admin/js/qr-code-styling.js/wp-content/plugins/qr-code-composer/admin/js/admin-scripts.js/wp-content/plugins/qr-code-composer/admin/js/jquery-datepicker.js

Script Paths

/wp-content/plugins/qr-code-composer/admin/js/qr-code-styling.js/wp-content/plugins/qr-code-composer/admin/js/admin-scripts.js/wp-content/plugins/qr-code-composer/admin/js/jquery-datepicker.js

Version Parameters

qr-code-composer/admin/css/qrc_composer-admin.css?ver=qr-code-composer/admin/css/jquery.datetimepicker.css?ver=qr-code-composer/admin/js/qr-code-styling.js?ver=qr-code-composer/admin/js/admin-scripts.js?ver=qr-code-composer/admin/js/jquery-datepicker.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-qrc_id

JS Globals

QRC_COMPOSER_PLUGIN_IDQRC_COMPOSER_VERSION

FAQ