[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPEZOAEb3aRFLSat6I462tTv7kbcCJNCk1vZWQblebug":3,"$f91cmHiRPwgJ9Pz_nr4dN77jrdbhfpwCJrmxBFpylKxY":173,"$fQZSgSCiPrdu53Z0cv34hjjPIt-22pHMdBu1hkPxTs5Q":177},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":37,"fingerprints":149},"qr-invoice","QR Module","1.0.10","QR Rechnung","https:\u002F\u002Fprofiles.wordpress.org\u002Fqrmodul\u002F","\u003Cp>From autumn 2022, payment slips will disappear and be replaced by QR bills or QR payment parts. With this plugin you can create QR invoices that comply with Swiss standards.\u003C\u002Fp>\n\u003Cp>This plugin can:\u003Cbr \u002F>\n– Create QR invoices and send them to your customers via WooCommerce.\u003Cbr \u002F>\n– Create QR invoices according to your design specifications.\u003Cbr \u002F>\n– Send QR invoices optionally by post.\u003C\u002Fp>\n\u003Cp>Install the plugin and create an account at https:\u002F\u002Fqrmodul.ch\u002Fen\u002Fstep-by-step\u002F. On QR Modul you can manage your data and create invoices according to your design requirements. When a customer purchases from your Webshop (WooCommerce), a QR invoice is created based on this order and your settings and sent to the customer by email from your website.\u003Cbr \u002F>\nIn addition, you have the option of sending the invoices by post via the QR module. Invoices sent by post are often paid more quickly than by e-mail. Therefore, QR Module offers the flexibility for both options.\u003C\u002Fp>\n\u003Cp>QR Module Video Tutorial:\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FJa07ZEoAbK4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Installing the plugin\u003C\u002Fp>\n\u003Cp>To install the plugin from your WordPress Backend:\u003Cbr \u002F>\n1. Navigate to Plugins > Add New.\u003Cbr \u002F>\n2. Enter QR Module in the search field on the top left side.\u003Cbr \u002F>\n3. Click Install Now.\u003Cbr \u002F>\n4. Click Activate.\u003C\u002Fp>\n\u003Cp>Setting up the plugin\u003C\u002Fp>\n\u003Cp>To setup the plugin:\u003Cbr \u002F>\n1. Navigate to Settings > QR Invoice Plugin.\u003C\u002Fp>\n\u003Cp>Fill out the fields:\u003Cbr \u002F>\n\u003Cstrong>Client ID & Client Secret\u003C\u002Fstrong>\u003Cbr \u002F>\n– Get from QR Modul account to verify\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Client Token Duration\u003C\u002Fstrong>\u003Cbr \u002F>\n– Default value 2592000\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Profile ID\u003C\u002Fstrong>\u003Cbr \u002F>\n– If this field is left blank, then the default profile is used.\u003Cbr \u002F>\n– You can get a Profile ID on the page Master data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Send Invoice\u003C\u002Fstrong>\u003Cbr \u002F>\n– If checked, then invoices will send via Postal Mail. This chargeable option is billed via QR module.\u003Cbr \u002F>\n– By default, invoices are sent via WooCommerce as an email including the QR payment part.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Letter Dispatch Priority\u003C\u002Fstrong>\u003Cbr \u002F>\n– The letter’s priority. The possible values are: ‘standard’ or ‘express’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>My Climate\u003C\u002Fstrong>\u003Cbr \u002F>\n– A flag indicating if your invoice shall be clima compensated via My Climate. This chargeable option is billed via QR module.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Colour\u003C\u002Fstrong>\u003Cbr \u002F>\n– The letter’s colour. The possible values are: ‘Colour’ or ‘Black and White’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Franking Envelopes\u003C\u002Fstrong>\u003Cbr \u002F>\n– The letter’s franking envelopes. The possible values are: ‘A’, ‘B’ or ‘none’. If the generated file is the payment part only then ‘none’ is the valid option.\u003Cbr \u002F>\n– If the generated file is a template invoice then ‘A’, ‘B’ or ‘none’ are valid options.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Address\u003C\u002Fstrong>\u003Cbr \u002F>\n– The address to send the letter. The address cannot contain more than 4 lines, with a max of 35 characters for each line.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Postal Tariff\u003C\u002Fstrong>\u003Cbr \u002F>\n– The collective address’ postal tariff. The possible values are: ‘postpac_priority’ or ‘swiss_express’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Comments for the Printshop\u003C\u002Fstrong>\u003Cbr \u002F>\n– The letter dispatch’s comments for the printshop. The comments cannot contain more than 2 lines, with a max of 45 characters for each line.\u003Cbr \u002F>\nIf the envelope should contain your logo (add-on Service) then you can mention it here.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Type Invoice\u003C\u002Fstrong>\u003Cbr \u002F>\n– If checked, invoices will display only the payment part\u003Cbr \u002F>\n– By default, invoices display the products part and QR payment part. The design of the invoice can be set up in your QR Modul Account.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invoice Template Name\u003C\u002Fstrong>\u003Cbr \u002F>\n– If this field is left blank, then the default template invoice is used.\u003Cbr \u002F>\n– You can get the Invoice Template Name on the page Invoice Template in the Template Name column.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Invoice VAT\u003C\u002Fstrong>\u003Cbr \u002F>\n– A flag to indicate to the system if it should calculate the VAT based on the amount or over the amount.\u003C\u002Fp>\n\u003Cp>Setting up the reference information\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reference Type\u003C\u002Fstrong>\u003Cbr \u002F>\n– The type of reference to generate. The possible values are: ‘QRR’,’SCOR’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reference Custom Id\u003C\u002Fstrong>\u003Cbr \u002F>\n– The id to use to generate reference. i if the reference type is QRR the maximum length of this id is 10, other hand if is SCOR the length is 6.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reference Date\u003C\u002Fstrong>\u003Cbr \u002F>\n– The date to use to generate reference. The format of date is DD\u002FMM\u002FYYYY\u003C\u002Fp>\n\u003Cp>After filling out all fields, click the button Connection & Authorization. After the page is reloaded, click the Save Changes button.\u003C\u002Fp>\n\u003Cp>Uninstalling the plugin\u003C\u002Fp>\n\u003Cp>To uninstall the plugin:\u003Cbr \u002F>\n1. Go to Plugins.\u003Cbr \u002F>\n2. Under All Extensions, you can view all the installed plugins.\u003Cbr \u002F>\n3. Browse for QR Invoice Plugin and click the corresponding Deactivate link.\u003Cbr \u002F>\n4. Click Delete to confirm and uninstall the plugin.\u003C\u002Fp>\n","With this plugin you can create QR payment parts or even complete QR invoices according to the official Swiss specifications.",10,2403,100,1,"2022-10-25T16:13:00.000Z","6.0.11","5.5","7.0",[20,21,4,22],"qr-facture","qr-fattura","qr-rechnung","https:\u002F\u002Fqrmodul.ch","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.10.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"qrmodul",30,84,"2026-05-20T07:42:57.991Z",[],{"attackSurface":38,"codeSignals":102,"taintFlows":136,"riskAssessment":137,"analyzedAt":148},{"hooks":39,"ajaxHandlers":90,"restRoutes":98,"shortcodes":99,"cronEvents":100,"entryPointCount":101,"unprotectedCount":101},[40,46,51,56,60,65,69,74,78,82,86],{"type":41,"name":42,"callback":43,"priority":11,"file":44,"line":45},"filter","woocommerce_email_attachments","wqrmi_attach_order_invoice","include\u002Fapi.php",220,{"type":41,"name":47,"callback":48,"file":49,"line":50},"manage_edit-shop_order_columns","wqrmi_custom_column_name","include\u002Fwoo-functions.php",12,{"type":52,"name":53,"callback":54,"priority":14,"file":49,"line":55},"action","manage_shop_order_posts_custom_column","wqrmi_custom_column_value",28,{"type":52,"name":57,"callback":58,"file":49,"line":59},"admin_menu","wqrmi_woocommerce_submenu",39,{"type":41,"name":61,"callback":62,"file":63,"line":64},"woocommerce_payment_gateways","wqrmi_qr_invoice_add_to_gateways","include\u002Fwoo-payment-gateway.php",16,{"type":52,"name":66,"callback":67,"priority":11,"file":63,"line":68},"woocommerce_email_before_order_table","wqrmi_email_instructions",48,{"type":52,"name":70,"callback":71,"priority":72,"file":63,"line":73},"plugins_loaded","wqrmi_invoice_gateway_init",11,120,{"type":52,"name":70,"callback":75,"file":76,"line":77},"wqrmi_plugin_language","qrmodul-invoice.php",112,{"type":52,"name":57,"callback":79,"file":80,"line":81},"add_wqrmi_settings_page","settings.php",17,{"type":52,"name":83,"callback":84,"file":80,"line":85},"admin_init","wqrmi_settings_page_init",18,{"type":52,"name":87,"callback":88,"file":80,"line":89},"admin_footer","wqrmi_print_scripts",737,[91,95],{"action":92,"nopriv":93,"callback":92,"hasNonce":93,"hasCapCheck":93,"file":76,"line":94},"wqrmi_connect_auth",false,87,{"action":92,"nopriv":96,"callback":92,"hasNonce":93,"hasCapCheck":93,"file":76,"line":97},true,88,[],[],[],2,{"dangerousFunctions":103,"sqlUsage":104,"outputEscaping":106,"fileOperations":101,"externalRequests":134,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":135},[],{"prepared":26,"raw":26,"locations":105},[],{"escaped":107,"rawEcho":50,"locations":108},119,[109,112,114,116,118,120,122,124,126,128,130,132],{"file":63,"line":110,"context":111},89,"raw output",{"file":63,"line":113,"context":111},96,{"file":76,"line":115,"context":111},70,{"file":76,"line":117,"context":111},76,{"file":80,"line":119,"context":111},392,{"file":80,"line":121,"context":111},418,{"file":80,"line":123,"context":111},443,{"file":80,"line":125,"context":111},469,{"file":80,"line":127,"context":111},506,{"file":80,"line":129,"context":111},569,{"file":80,"line":131,"context":111},615,{"file":80,"line":133,"context":111},676,4,[],[],{"summary":138,"deductions":139},"The qr-invoice plugin v1.0.10 exhibits a concerning security posture due to its significant attack surface with unprotected entry points. The static analysis reveals two AJAX handlers that lack any authentication checks, presenting a direct pathway for unauthenticated users to interact with plugin functionalities. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, these strengths are overshadowed by the critical lack of access control on its AJAX endpoints.\n\nThe absence of capability checks and nonce verification on these AJAX handlers is a major red flag. This means any visitor to a WordPress site running this plugin, even an unauthenticated one, could potentially trigger these functions, leading to unpredictable behavior or, in the worst-case scenario, exploitable vulnerabilities if the functions themselves handle user-supplied data insecurely. Although no specific taint flows were identified in the static analysis, the presence of unprotected entry points significantly increases the likelihood of such flows being exploited if they were to exist.\n\nThe plugin's vulnerability history is remarkably clean, with no recorded CVEs. This could indicate a history of secure development or simply a lack of targeted security research against this specific plugin. However, the absence of past vulnerabilities should not be seen as a guarantee of future security, especially given the current findings of unprotected entry points. In conclusion, while the plugin adheres to good practices regarding SQL and output escaping, the critical flaw of unprotected AJAX handlers makes it a high-risk plugin that requires immediate attention and remediation.",[140,142,145],{"reason":141,"points":11},"AJAX handlers without auth checks",{"reason":143,"points":144},"No nonce checks on AJAX handlers",7,{"reason":146,"points":147},"No capability checks",5,"2026-04-16T12:03:03.238Z",{"wat":150,"direct":159},{"assetPaths":151,"generatorPatterns":154,"scriptPaths":155,"versionParams":156},[152,153],"\u002Fwp-content\u002Fplugins\u002Fqr-invoice\u002Fassets\u002Fcss\u002Fwqrmi-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fqr-invoice\u002Fassets\u002Fjs\u002Fwqrmi-script.js",[],[153],[157,158],"qr-invoice\u002Fassets\u002Fcss\u002Fwqrmi-admin-style.css?ver=","qr-invoice\u002Fassets\u002Fjs\u002Fwqrmi-script.js?ver=",{"cssClasses":160,"htmlComments":162,"htmlAttributes":164,"restEndpoints":168,"jsGlobals":170,"shortcodeOutput":172},[161],"wqrmi-settings-page",[163],"\u003C!-- QR Invoice Plugin Settings -->",[165,166,167],"data-client-id","data-client-secret","data-token-duration",[169],"\u002Fwp-json\u002Fqr-invoice\u002Fv1\u002Fauth",[171],"wqrmi_ajax_object",[],{"error":96,"url":174,"statusCode":175,"statusMessage":176,"message":176},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fqr-invoice\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":72,"versions":178},[179,184,191,198,205,212,219,226,233,240,247],{"version":6,"download_url":24,"svn_tag_url":180,"released_at":27,"has_diff":93,"diff_files_changed":181,"diff_lines":27,"trac_diff_url":182,"vulnerabilities":183,"is_current":96},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.9&new_path=%2Fqr-invoice%2Ftags%2F1.0.10",[],{"version":185,"download_url":186,"svn_tag_url":187,"released_at":27,"has_diff":93,"diff_files_changed":188,"diff_lines":27,"trac_diff_url":189,"vulnerabilities":190,"is_current":93},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.8&new_path=%2Fqr-invoice%2Ftags%2F1.0.9",[],{"version":192,"download_url":193,"svn_tag_url":194,"released_at":27,"has_diff":93,"diff_files_changed":195,"diff_lines":27,"trac_diff_url":196,"vulnerabilities":197,"is_current":93},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.7&new_path=%2Fqr-invoice%2Ftags%2F1.0.8",[],{"version":199,"download_url":200,"svn_tag_url":201,"released_at":27,"has_diff":93,"diff_files_changed":202,"diff_lines":27,"trac_diff_url":203,"vulnerabilities":204,"is_current":93},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.6&new_path=%2Fqr-invoice%2Ftags%2F1.0.7",[],{"version":206,"download_url":207,"svn_tag_url":208,"released_at":27,"has_diff":93,"diff_files_changed":209,"diff_lines":27,"trac_diff_url":210,"vulnerabilities":211,"is_current":93},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.5&new_path=%2Fqr-invoice%2Ftags%2F1.0.6",[],{"version":213,"download_url":214,"svn_tag_url":215,"released_at":27,"has_diff":93,"diff_files_changed":216,"diff_lines":27,"trac_diff_url":217,"vulnerabilities":218,"is_current":93},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.4&new_path=%2Fqr-invoice%2Ftags%2F1.0.5",[],{"version":220,"download_url":221,"svn_tag_url":222,"released_at":27,"has_diff":93,"diff_files_changed":223,"diff_lines":27,"trac_diff_url":224,"vulnerabilities":225,"is_current":93},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.3&new_path=%2Fqr-invoice%2Ftags%2F1.0.4",[],{"version":227,"download_url":228,"svn_tag_url":229,"released_at":27,"has_diff":93,"diff_files_changed":230,"diff_lines":27,"trac_diff_url":231,"vulnerabilities":232,"is_current":93},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.2&new_path=%2Fqr-invoice%2Ftags%2F1.0.3",[],{"version":234,"download_url":235,"svn_tag_url":236,"released_at":27,"has_diff":93,"diff_files_changed":237,"diff_lines":27,"trac_diff_url":238,"vulnerabilities":239,"is_current":93},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.1&new_path=%2Fqr-invoice%2Ftags%2F1.0.2",[],{"version":241,"download_url":242,"svn_tag_url":243,"released_at":27,"has_diff":93,"diff_files_changed":244,"diff_lines":27,"trac_diff_url":245,"vulnerabilities":246,"is_current":93},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fqr-invoice%2Ftags%2F1.0.0&new_path=%2Fqr-invoice%2Ftags%2F1.0.1",[],{"version":248,"download_url":249,"svn_tag_url":250,"released_at":27,"has_diff":93,"diff_files_changed":251,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":252,"is_current":93},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqr-invoice.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fqr-invoice\u002Ftags\u002F1.0.0\u002F",[],[]]