WP-Safety

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Security & Risk Analysis

wordpress.org/plugins/qrcdr

Frontend QR code generator for visitors. Create custom static & dynamic codes with logos and SVG/PDF downloads. Gutenberg block & Shortcode included.

10 active installs v1.0.8 PHP 7.4+ WP 5.8+ Updated Mar 10, 2026
dynamic-qr-codelogoqr-codeqr-code-generatorqrcode
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is QRcdr – Custom & Dynamic QR Code Generator (Frontend) Safe to Use in 2026?

Generally Safe

Score 100/100

QRcdr – Custom & Dynamic QR Code Generator (Frontend) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The qrcdr plugin v1.0.8 exhibits a generally good security posture, with a high percentage of properly escaped outputs and no reported critical or high-severity vulnerabilities in its history. The plugin also demonstrates sound practices by using prepared statements for all SQL queries and avoiding dangerous functions and file operations. However, the presence of two AJAX handlers without authentication checks represents a notable weakness, creating a potential attack vector.

The taint analysis, while limited to only two flows, indicated that both involved unsanitized paths. Although these were not classified as critical or high severity, the fact that these paths were not sanitized at all is a concern. The plugin's vulnerability history is clean, which is a positive indicator of its development practices and the absence of known exploitable flaws. Nevertheless, the unprotected AJAX endpoints are a concrete security concern that should be addressed.

In conclusion, qrcdr v1.0.8 is a relatively secure plugin due to its adherence to several best practices like prepared statements and output escaping. The absence of historical vulnerabilities is commendable. However, the two unprotected AJAX endpoints are a significant security oversight that requires immediate attention to mitigate potential risks.

Key Concerns

  • AJAX handlers without auth checks
  • Taint flows with unsanitized paths
Vulnerabilities
None known

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
3
473 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

99% escaped476 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_png (includes\class-qrcdr-plugin.php:652)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Attack Surface

Entry Points9
Unprotected2

AJAX Handlers 8

authwp_ajax_qrcdr_processincludes\class-qrcdr-plugin.php:122
noprivwp_ajax_qrcdr_processincludes\class-qrcdr-plugin.php:123
authwp_ajax_qrcdr_svgincludes\class-qrcdr-plugin.php:125
noprivwp_ajax_qrcdr_svgincludes\class-qrcdr-plugin.php:126
authwp_ajax_qrcdr_pngincludes\class-qrcdr-plugin.php:128
noprivwp_ajax_qrcdr_pngincludes\class-qrcdr-plugin.php:129
authwp_ajax_qrcdr_download_pdfincludes\class-qrcdr-plugin.php:139
noprivwp_ajax_qrcdr_download_pdfincludes\class-qrcdr-plugin.php:140

Shortcodes 1

[qrcdr] includes\class-qrcdr-plugin.php:131
WordPress Hooks 22
actioninitincludes\class-qrcdr-plugin.php:114
actioninitincludes\class-qrcdr-plugin.php:115
actioninitincludes\class-qrcdr-plugin.php:116
actioninitincludes\class-qrcdr-plugin.php:117
actionenqueue_block_editor_assetsincludes\class-qrcdr-plugin.php:118
actionwp_print_stylesincludes\class-qrcdr-plugin.php:119
actionpre_get_postsincludes\class-qrcdr-plugin.php:133
actionrestrict_manage_postsincludes\class-qrcdr-plugin.php:134
actioninitincludes\class-qrcdr-plugin.php:137
filterquery_varsincludes\class-qrcdr-plugin.php:138
actionqrcdr_cron_hookincludes\class-qrcdr-plugin.php:142
actiontemplate_redirectincludes\class-qrcdr-plugin.php:150
filterupload_dirincludes\class-qrcdr-plugin.php:545
filterupload_dirincludes\class-qrcdr-plugin.php:971
filterupload_mimesincludes\class-qrcdr-plugin.php:992
filterupload_dirincludes\class-qrcdr-plugin.php:1671
actionadmin_enqueue_scriptsincludes\class-qrcdrsettings.php:92
actionadmin_menuincludes\class-qrcdrsettings.php:93
actionadmin_initincludes\class-qrcdrsettings.php:94
actionadmin_initincludes\class-qrcdrsettings.php:99
actionadmin_noticesincludes\class-qrcdrsettings.php:100
actionplugins_loadedqrcdr.php:35

Scheduled Events 1

qrcdr_cron_hook
Maintenance & Trust

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads416

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Alternatives

Dynamic QR Code – generator

Dynamic QR Code – generator

dynamic-qr-code

A
92

Allows you to generate DYNAMIC QR CODES: you can modify what happens when scanning your QR code without actually modifying (and reprinting) it.

6K No CVEs
QR Code Composer – QR Code Generator

QR Code Composer – QR Code Generator

qr-code-composer

A
99

Generate QR codes for URLs, text, WiFi, email & more in seconds. No setup needed.

3K 1 CVE
Master QR Code Generator – Static QR Code Generator

Master QR Code Generator – Static QR Code Generator

master-qr-generator

A
100

Generates QR codes for every page, post, product, and custom post for the WordPress website.

400 No CVEs
Easy QR Code Generator

Easy QR Code Generator

easy-qr-code-generator

A
92

Generate custom and automatic site page URL QR codes.

100 No CVEs
QR Code Generator & Scanner – Dynamic QR Codes for WordPress

QR Code Generator & Scanner – Dynamic QR Codes for WordPress

zolo-qr-code

A
100

The QR Code block helps you create custom QR codes directly on your WordPress website and quickly access links, promotions, or contact info.

70 No CVEs
Developer Profile

QRcdr – Custom & Dynamic QR Code Generator (Frontend) Developer Profile

Nicola Franchini

3 plugins · 510 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect QRcdr – Custom & Dynamic QR Code Generator (Frontend)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/qrcdr/assets/css/qrcdr.min.css/wp-content/plugins/qrcdr/assets/css/qrcdr.css/wp-content/plugins/qrcdr/assets/js/qrcdr-plugin.dev.js/wp-content/plugins/qrcdr/assets/js/qrcdr-plugin.min.js/wp-content/plugins/qrcdr/assets/js/ol-qrcdr.dev.js/wp-content/plugins/qrcdr/assets/js/ol-qrcdr.min.js
Script Paths
/wp-content/plugins/qrcdr/assets/js/qrcdr-plugin.dev.js/wp-content/plugins/qrcdr/assets/js/qrcdr-plugin.min.js/wp-content/plugins/qrcdr/assets/js/ol-qrcdr.dev.js/wp-content/plugins/qrcdr/assets/js/ol-qrcdr.min.js
Version Parameters
qrcdr-plugin.dev.js?ver=qrcdr-plugin.min.js?ver=ol-qrcdr.dev.js?ver=ol-qrcdr.min.js?ver=qrcdr.css?ver=qrcdr.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
qrcdr-containerqrcdr-generatorqrcdr-generator-boxqrcdr-input-wrapperqrcdr-inputqrcdr-download-buttonqrcdr-shortcode-wrapper
HTML Comments
<!-- QrCdr - Shortcode -->
Data Attributes
data-qrcdr-actiondata-qrcdr-iddata-qrcdr-container
JS Globals
qrcdr_ajax_objectQRcdr_FnQRcdr_Generator
REST Endpoints
/wp-json/qrcdr/v1/options/wp-json/qrcdr/v1/qr_generate/wp-json/qrcdr/v1/qr_download
Shortcode Output
<div class="qrcdr-shortcode-wrapper">
FAQ

Frequently Asked Questions about QRcdr – Custom & Dynamic QR Code Generator (Frontend)