WP-Safety

Qyrr – simply and modern QR-Code creation Security & Risk Analysis

wordpress.org/plugins/qyrr-code

Create, manage and track fully customizable QR Codes without any Third-Party-APIs.

3K active installs v2.0.9 PHP + WP 6.5+ Updated Feb 11, 2026
qrqr-codeqr-code-generatorqr-code-tracking
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 29, 2025
Plugin page Download
Safety Verdict

Is Qyrr – simply and modern QR-Code creation Safe to Use in 2026?

Generally Safe

Score 98/100

Qyrr – simply and modern QR-Code creation has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 29, 2025Updated 1mo ago
Risk Assessment

The 'qyrr-code' v2.0.9 plugin exhibits a mixed security posture. The static analysis reveals a strong adherence to modern WordPress security practices, with a complete absence of unprotected entry points, no dangerous functions identified, and all SQL queries utilizing prepared statements. The vast majority of output is properly escaped, and capability checks are present on all identified REST API routes, indicating a conscious effort to secure these interfaces. However, the static analysis does note the presence of file operations and a bundled library (Freemius v1.0) which, without further inspection, represent potential areas of concern. The plugin's vulnerability history is a significant red flag. Despite the current version having no unpatched CVEs, the existence of two past medium-severity vulnerabilities, specifically Unrestricted Upload of File with Dangerous Type and Cross-site Scripting, points to recurring security weaknesses that have been addressed in the past. This history suggests a pattern where vulnerabilities have been discovered and patched, but it also highlights that such issues have been present before. While the current version appears to have addressed past issues, the historical context warrants caution and ongoing vigilance.

In conclusion, the 'qyrr-code' v2.0.9 plugin demonstrates good foundational security practices in its current code with robust input validation and escaping. Nevertheless, the historical precedent of medium-severity vulnerabilities, particularly in file handling and output sanitization, cannot be ignored. The bundled Freemius library also warrants a security review to ensure it is up-to-date and not a vector for new vulnerabilities. Overall, the plugin is in a better state than its past, but its history necessitates careful monitoring and a slightly reduced confidence in its long-term security without further active auditing.

Key Concerns

  • Bundled outdated library: Freemius v1.0
  • Vulnerability history: 2 medium CVEs
Vulnerabilities
2

Qyrr – simply and modern QR-Code creation Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-10000medium · 6.4Unrestricted Upload of File with Dangerous Type

Qyrr – simply and modern QR-Code creation <= 2.0.7 - Authenticated (Contributor+) Arbitrary File Upload

Sep 29, 2025 Patched in 2.0.8 (130d)
CVE-2021-24559medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Qyrr – simply and modern QR-Code creation <= 0.7 - Cross-Site Scripting

Jul 26, 2021 Patched in 0.8 (911d)
Code Analysis
Analyzed Mar 16, 2026

Qyrr – simply and modern QR-Code creation Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
16 escaped
Nonce Checks
0
Capability Checks
8
File Operations
2
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

94% escaped17 total outputs
Attack Surface

Qyrr – simply and modern QR-Code creation Attack Surface

Entry Points9
Unprotected0

REST API Routes 8

GET/wp-json/qyrr/v1/settingsinc\admin\inc\class-qyrr-settings.php:83
GET/wp-json/qyrr/v1/system-statusinc\admin\inc\class-qyrr-settings.php:90
POST/wp-json/qyrr/v1/settingsinc\admin\inc\class-qyrr-settings.php:97
POST/wp-json/qyrr/v1/metainc\class-qyrr-meta.php:209
GET/wp-json/qyrr/v1/metainc\class-qyrr-meta.php:216
POST/wp-json/qyrr/v1/blob-to-file/inc\class-qyrr-rest.php:39
GET/wp-json/qyrr/v1/qr-codes/urlinc\class-qyrr-rest.php:46
POST/wp-json/qyrr/v1/file-nameinc\class-qyrr-rest.php:53

Shortcodes 1

[qyrr] inc\class-qyrr-shortcode.php:23
WordPress Hooks 28
actionadmin_menuinc\admin\inc\class-qyrr-settings.php:31
actionrest_api_initinc\admin\inc\class-qyrr-settings.php:32
actioninitinc\class-qyrr-admin.php:34
actioninitinc\class-qyrr-admin.php:35
filtermanage_qr_posts_columnsinc\class-qyrr-admin.php:36
actionmanage_qr_posts_custom_columninc\class-qyrr-admin.php:37
actioninitinc\class-qyrr-admin.php:43
filterallowed_block_types_allinc\class-qyrr-admin.php:44
actionadmin_headinc\class-qyrr-admin.php:50
actionbefore_delete_postinc\class-qyrr-admin.php:51
filteruse_block_editor_for_post_typeinc\class-qyrr-block-editor.php:37
actioninitinc\class-qyrr-block-editor.php:38
actioninitinc\class-qyrr-meta.php:32
actionrest_api_initinc\class-qyrr-meta.php:33
actionrest_api_initinc\class-qyrr-rest.php:32
filterconnect_urlinc\freemius-setup.php:46
filterafter_skip_urlinc\freemius-setup.php:47
filterafter_connect_urlinc\freemius-setup.php:48
filterafter_pending_connect_urlinc\freemius-setup.php:49
filteris_submenu_visibleinc\freemius-setup.php:58
filterplugin_iconinc\freemius-setup.php:69
actionafter_uninstallinc\freemius-setup.php:104
actionplugins_loadedqyrr-code.php:25
actionplugins_loadedqyrr-code.php:28
actioninitqyrr-code.php:50
actionwp_enqueue_scriptsqyrr-code.php:57
actionenqueue_block_editor_assetsqyrr-code.php:69
actionupgrader_process_completeqyrr-code.php:137
Maintenance & Trust

Qyrr – simply and modern QR-Code creation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version
Downloads52K

Community Trust

Rating78/100
Number of ratings19
Active installs3K
Alternatives

Qyrr – simply and modern QR-Code creation Alternatives

Dynamic QR Code – generator

Dynamic QR Code – generator

dynamic-qr-code

A
92

Allows you to generate DYNAMIC QR CODES: you can modify what happens when scanning your QR code without actually modifying (and reprinting) it.

6K No CVEs
QR Code Composer – QR Code Generator

QR Code Composer – QR Code Generator

qr-code-composer

A
99

Generate QR codes for URLs, text, WiFi, email & more in seconds. No setup needed.

3K 1 CVE
QR Code Creator

QR Code Creator

qr-code-creator

A
92

A WordPress plugin which will help you to create QR Codes.

900 No CVEs
Master QR Code Generator – Static QR Code Generator

Master QR Code Generator – Static QR Code Generator

master-qr-generator

A
100

Generates QR codes for every page, post, product, and custom post for the WordPress website.

400 No CVEs
WP QR Code Generator

WP QR Code Generator

wp-qr-code-generator

A
85

An easy way to add your QR Code widget in your sidebars and add in your page .

200 No CVEs
Developer Profile

Qyrr – simply and modern QR-Code creation Developer Profile

WP Chill

29 plugins · 440K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
608 days
View full developer profile
Detection Fingerprints

How We Detect Qyrr – simply and modern QR-Code creation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/qyrr-code/assets/rerender.js/wp-content/plugins/qyrr-code/build/qr/index.js/wp-content/plugins/qyrr-code/build/qr/index.css/wp-content/plugins/qyrr-code/build/qr-selector/index.js/wp-content/plugins/qyrr-code/build/qr-selector/index.css
Script Paths
/wp-content/plugins/qyrr-code/assets/rerender.js/wp-content/plugins/qyrr-code/build/qr/index.js/wp-content/plugins/qyrr-code/build/qr-selector/index.js
Version Parameters
qyrr-code/assets/rerender.js?ver=qyrr-code/build/qr/index.js?ver=qyrr-code/build/qr-selector/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
qyrr-code-block
Data Attributes
data-qyrr-optionsdata-qyrr-type
JS Globals
qyrr_options
REST Endpoints
/wp-json/qyrr/v1/qr
Shortcode Output
[qyrr_qr]
FAQ

Frequently Asked Questions about Qyrr – simply and modern QR-Code creation