Show QR URL Security & Risk Analysis

wordpress.org/plugins/show-qr-url

Sidebar-Widget zum generieren von QR-Codes die auf die aktuelle Seite verweisen.

10 active installs v1.4.1 PHP + WP 3.3+ Updated Aug 16, 2013
mobilepiwikqr-codesidebarwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Show QR URL Safe to Use in 2026?

Generally Safe

Score 85/100

Show QR URL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "show-qr-url" v1.4.1 plugin presents a concerning security posture primarily due to a complete lack of output escaping. While the static analysis reveals a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and no dangerous functions or file operations, the absence of proper output escaping on all 11 identified output points is a significant weakness. This means that any data outputted by the plugin could potentially be rendered directly in the browser without proper sanitization, opening the door for Cross-Site Scripting (XSS) vulnerabilities. The plugin also shows no evidence of nonce or capability checks, which, combined with the lack of exposed entry points, might indicate a very limited functionality or an incomplete analysis. The plugin's vulnerability history is clean, with no known CVEs, which is a positive sign. However, this lack of history, coupled with the critical output escaping deficiency, suggests a need for caution. The plugin's strengths lie in its apparent lack of complex attack vectors and its use of prepared statements for any (unspecified) SQL queries. Its primary weakness is the universal failure to escape output, which carries a substantial risk.

Key Concerns

  • 0% output escaping
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Show QR URL Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Show QR URL Release Timeline

v1.4.1Current
v1.4
v1.2.1
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 17, 2026

Show QR URL Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped11 total outputs
Attack Surface

Show QR URL Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_enqueue_scriptsshowQRURL.php:27
actionplugins_loadedshowQRURL.php:206
actionadmin_menushowQRURL.php:207
Maintenance & Trust

Show QR URL Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1
Last updatedAug 16, 2013
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Show QR URL Developer Profile

sebat

3 plugins · 30 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Show QR URL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/show-qr-url/js/admin.js/wp-content/plugins/show-qr-url/css/admin.css
Script Paths
/wp-content/plugins/show-qr-url/js/admin.js
Version Parameters
show-qr-url/js/admin.js?ver=show-qr-url/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
showQRURLtextshowQRURLsupport
HTML Comments
<!-- QR Widtget von Sebastian Thiele - http://sebastian.thiele.me -->
Data Attributes
showQRURLtitleshowQRURLsizeshowQRURLtextshowQRURLhomeshowQRURLsingleshowQRURLpage+5 more
Shortcode Output
<img src="http://chart.apis.google.com/chart?chs=x&cht=qr&chl=&choe=UTF-8
FAQ

Frequently Asked Questions about Show QR URL