WP-Safety

Stupid Simple QR Security & Risk Analysis

wordpress.org/plugins/stupid-simple-qr

Allow authors to easily print a QR code for each page/post.

10 active installs v1.0.6 PHP + WP 3.0+ Updated Apr 5, 2017
adminauthorqrqr-codequick-response
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Stupid Simple QR Safe to Use in 2026?

Generally Safe

Score 85/100

Stupid Simple QR has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin 'stupid-simple-qr' v1.0.6 exhibits a generally strong security posture based on the provided static analysis. The absence of direct entry points like AJAX handlers, REST API routes, or shortcodes significantly reduces the potential attack surface. Furthermore, the code appears to follow good practices by utilizing prepared statements for all SQL queries and includes a nonce check and capability check, which are crucial for securing actions within WordPress. The lack of file operations or external HTTP requests also minimizes common vectors for exploitation.

However, a notable concern arises from the output escaping. With 40% of outputs properly escaped, there's a 60% chance that user-supplied data, if processed and then displayed without sufficient sanitization, could lead to Cross-Site Scripting (XSS) vulnerabilities. While the taint analysis shows no immediate flows, this gap in output sanitization remains a potential risk, especially if future versions introduce or expose such flows. The plugin's clean vulnerability history is positive, suggesting a history of secure development, but it should not breed complacency given the identified output escaping weakness.

In conclusion, 'stupid-simple-qr' v1.0.6 is largely secure due to its limited attack surface and adherence to some core security practices. The primary weakness lies in the insufficient output escaping, which could be exploited for XSS attacks if specific conditions are met. The plugin's history of no vulnerabilities is a good sign, but the identified output escaping issue warrants attention.

Key Concerns

  • Inconsistent output escaping
Vulnerabilities
None known

Stupid Simple QR Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Stupid Simple QR Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
2 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped5 total outputs
Attack Surface

Stupid Simple QR Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionnetwork_admin_menunetwork-options.php:5
actionadmin_menuoptions.php:15
actionadmin_initoptions.php:16
actionadmin_enqueue_scriptsstupid-simple-qr.php:42
filterget_shortlinkstupid-simple-qr.php:62
Maintenance & Trust

Stupid Simple QR Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedApr 5, 2017
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

Stupid Simple QR Alternatives

WP QR Code Auto Generator

WP QR Code Auto Generator

wp-qr-code-auto-generator

A
85

Automatically generate QR Code for pages, posts and custom post types with permalink or shortlink. You can embed QR Code with shortcode.

80 No CVEs
Create QR Code

Create QR Code

create-qr-code-wordpress-plugin

A
85

Automatically generates QR codes for your posts and pages.

20 No CVEs
Social QR Code Scan Me Anywhere

Social QR Code Scan Me Anywhere

qr-code-scan-me-anywhere

A
85

Automatic generate Quick Response Code (QR) for your blog and allowed user quickly scan the QR code and find out more information about your website.

10 No CVEs
Kaya QR Code Generator

Kaya QR Code Generator

kaya-qr-code-generator

A
99

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs
UPI QR Code Payment Gateway for WooCommerce

UPI QR Code Payment Gateway for WooCommerce

upi-qr-code-payment-for-woocommerce

A
99

This Plugin enables WooCommerce shop owners to get direct and instant payments through UPI apps like BHIM, GooglePay, PhonePe or any banking UPI app.

20K 1 CVE
Developer Profile

Stupid Simple QR Developer Profile

Nagmay

5 plugins · 250 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Stupid Simple QR

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stupid-simple-qr/scripts.js
Script Paths
stupid-simple-qr/scripts.js

HTML / DOM Fingerprints

HTML Comments
<!-- Plugin Name: Stupid Simple QR Plugin URI: http://wordpress.org/extend/plugins/stupid-simple-qr/ Description: Adds a 'QR' button next to 'Get Shortlink' on published pages and posts. Version: 1.0.6 Author: Gabriel Nagmay Author URI: http://gabriel@nagmay.com License: LGPLv2 or later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Copyright 2014 Gabriel Nagmay (email: gabriel@nagmay.com) -->
JS Globals
ssqrAppend
FAQ

Frequently Asked Questions about Stupid Simple QR