WP QR Code Auto Generator Security & Risk Analysis
wordpress.org/plugins/wp-qr-code-auto-generatorAutomatically generate QR Code for pages, posts and custom post types with permalink or shortlink. You can embed QR Code with shortcode.
Is WP QR Code Auto Generator Safe to Use in 2026?
Generally Safe
Score 85/100WP QR Code Auto Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The wp-qr-code-auto-generator plugin v1.1.0 exhibits a mixed security posture. On the positive side, it demonstrates a commitment to secure data handling by using prepared statements for all SQL queries and avoids external HTTP requests. The absence of known vulnerabilities in its history is also a strong indicator of past security diligence.
However, several significant concerns arise from the static analysis. The plugin fails to implement any nonce checks or capability checks, which are crucial for preventing CSRF and unauthorized access to its functionality. A substantial 10% of output escaping is concerning, especially when coupled with three flows with unsanitized paths identified during taint analysis, even though they were not classified as critical or high severity. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities if any of these unsanitized flows lead to output rendering.
While the attack surface is small and currently unprotected entry points are zero, the lack of robust authentication and authorization mechanisms on the existing shortcode is a notable weakness. The presence of a bundled library (TCPDF) also introduces a potential risk if it's an outdated or vulnerable version, though this is not explicitly detailed in the provided data. Overall, the plugin has good foundations in data handling but requires immediate attention regarding input validation and output escaping, as well as implementing proper authentication and authorization.
Key Concerns
- No nonce checks implemented
- No capability checks implemented
- Unsanitized paths in taint analysis (3 flows)
- Low output escaping percentage (10%)
- Bundled library (TCPDF) without version info
WP QR Code Auto Generator Security Vulnerabilities
WP QR Code Auto Generator Code Analysis
Bundled Libraries
Output Escaping
Data Flow Analysis
WP QR Code Auto Generator Attack Surface
Shortcodes 1
WordPress Hooks 2
Maintenance & Trust
WP QR Code Auto Generator Maintenance & Trust
Maintenance Signals
Community Trust
WP QR Code Auto Generator Alternatives
SEO Friendly Images
seo-image
SEO Friendly Images automatically adds alt and title attributes to all your images improving traffic from search engines.
Require Featured Image
require-featured-image
Requires content you specify to have a featured image set before they can be published.
Featured Galleries
featured-galleries
Do you like giving posts a Featured Image? Try out a Featured Gallery. It's like a Featured Images ... except as many images as you want.
Custom Header Extended
custom-header-extended
Allows users to create a custom header on a per-post basis.
Disable Media Permalink by Hardweb.it
disable-media-permalink-by-hardweb-it
Completely disable the Media Permalink generated by WP.
WP QR Code Auto Generator Developer Profile
1 plugin · 80 total installs
How We Detect WP QR Code Auto Generator
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-qr-code-auto-generator/phpqrcode/index.php/wp-content/plugins/wp-qr-code-auto-generator/phpqrcode/qr.php/wp-content/plugins/wp-qr-code-auto-generator/phpqrcode/CHANGES.TXT/wp-content/plugins/wp-qr-code-auto-generator/phpqrcode/README.TXT/wp-content/plugins/wp-qr-code-auto-generator/includes/constants.phpHTML / DOM Fingerprints
nav-tabnav-tab-activename="wpqr_submit"name="wpqr_generate"name="generate_url"name="wpqr_eclevel"name="wpqr_matrix"name="wpqr_frame"+2 more