cleantalk
Vulnerabilities and Security Researches

Kaya QR Code Generator, 1e00947396c1019d0f5e935ec5c63a4dcbba7bac

CVE, Research URL

1e00947396c1019d0f5e935ec5c63a4dcbba7bac

Home page URL

Security reports for Kaya QR Code Generator

Application

Kaya QR Code Generator

Published on
Apr 13, 2023
Research Description
Kaya QR Code Generator [kaya-qr-code-generator] < 1.5.3 Kaya QR Code Generator <= 1.5.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via url parameter The Kaya QR Code Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter passed to the 'wpkqcg_doDisplayQRCode' function via multiple methods including shortcodes in versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level permissions or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.5.3.
Status
vulnerable
Previous vulnerability researches
GoDaddy Email Marketing (721acd71d13186ecf815419489d4f110132c0d3b) , Jun 16, 2026
GoDaddy Email Marketing (CVE-2016-10903) , Jun 07, 2024
GoDaddy Email Marketing (CVE-2023-49156) , Jun 10, 2024
New vulnerability
Dynamic Widgets (bcd167c7824b22ce28b0a755c39fc633d83acfb4) , Jun 16, 2026
Dynamic Widgets (5dd9d324c9dd9e4f3db52cd08c75f2fb94e77fb5) , Jun 16, 2026
Dynamic Widgets (4d7faa92-9246-4685-ace9-ed62e555fbde) , Jun 16, 2026
Dynamic Widgets (fd8883125ab10ddf1bfb5cae4dbf4175fb52b317) , Jun 16, 2026
Change WordPress Login Logo (3e38c8a9639b68f093c62b2db41d27500a5cfe59) , Jun 16, 2026