cleantalk
Vulnerabilities and Security Researches

Flex QR Code Generator, CVE-2025-10041

CVE, Research URL

CVE-2025-10041

Home page URL

Security reports for Flex QR Code Generator

Application

Flex QR Code Generator

Published on
Oct 15, 2025
Research Description
The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 1.2.5.
Status
vulnerable
Previous vulnerability researches
WP Statistics (CVE-2025-9816) , Nov 10, 2025
WP Statistics , May 27, 2025
WP Statistics (CVE-2025-55716) , Aug 16, 2025
WP Statistics (CVE-2022-25149) , Jun 07, 2024
WP Statistics (CVE-2022-25307) , Jun 07, 2024
New vulnerability
Dropify (CVE-2025-53286) , Nov 10, 2025
Woocommerce Category and Products Accordion Panel (CVE-2025-11722) , Nov 10, 2025
User Registration Aide (CVE-2025-53239) , Nov 10, 2025
Accordion (CVE-2025-53421) , Nov 10, 2025
OAuth Single Sign On – SSO (OAuth Client) (CVE-2025-10752) , Nov 10, 2025