The WordPress plugin Dynamic QR Code Generator was closed on the WordPress plugin directory last year with the only explanation given that it had a “Security Issue.” No further details of the issue were given. Prior to that last year, a security provider had vaguely claimed it contained a reflected cross-site scripting (XSS) vulnerability, but again with no further details. Looking at the code, we found there is a reflected XSS vulnerability in the most recent version of the plugin.

…

[Read more]