{"id":285781,"date":"2026-03-12T17:34:35","date_gmt":"2026-03-12T17:34:35","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/govalid-qr\/"},"modified":"2026-03-12T19:34:54","modified_gmt":"2026-03-12T19:34:54","slug":"govalid-qr-validator","status":"publish","type":"plugin","link":"https:\/\/lmo.wordpress.org\/plugins\/govalid-qr-validator\/","author":23459288,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"3.6.7","stable_tag":"3.6.7","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"GoValid QR","header_author":"GoValid","header_description":"Generate, embed, and track QR codes from your GoValid account directly in WordPress.","assets_banners_color":"acbe92","last_updated":"2026-03-12 19:34:54","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/my.govalid.org\/qr_codes\/thirdparty\/wp-plugin\/","header_author_uri":"https:\/\/govalid.org","rating":0,"author_block_rating":0,"active_installs":0,"downloads":163,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"3.6.7":{"tag":"3.6.7","author":"nfloval1739","date":"2026-03-12 19:34:54"}},"upgrade_notice":{"1.0.0":"<p>Initial release of GoValid QR for WordPress.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3481385,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3481385,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3481385,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3481385,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":{"govalid-qr\/qr-code":{"$schema":"https:\/\/schemas.wp.org\/trunk\/block.json","apiVersion":3,"name":"govalid-qr\/qr-code","version":"1.0.0","title":"GoValid QR Code","category":"embed","icon":"screenoptions","description":"Embed a QR code from your GoValid account.","keywords":["qr","code","govalid","barcode"],"supports":{"html":false,"align":["left","center","right","wide"]},"attributes":{"qrId":{"type":"string","default":""},"qrName":{"type":"string","default":""},"width":{"type":"number","default":200},"alignment":{"type":"string","default":"center"},"showLabel":{"type":"boolean","default":false}},"textdomain":"govalid-qr","editorScript":"file:.\/index.js","editorStyle":"file:.\/editor.css","style":"file:.\/style.css"},"govalid-qr\/form":{"$schema":"https:\/\/schemas.wp.org\/trunk\/block.json","apiVersion":3,"name":"govalid-qr\/form","version":"1.0.0","title":"GoValid Form","category":"embed","icon":"forms","description":"Embed a GoValid form to collect submissions.","keywords":["form","govalid","survey","contact"],"supports":{"html":false,"align":["wide","full"]},"attributes":{"formId":{"type":"number","default":0},"formTitle":{"type":"string","default":""}},"textdomain":"govalid-qr","editorScript":"file:.\/index.js","editorStyle":"file:.\/editor.css","style":"file:.\/style.css"}},"tagged_versions":["3.6.7"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3481385,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3481385,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3481385,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3481385,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3481385,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3481385,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3481385,"resolution":"7","location":"assets","locale":""},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3481385,"resolution":"8","location":"assets","locale":""},"screenshot-9.png":{"filename":"screenshot-9.png","revision":3481385,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Settings page \u2014 connect to your GoValid account","2":"QR Code Generator \u2014 create QR codes from the admin","3":"Gutenberg block \u2014 visual QR code picker","4":"Dashboard widget \u2014 scan analytics at a glance"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[232,1292,257620,7312,1373],"plugin_category":[36],"plugin_contributors":[257621],"plugin_business_model":[],"class_list":["post-285781","plugin","type-plugin","status-publish","hentry","plugin_tags-analytics","plugin_tags-barcode","plugin_tags-govalid","plugin_tags-qr","plugin_tags-qr-code","plugin_category-analytics","plugin_contributors-nfloval1739","plugin_committers-nfloval1739"],"banners":{"banner":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/banner-772x250.png?rev=3481385","banner_2x":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/banner-1544x500.png?rev=3481385","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/icon-128x128.png?rev=3481385","icon_2x":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/icon-256x256.png?rev=3481385","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-1.png?rev=3481385","caption":"Settings page \u2014 connect to your GoValid account"},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-2.png?rev=3481385","caption":"QR Code Generator \u2014 create QR codes from the admin"},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-3.png?rev=3481385","caption":"Gutenberg block \u2014 visual QR code picker"},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-4.png?rev=3481385","caption":"Dashboard widget \u2014 scan analytics at a glance"},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-5.png?rev=3481385","caption":""},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-6.png?rev=3481385","caption":""},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-7.png?rev=3481385","caption":""},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-8.png?rev=3481385","caption":""},{"src":"https:\/\/ps.w.org\/govalid-qr-validator\/assets\/screenshot-9.png?rev=3481385","caption":""}],"raw_content":"<!--section=description-->\n<p><strong>GoValid QR<\/strong> connects your WordPress site to your <a href=\"https:\/\/govalid.org\">GoValid<\/a> account, letting you generate, embed, and track QR codes without leaving your WordPress admin.<\/p>\n\n<h4>Features<\/h4>\n\n<ul>\n<li><strong>QR Code Generator<\/strong> \u2014 Create QR codes for URLs, text, email, phone, SMS, WiFi, and vCards right from your WordPress admin<\/li>\n<li><strong>Gutenberg Block<\/strong> \u2014 Add QR codes to any post or page with a visual picker<\/li>\n<li><strong>Shortcode<\/strong> \u2014 Embed QR codes anywhere using <code>[govalid_qr id=\"uuid\"]<\/code><\/li>\n<li><strong>Scan Analytics<\/strong> \u2014 Dashboard widget showing total scans, recent activity, and top QR codes<\/li>\n<li><strong>Secure Connection<\/strong> \u2014 OAuth 2.0 with PKCE (S256) for secure authentication<\/li>\n<li><strong>Image Caching<\/strong> \u2014 QR images cached locally for fast page loads<\/li>\n<li><strong>i18n Ready<\/strong> \u2014 Fully translatable<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>Register an OAuth application in your GoValid dashboard<\/li>\n<li>Enter your Client ID and Secret in the plugin settings<\/li>\n<li>Click \"Connect with GoValid\" to authorize<\/li>\n<li>Start creating and embedding QR codes!<\/li>\n<\/ol>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>A <a href=\"https:\/\/govalid.org\">GoValid<\/a> account<\/li>\n<li>WordPress 5.8 or later<\/li>\n<li>PHP 7.4 or later<\/li>\n<\/ul>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the following external services:<\/p>\n\n<h4>GoValid API (my.govalid.org)<\/h4>\n\n<p>This plugin communicates with the GoValid platform to generate, manage, and verify QR codes.<\/p>\n\n<p><strong>What data is sent and when:<\/strong><\/p>\n\n<ul>\n<li><strong>OAuth authentication<\/strong> \u2014 When connecting your account, the plugin exchanges an authorization code and refresh token with GoValid's OAuth server (<code>\/oauth\/token\/<\/code>). No personal WordPress user data is sent.<\/li>\n<li><strong>QR code generation<\/strong> \u2014 When creating a QR code, the plugin sends the QR type, name, security level, and any metadata you enter (e.g. product info, certificate data, timeline entries) to the GoValid API (<code>\/api\/v1\/qr\/<\/code>).<\/li>\n<li><strong>QR code verification<\/strong> \u2014 When a visitor loads the verification page (<code>\/v\/{token}<\/code>), the QR token is sent to the GoValid API (<code>\/api\/v1\/ojs\/verify-signed\/<\/code>) to retrieve verification results. No visitor personal data is sent.<\/li>\n<li><strong>Analytics and dashboard<\/strong> \u2014 Scan statistics and analytics data are fetched from GoValid on admin pages. No visitor data is transmitted from WordPress; scan events are recorded by GoValid when a QR code is scanned directly.<\/li>\n<li><strong>Promotional ads<\/strong> \u2014 Admin sidebar may load promotional content from <code>\/api\/v1\/plugin\/ads\/<\/code>. No personal data is sent.<\/li>\n<\/ul>\n\n<p><strong>Service provider:<\/strong> GoValid\n<strong>Terms of Service:<\/strong> https:\/\/govalid.org\/terms\/\n<strong>Privacy Policy:<\/strong> https:\/\/govalid.org\/privacy\/<\/p>\n\n<h4>Esri ArcGIS (server.arcgisonline.com)<\/h4>\n\n<p>The analytics map uses a satellite tile layer provided by Esri ArcGIS Online. Map tiles are loaded directly in the admin user's browser when viewing the Analytics page. No data from your WordPress site is sent to Esri; tile requests include only the map coordinates being viewed.<\/p>\n\n<p><strong>Service provider:<\/strong> Esri\n<strong>Terms of Use:<\/strong> https:\/\/www.esri.com\/en-us\/legal\/terms\/full-master-agreement\n<strong>Privacy Policy:<\/strong> https:\/\/www.esri.com\/en-us\/privacy\/privacy-statements\/privacy-statement<\/p>\n\n<h4>Nominatim \/ OpenStreetMap (nominatim.openstreetmap.org)<\/h4>\n\n<p>When a QR code submission contains location data, the plugin may perform a reverse-geocoding lookup using the Nominatim API to convert GPS coordinates into a human-readable address. This request is made server-side. The latitude and longitude coordinates are sent to Nominatim; no other user data is transmitted.<\/p>\n\n<p><strong>Service provider:<\/strong> OpenStreetMap Foundation (Nominatim)\n<strong>Terms of Use:<\/strong> https:\/\/operations.osmfoundation.org\/policies\/nominatim\/\n<strong>Privacy Policy:<\/strong> https:\/\/wiki.osmfoundation.org\/wiki\/Privacy_Policy<\/p>\n\n<h4>NexHub (nexhub.earth)<\/h4>\n\n<p>The plugin admin sidebar may display promotional content about NexHub. Preview images for this promotional content are bundled locally with the plugin and no requests are made to nexhub.earth at runtime.<\/p>\n\n<p><strong>Service provider:<\/strong> NexHub\n<strong>Terms of Service:<\/strong> https:\/\/nexhub.earth\/terms\/\n<strong>Privacy Policy:<\/strong> https:\/\/nexhub.earth\/privacy\/<\/p>\n\n<h4>Bundled Libraries<\/h4>\n\n<p>This plugin bundles the following third-party JavaScript library:<\/p>\n\n<ul>\n<li><strong>jsQR<\/strong> v1.4.0 \u2014 QR code decoding library used on the public scan page.\nSource: https:\/\/github.com\/cozmo\/jsQR\nLicense: Apache-2.0<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>govalid-qr<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the 'Plugins' menu<\/li>\n<li>Go to <strong>GoValid QR &gt; Settings<\/strong> and enter your OAuth credentials<\/li>\n<li>Click <strong>Connect with GoValid<\/strong> to authorize the connection<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"do%20i%20need%20a%20govalid%20account%3F\"><h3>Do I need a GoValid account?<\/h3><\/dt>\n<dd><p>Yes. You need an active GoValid account to use this plugin. Sign up at <a href=\"https:\/\/govalid.org\">govalid.org<\/a>.<\/p><\/dd>\n<dt id=\"how%20do%20i%20get%20oauth%20credentials%3F\"><h3>How do I get OAuth credentials?<\/h3><\/dt>\n<dd><p>Log in to your GoValid dashboard, go to <strong>Settings &gt; OAuth Applications<\/strong>, and create a new application. Copy the Client ID and Client Secret into the plugin settings.<\/p><\/dd>\n<dt id=\"is%20my%20data%20secure%3F\"><h3>Is my data secure?<\/h3><\/dt>\n<dd><p>Yes. OAuth tokens are encrypted with AES-256-CBC using your WordPress security keys. The connection uses PKCE (S256) for additional security. Your Client Secret is never exposed to the browser.<\/p><\/dd>\n<dt id=\"can%20i%20use%20the%20shortcode%20in%20widgets%3F\"><h3>Can I use the shortcode in widgets?<\/h3><\/dt>\n<dd><p>Yes. The <code>[govalid_qr]<\/code> shortcode works in posts, pages, and any widget that supports shortcodes.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>3.6.7<\/h4>\n\n<ul>\n<li>Fix: Replace direct $_POST\/$_FILES superglobal access in public_submit() with WP_REST_Request methods<\/li>\n<li>Fix: Refactor handle_form_file_upload() to accept file array parameter instead of reading $_FILES<\/li>\n<li>Fix: Add X-WP-Nonce header to frontend form submission fetch for CSRF protection<\/li>\n<li>Fix: Add real wp_verify_nonce() check to OAuth callback via transient-stored nonce from handle_connect()<\/li>\n<li>Fix: Remove all phpcs:ignore\/disable suppression comments for NonceVerification on these methods<\/li>\n<\/ul>\n\n<h4>3.6.6<\/h4>\n\n<ul>\n<li>Fix: Move all $_GET flash-message reads from partials into render methods with real wp_verify_nonce() checks<\/li>\n<li>Fix: Add _wpnonce to all wp_safe_redirect() calls in generator, settings, and forms handlers<\/li>\n<li>Fix: Pass adminNonce via wp_localize_script() and append to JS-generated admin page URLs<\/li>\n<li>Fix: Replace phpcs:ignore on render_field() and build_status_section() echoes with wp_kses() and custom allowed-HTML arrays<\/li>\n<li>Fix: Add phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized on $_FILES tmp_name uses in REST controller<\/li>\n<\/ul>\n\n<h4>3.6.5<\/h4>\n\n<ul>\n<li>Fix: Add current_user_can() capability guards to all remaining admin page partials<\/li>\n<li>Fix: Add phpcs annotation for pre-nonce form_id read in handle_delete_form()<\/li>\n<\/ul>\n\n<h4>3.6.4<\/h4>\n\n<ul>\n<li>Fix: Add nfloval1739 to Contributors list<\/li>\n<li>Fix: Host NexHub promotional images locally (removed remote nexhub.earth image requests)<\/li>\n<li>Fix: Add detailed phpcs annotations for unescaped echo in shortcode render_field() and build_status_section() methods<\/li>\n<li>Fix: Add Nominatim\/OpenStreetMap and NexHub entries to External Services in readme.txt<\/li>\n<li>Fix: Add Bundled Libraries section documenting jsQR v1.4.0 (Apache-2.0) source<\/li>\n<li>Fix: Improve nonce verification phpcs comments in admin partials and REST controller<\/li>\n<li>Fix: Cast file upload error code to int; add block comment explaining nonce-free REST endpoint design<\/li>\n<li>Fix: Fix count_forms() SQL using variable interpolation with phpcs annotations<\/li>\n<\/ul>\n\n<h4>3.6.2<\/h4>\n\n<ul>\n<li>Fix: Replace all inline  and  tags with wp_enqueue_script() \/ wp_enqueue_style() \/ wp_add_inline_script()<\/li>\n<li>Fix: Extracted verify-page JS to public\/js\/verify-page.js with wp_localize_script() for dynamic data<\/li>\n<li>Fix: Moved form-builder config object to wp_add_inline_script() in enqueue_assets()<\/li>\n<li>Fix: Moved generator prefill script to wp_add_inline_script() in enqueue_assets()<\/li>\n<li>Fix: Moved modal overlay CSS to admin\/css\/govalid-admin.css<\/li>\n<li>Fix: Updated text domain from govalid-qr to govalid-qr-validator across all 1122 i18n calls<\/li>\n<li>Fix: Updated Chart.js from v4.4.4 to v4.5.1<\/li>\n<li>Fix: Added == External Services == section to readme.txt documenting GoValid API and Esri ArcGIS<\/li>\n<li>Fix: Added clarifying comment on intentionally public form submission REST endpoint<\/li>\n<\/ul>\n\n<h4>3.1.3<\/h4>\n\n<ul>\n<li>NEW: QR Label Layout \u2014 design and export printable QR label sheets (PDF\/PNG\/JPG\/Print)<\/li>\n<li>NEW: 16 unique frame styles (Pill, Groove, Ridge, Inset, Outset, Ticket, Elegant, Glow, Stamp + originals)<\/li>\n<li>Fix: Correct QR card selectors for label layout data collection<\/li>\n<\/ul>\n\n<h4>3.1.1<\/h4>\n\n<ul>\n<li>Fix: Replace %i SQL placeholders for WP 5.8 compatibility<\/li>\n<li>Fix: Bundle SortableJS locally instead of loading from CDN<\/li>\n<li>Fix: Add missing output escaping across all templates<\/li>\n<li>Fix: Add translators comments for i18n placeholders<\/li>\n<li>Fix: Use wp_safe_redirect() instead of wp_redirect()<\/li>\n<li>Fix: Remove debug error_log() calls from production code<\/li>\n<li>Fix: Add database query caching and proper LIKE wildcard escaping<\/li>\n<li>Fix: Prefix all global template variables with plugin prefix<\/li>\n<li>Fix: Sanitize file upload and URL inputs<\/li>\n<li>Fix: Add phpcs annotations for nonce-delegated methods and DB queries<\/li>\n<\/ul>\n\n<h4>2.0.1<\/h4>\n\n<ul>\n<li>NEW: Shortcode-based verification page \u2014 customizable via WordPress page editor<\/li>\n<li>NEW: [govalid_verify_result] shortcode for full verification card<\/li>\n<li>NEW: Individual field shortcodes ([govalid_verify_field], [govalid_verify_status], [govalid_verify_alerts], [govalid_powered_by])<\/li>\n<li>NEW: Custom Verification settings tab with setup guide and shortcode reference<\/li>\n<li>NEW: One-click verification page creation<\/li>\n<li>Server-side API verification (no client-side JavaScript needed)<\/li>\n<\/ul>\n\n<h4>2.0.0<\/h4>\n\n<ul>\n<li>NEW: Custom verification page \u2014 serve QR verification at yoursite.com\/v\/{token}<\/li>\n<li>NEW: Settings toggle to enable\/disable custom verification route<\/li>\n<li>NEW: Smart Verify widget recognizes the site's own \/v\/ URLs<\/li>\n<li>Automatic rewrite rule management on toggle\/activation\/deactivation<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>QR Code Generator with multiple types<\/li>\n<li>Gutenberg block with visual picker<\/li>\n<li>Shortcode support<\/li>\n<li>Dashboard scan analytics widget<\/li>\n<li>OAuth 2.0 + PKCE connection<\/li>\n<li>Local image caching<\/li>\n<\/ul>","raw_excerpt":"Generate, embed, and track QR codes from your GoValid account directly in WordPress.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/285781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=285781"}],"author":[{"embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/nfloval1739"}],"wp:attachment":[{"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=285781"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=285781"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=285781"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=285781"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=285781"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/lmo.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=285781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}