Quick Playground

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-1830 CRITICAL Act Now

Remote code execution in Quick Playground plugin for WordPress (all versions through 1.3.1) allows unauthenticated attackers to execute arbitrary PHP code on the server. Vulnerability stems from insufficient authorization on REST API endpoints that expose a sync code and permit unrestricted file uploads. Attackers can retrieve the sync code via unsecured endpoints, upload malicious PHP files using path traversal techniques, and achieve full server compromise without authentication. CVSS 9.8 critical severity. No public exploit identified at time of analysis.

WordPress PHP RCE File Upload Quick Playground
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-1830
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in Quick Playground plugin for WordPress (all versions through 1.3.1) allows unauthenticated attackers to execute arbitrary PHP code on the server. Vulnerability stems from insufficient authorization on REST API endpoints that expose a sync code and permit unrestricted file uploads. Attackers can retrieve the sync code via unsecured endpoints, upload malicious PHP files using path traversal techniques, and achieve full server compromise without authentication. CVSS 9.8 critical severity. No public exploit identified at time of analysis.

WordPress PHP RCE +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy