24 matches found
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
EUVD-2026-34953
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...
CVE-2026-2500
The Quick Playground WordPress plugin vulnerability (
PT-2026-47126
Name of the Vulnerable Software and Affected Versions Quick Playground versions prior to 1.3.5 Description The Quick Playground plugin for WordPress contains a path traversal flaw. The qckply data function processes the filename POST parameter and passes it to file get contents without proper...
📄 WordPress Quick Playground 1.3.1 Shell Upload
Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage: https://quickplayground.com Software Link: https://downloads.wordpress.org/plugin/quick-playground.1.3.1.zip Version: \ wp...
WordPress Quick Playground plugin <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability
Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by ? in WordPress Plugin Quick Playground versions = 1.3.3...
CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
CVE-2026-6403
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
EUVD-2026-30517
The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...
WordPress plugin Quick Playground 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Quick Playground plugin <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability
Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin Quick Playground versions = 1.3.1...
EUVD-2026-20843
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...
CVE-2026-1830
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...
CVE-2026-1830 Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...
CVE-2026-1830 Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload
The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...