EUVD-2026-34953

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

CVE-2026-2500 Quick Playground <= 1.3.4 - Authenticated (Administrator+) Arbitrary File Read via 'filename' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckplydata function passing the user-supplied filename POST parameter directly to filegetcontents without any validation, sanitization, or path restriction. Th...

PT-2026-47126

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the qckply data function passing the user-supplied filename POST parameter directly to file get contents without any validation, sanitization, or path restriction...

Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution

Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage: https://quickplayground.com Software Link: https://downloads.wordpress.org/plugin/quick-playground.1.3.1.zip Version: \ wp...

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

WordPress Quick Playground plugin <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability

Missing Authorization to Unauthenticated Arbitrary File Upload vulnerability discovered by WordFence in WordPress Plugin Quick Playground versions = 1.3.1...

CVE-2026-1830

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated...

PT-2026-31577

Name of the Vulnerable Software and Affected Versions The Quick Playground plugin for WordPress versions up to and including 1.3.1 Description The Quick Playground plugin for WordPress is susceptible to Remote Code Execution due to inadequate authorization checks on REST API endpoints. These...