Home / Vulnerability Intelligence / CVE-2026-1830

CVE-2026-1830 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: April 9, 2026

Quick Playground WordPress plugin - Remote Code Execution

Published: April 9, 2026Updated: April 9, 2026Remote Exploitable

Overview

Quick Playground WordPress plugin <= 1.3.1 contains a remote code execution caused by insufficient authorization checks on REST API endpoints allowing arbitrary file uploads with path traversal, letting unauthenticated attackers execute code remotely.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 17.8%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary code on the server, potentially leading to full system compromise.

Mitigation

Update to the latest version beyond 1.3.1.

References

Social Media Activity(2 posts)

TheHackerWire

@thehackerwire

Apr 9, 2026

🔴 CVE-2026-1830 - Critical (9.8) The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file u... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1830/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

OffSequence

@offseq

Apr 9, 2026

🚨 CVE-2026-1830: CRITICAL RCE in davidfcarr Quick Playground (WordPress ≤1.3.1). Unauthenticated users can upload PHP files via REST API flaw — patch or disable plugin now! https://radar.offseq.com/threat/cve-2026-1830-cwe-862-missing-authorization-in-dav-233f04bb #OffSeq #WordPress #Infosec #CVE20261830

View original post

Related Resources

Details

CVE ID: CVE-2026-1830
Severity: Critical
CVSS Score: 9.8
Type: unrestricted_file_upload
Status: new
EPSS: 17.8%
Social Posts: 2

CWE

CWE-862

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

17.8%Probability of exploitation in the next 30 days