NVD CRITICAL: CVE-2026-1830 — The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution...

Thursday, April 9, 2026 at 05:16 AM UTC·Source: NIST NVD

Updated: Thursday, April 9, 2026 at 05:17 AM UTC

Executive Summary

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code exe

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-1830

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Apr 9, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

CaixaBank launches a carbon credit trading platform to help clients offset their emissions

CaixaBank CIB has launched a carbon credit trading platform, a tool designed to make it easier for corporate clients and businesses to voluntarily offset CO2 emissions.

Just nowFinextra

MEDIUMVulnerabilityNEW

Klarna teams with Worldline for instore and online payments

Worldline [Euronext: WLN], a European leader in payment services, and Klarna, the global digital bank and flexible payments provider, have announced the signing of a framework agreement to improve access to Klarna’s full suite of flexible payments across online and in-store points of sale serviced by Worldline.

21m agoFinextra

LOWVulnerabilityNEW

CommBank appoints Professor Mary-Anne Williams as its first chief AI scientist

Commonwealth Bank (CommBank) has appointed Professor Mary-Anne Williams as its first Chief AI Scientist following an extensive global search.

24m agoFinextra