VYPR

Quick Playground

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-1830CriApr 9, 2026
    risk 0.67cvss 9.8epss 0.03

    The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible…

  • CVE-2026-6403HigMay 15, 2026
    risk 0.49cvss 7.5epss 0.01

    The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which appends a user-controlled 'stylesheet' parameter directly to the theme root…

  • CVE-2026-2500MedJun 6, 2026
    risk 0.29cvss 4.4epss 0.00

    The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing the user-supplied `filename` POST parameter directly to `file_get_contents()` without any validation,…