What is CVE-2026-1830?

CVE-2026-1830 is a critical-severity vulnerability in Davidfcarr Quick Playground, classified under Missing Authorization. CVSS score: 9.8/10. Published 2026-04-09.

How severe is CVE-2026-1830?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Davidfcarr Quick Playground

CVE-2026-1830

The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrar…

Vulnerability class: Broken Access Control

EPSS: 0.011 (78.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Davidfcarr Quick Playground — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

www.wordfence.com/threat-intel/vulnerabilities/id/308cd28a-a477-4bc6-a392-ad5a9…
plugins.trac.wordpress.org/browser/quick-playground/trunk/api.php
plugins.trac.wordpress.org/browser/quick-playground/trunk/expro-api.php
plugins.trac.wordpress.org/changeset

Frequently asked questions

What is CVE-2026-1830?: CVE-2026-1830 is a critical-severity vulnerability in Davidfcarr Quick Playground, classified under Missing Authorization. CVSS score: 9.8/10. Published 2026-04-09.
How severe is CVE-2026-1830?: Critical severity. CVSS v3 base score is 9.8 out of 10.