CVE-2026-2500 | davidfcarr Quick Playground Plugin up to 1.3.4 on WordPress POST Parameter wp-config.php qckply_data filename path traversal

SecurityVulns
Yanac

A vulnerability labeled as critical has been found in davidfcarr Quick Playground Plugin up to 1.3.4 on WordPress. Impacted is the function qckply_data of the file wp-config.php of the component POST Parameter Handler. Executing a manipulation of the argument filename can lead to path traversal.

This vulnerability is tracked as CVE-2026-2500. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More