Tag
The Quick Playground plugin for WordPress, versions up to 1.3.3, is vulnerable to a path traversal vulnerability (CVE-2026-6403) in the qckply_zip_theme() function, allowing unauthenticated attackers to create ZIP archives containing arbitrary server files, including wp-config.