CVE ID :CVE-2026-6403 Published : May 15, 2026, 7:46 a.m. | 1 hour, 16 minutes ago Description :The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without sanitizing directory traversal sequences. This makes it possible for unauthenticated attackers to trigger the creation of a ZIP archive containing arbitrary files from the server's filesystem — including wp-config. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...