A vulnerability marked as critical has been reported in davidfcarr Quick Playground Plugin up to 1.3.3 on WordPress. The impacted element is the function qckply_zip_theme of the component Path Validation Handler . The manipulation leads to path traversal. This vulnerability is documented as CVE-2026-6403 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.