Unrated severityNVD Advisory· Published Apr 11, 2022· Updated Aug 2, 2024
iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip
CVE-2022-0246
Description
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/iQ Block Country plugindescription
- Range: <1.2.13
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/892802b1-26e2-4ce1-be6f-71ce29687776mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.