The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/892802b1-26e2-4ce1-be6f-71ce29687776 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-04-11T14:40:40
Updated: 2022-04-11T14:40:39
Reserved: 2022-01-17T00:00:00
Link: CVE-2022-0246
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-11T15:15:08.133
Modified: 2022-04-15T17:53:11.003
Link: CVE-2022-0246
JSON object: View
Redhat Information
No data.
CWE