1. Home
  2. CVE Database
  3. CVE-2022-0246
MEDIUM · 4.9

CVE-2022-0246

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by up...

Vulnerability Description

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
WebenceIq Block Country< 1.2.13

Related Weaknesses (CWE)

CWE-73

References

FAQ

What is CVE-2022-0246?

CVE-2022-0246 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by up...

How severe is CVE-2022-0246?

CVE-2022-0246 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0246?

Check the references section above for vendor advisories and patch information. Affected products include: Webence Iq Block Country.