CVE-2022-0246: 
WordPress vulnerability analysis and mitigation

CVE-2022-0246 is a security vulnerability affecting the iQ Block Country WordPress plugin versions prior to 1.2.13. The vulnerability was discovered and publicly disclosed on March 16, 2022. This vulnerability affects the plugin's backup functionality where an authorized user can import preconfigured settings through a zip file upload feature (WPScan).

The vulnerability is classified as a Zip Slip vulnerability that occurs during the plugin's backup import process. When files from an uploaded zip file are extracted, the plugin checks for file existence and deletes existing files without proper security controls, considering only the filename. The vulnerability has been assigned a CVSS score of 5.5 (medium) and is categorized under CWE-73. The technical classification identifies it as a File Deletion vulnerability and falls under the OWASP Top 10 category A6: Security Misconfiguration (WPScan).

The vulnerability allows an authenticated attacker to delete arbitrary files on the server by exploiting the extraction process. By uploading a specially crafted zip file containing files named with specific paths, an attacker can overwrite configuration files or delete sensitive resources on the server (WPScan).

The vulnerability has been fixed in version 1.2.13 of the iQ Block Country plugin. Users are advised to update to this version or later to protect against this vulnerability (WPScan).