4 matches found
CVE-2022-0246
CVE-2022-0246 affects WordPress plugin iQ Block Country prior to 1.2.13. The plugin’s backup/import flow extracts uploaded zip contents file-by-file and checks for existence before deletion, enabling a Zip Slip path where an authorized user can cause arbitrary file deletion by uploading a crafted...
CVE-2022-1762
CVE-2022-1762 affects the WordPress plugin iQ Block Country prior to version 1.2.20. The root cause is improper HTTP header validation used to determine the origin IP, which allows an attacker to bypass the plugin’s block feature by spoofing headers. Public sources in the connected documents corr...
CVE-2021-36873
CVE-2021-36873 affects WordPress plugin iQ Block Country (versions = 1.2.12). If upgrading is not feasible, apply mitigations per the patch sources. The connected documents confirm the vulnerability and the recommended fix; exploitation details are not provided beyond the general XSS description.
CVE-2022-41155
CVE-2022-41155 is a Block BYPASS vulnerability in the WordPress iQ Block Country plugin, affecting versions prior to 1.2.19. The NVD indicates a critical impact (CVSSv3.1 base score 9.8; HIGH confidentiality, integrity, and availability impacts). Patch guidance from connected sources recommends u...