## https://sploitus.com/exploit?id=WPEX-ID:892802B1-26E2-4CE1-BE6F-71CE29687776
1. Install and activate the iQ Block Country plugin.
2. Create a test file in the vulnerable system: (e.g. `/var/www/html/test.txt`)
3. Create a zip file containing a file named as `../../../../test.txt`. Absolute path at the end of this process will be: `/var/www/html/wp-content/uploads/2022/01/../../../../test.txt`
4. Go back to the Wordpress, visit Settings > iQ Block Country > Import/Export tab.
5. Click the "Browse" button and choose the zip file which is created in the Step 3.
6. Click the "Restore settings" button.
7. "Invalid file" message will be appeared but nevermind the message. Check whether the test.txt file is deleted or not.
Note: https://github.com/cesarsotovalero/zip-slip-exploit-example/blob/master/evilarc.py can be used to generate the malicious zip: evilarc.py -d 4 -o unix test.txt