Name of the Vulnerable Software and Affected Versions:

The Responsive iframe WordPress plugin versions 1.2.0 and earlier

Description:

The issue concerns the failure to validate and escape certain block options before they are outputted back in a page or post where the block is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations:

For The Responsive iframe WordPress plugin versions 1.2.0 and earlier, consider disabling the embedding of blocks that use unvalidated options until a patch is available. Restrict access to block options to minimize the risk of exploitation. Avoid using the block embedding feature in the affected plugin until the issue is resolved.