Description The plugin does not properly escape its mainHeadings blocks’ attribute before appending it to the final rendered block, allowing contributors to conduct Stored XSS attacks.
As a contributor, put the following payload in a post while in Code Editor mode The XSS will be triggered when viewing/prevewing the post