Flat PM < 3.0.13 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin v 3.0.13 the blockid needs to start with an existing block ID...