Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered by Vlad Visse (Patchstack Red Team) in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage.
Solution
Update the WordPress iQ Block Country plugin to the latest available version (at least 1.2.12).
Found a vulnerability that puts your sites at risk?