Update this plugin.
Marcin Probola discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress iQ Block Country Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.1.20.
Block BYPASS vulnerability
Protection Bypass due to IP Spoofing vulnerability
Arbitrary File Deletion vulnerability via Zip Slip
Authenticated Persistent CrossSite Scripting (XSS) vulnerability