PublishPress Blocks adds the missing blocks and configuration you need to build professional websites. Take the control of the new Gutenberg editor with user edition profile configuration and 20+ new blocks and options.
The code in advanced-gutenberg-pro/lib/vendor/publishpress/publishpress-blocks/assets/blocks/recent-posts/block.php needs to be adjusted due to a broken access control issue.
You allow any post type to be provided to the Recent Posts block, however it does not check whether that post type is meant to be public or not. As a Contirbutor user, someone could choose to embed the recent published posts of any post type that they'd like regardless if they actually have access to read posts.
You could add code like:
if ( ! is_post_type_viewable( $post_type ) ) { /* maybe return an empty string or an error message */ }
This would check whether the post type specified is viewable or not. If it isn't, then you could return a blank string or an error message perhaps.
https://secure.helpscout.net/conversation/2495159321