The plugin does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Create a gallery with the “Gallery Theme” set to “Gallery Image 2”, add an image and put the following payload in the “Image Description” field: Save the image and gallery and view a post/page where the gallery is embed to trigger the XSS The “Image Title” field is also vulnerable, with a payload such as "> (fixed in 1.1.5)