Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PoC
- As admin, go to plugin settings (wp-admin/options-general.php?page=admin-options.php) 2) In either “Bar Size” or “Image Counter Separator” add the payload "/> 3) Save and reload the page to see the popup -– As user: Requisite: a post or page with the gallery widget 1) Visit any post that contains the gallery widget 2) The malicious payload above will get reflected inside the page source code.