The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to malicious activity in versions up to, and including, version 1.0.6. This type of malicious activity, called Cross-Site Request Forgery, is possible because of the missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This means that someone who is not authorized can edit galleries if they can trick a site administrator into clicking on a link.