The popular WordPress plugin, FooGallery, has a security flaw that allows for harmful code to be inserted into custom album URLs. This can be done by attackers who have contributor-level access or higher, and can result in the execution of malicious scripts whenever a user visits the affected page.