The WordPress plugin, Gallery PhotoBlocks, is vulnerable to a security issue in versions up to and including 1.2.8. A problem in the ~/admin/class-photoblocks-admin.php file allows users with minimal permissions – such as a subscriber – to delete and clone gallery photoblocks without authorization.