FooGallery, a WordPress plugin, is vulnerable to Stored Cross-Site Scripting (XSS) in all versions up to and including 2.3.3. This means that anyone with contributor or higher access to the WordPress website can inject malicious code into pages, which will be run whenever someone views the page. This code can be used to damage the website, or to steal user information.