The Gallery Blocks with Lightbox plugin for WordPress has a security flaw that can allow hackers to inject harmful code into web pages. This can happen in versions up to 3.2.5 because the plugin does not properly clean and protect the information it receives and displays. As a result, attackers who have contributor-level access or higher can add their own code to a page, which will then run when someone visits that page.