The FooGallery plugin for WordPress has a security issue where attackers can inject harmful code into pages. This can happen because the plugin does not properly check the input and output of a specific setting called “default_gallery_title_size.” This could allow someone with specific permissions to add code that will run whenever someone visits a page that has the injected code.