The Gallery Blocks with Lightbox plugin for WordPress has a security vulnerability that allows attackers to inject harmful web scripts through the ‘galleryID’ and ‘className’ parameters. This can happen on any version up to 3.2.1 due to a lack of proper input sanitization and output escaping. This means that attackers with Contributor-level access or higher can insert their own code into pages, which will then run whenever a user visits that page.