Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code.
Upgrade the plugin.
security.szurek.pl/huge-it-image-gallery-170-reflected-xss.html