Because of this vulnerability, the attackers can inject arbitrary web script or HTML.
Update the plugin.
github.com/scaron/prettyphoto/issues/149