Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1) As admin, go to plugin settings (wp-admin/options-general.php?page=admin-options.php)
2) In either "Bar Size" or "Image Counter Separator" add the payload "/><script>alert(1)</script>
3) Save and reload the page to see the popup
---
As user:
Requisite: a post or page with the gallery widget
1) Visit any post that contains the gallery widget
2) The malicious payload above will get reflected inside the page source code.