A stored XSS vulnerability exists in the version of the plugin 2.2.4. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code into the plugin gallery image which are viewed by other users.