Description The plugin is vulnerable to Directory Traversal attacks via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. Note: By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.