Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-galleryphoto-gallery.php script allows access to filemanagerUploadHandler.php. The post() method in UploadHandler.php