The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.086
EPSS Ranking 92.0%