CVE-2025-11866 — The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes (`w`, `h`, `raw_css`, `look`, etc.) in all versions up to, and including — CVE Database · The Intelligence Room