FYI for those using this particular plugin.
Version 3.3.4, which addresses the issue and patches it, was released on 09-20-13.


An arbitrary file upload web vulnerability is detected in the CodeCanyon WordPress Plugin Complete Gallery Manager v3.3.3 Web-Application.

The vulnerability allows remote attackers to upload files via POST method with multiple extensions to unauthorized access them on
application-side of the service.