CVE-2026-6566

MEDIUM 4.3

Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

6th

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for DELETE /imagely/v1/images/{id} only checks 'NextGEN Manage gallery' permissions and does not enforce gallery ownership or 'NextGEN Manage others gallery' permissions. This makes it possible for authenticated attackers, with Subscriber-level privileges and 'NextGEN Manage gallery' capability, to delete gallery images belonging to other users as well as their associated image files from disk when deleteImg is enabled (default).

CWE	CWE-639
Vendor	smub
Product	photo gallery, sliders, proofing and themes – nextgen gallery
Published	May 20, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for smub photo gallery, sliders, proofing and themes – nextgen gallery

Be the first to know when new medium vulnerabilities affecting smub photo gallery, sliders, proofing and themes – nextgen gallery are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

smub / Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

0 ≤ 4.2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/439809ad-21ea-4a0b-b1fd-5de9f8f5ee7a?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3533432/nextgen-gallery

Credits

Bao Luu Gia Nguyen