CVE-2026-6566— Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | ≤ 4.2.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6566
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for DELETE /imagely/v1/images/{id} only checks 'NextGEN Manage gallery' permissions and does not enforce gallery ownership or 'NextGEN Manage others gallery' permissions. This makes it possible for authenticated attackers, with Subscriber-level privileges and 'NextGEN Manage gallery' capability, to delete gallery images belonging to other users as well as their associated image files from disk when deleteImg is enabled (default).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin NextGEN Gallery 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin NextGEN Gallery 4.2.0及之前版本存在安全漏洞,该漏洞源于对象级授权不足,可能导致具有订阅者权限和NextGEN Manage gallery能力的认证攻击者删除其他用户的图库图像及其关联文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| smub | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | 0 ~ 4.2.0 | - |
II. Public POCs for CVE-2026-6566
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6566
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-6566 (1)
IV. Related Vulnerabilities
Same vendor: smub
- CVE-2026-7636
Slider by Soliloquy <= 2.8.1 - Authenticated (Subscriber+) I - CVE-2026-5075
All in One SEO <= 4.9.7 - Authenticated (Contributor+) Sensi - CVE-2026-5361
Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cr - CVE-2026-6177
Custom Twitter Feeds <= 2.5.4 - Unauthenticated Stored Cross - CVE-2026-7619
Charitable <= 1.8.10.4 - Authenticated (Custom+) SQL Injecti
Same weakness: CWE-639
- CVE-2026-40127
Authorization Bypass Through User-Controlled Key in OutSyste - CVE-2026-9306
QuantumNous new-api Midjourney Image Relay Endpoint relay-ro - CVE-2026-35430
Azure Privileged Identity Management (PIM) Elevation of Priv - CVE-2026-39967
TypeBot: Cross-Typebot Result Data Access via Missing typebo - CVE-2026-28444
Typebot: IDOR in Result Logs Endpoint Allows Cross-Workspace
V. Comments for CVE-2026-6566
No comments yet