Lucene search
K

4 matches found

NVD
NVD
added 2026/05/20 7:16 a.m.12 views

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:31 a.m.7 views

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 5:31 a.m.19 views

CVE-2026-6566

CVE-2026-6566 affects WordPress plugin NextGEN Gallery (Photo Gallery, Sliders, Proofing and Themes) up to version 4.2.0. The vulnerability is an Insecure Direct Object Reference in the image deletion REST flow: DELETE /imagely/v1/images/{id} only enforces NextGEN Manage gallery permission and do...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/15 2:25 p.m.4 views

EUVD-2025-203368

The Image Gallery – Photo Grid & Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addimagestogallerycallback function in all versions up to, and including, 2.13.3. This makes it possible for authenticated attackers, wit...

4.3CVSS4.8AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder