2 matches found
PT-2026-26713
The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overly permissive regular expression in the add lazyload function that replaces all occurrences of ssr...
CVE-2025-46508
CVE-2025-46508 refers to a CSRF-to-Stored XSS vulnerability in the WordPress plugin Advanced lazy load, affecting versions 1.6.0 and earlier. The vulnerability is described as CSRF that enables stored XSS on affected sites. Public disclosures in the supplied connected documents consistently ident...