BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion

The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...

CVE-2026-2300

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

EUVD-2026-29388

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

CVE-2026-2300

The CVE-2026-2300 entry concerns the WordPress plugin BJ Lazy Load (versions ≤ 1.0.9). The root cause is a regex-based HTML processing flaw in filter_images() (preg_replace) that mishandles HTML attribute boundaries, allowing content inside a class attribute to be promoted to real DOM attributes....

CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

CVE-2026-2300

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

WordPress plugin BJ Lazy Load 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-39944

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filter images function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing preg replace that does not properly handle HTML attribute boundaries when replacing...

WordPress BJ Lazy Load plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BJ Lazy Load versions = 1.0.9...

CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

EUVD-2015-9255

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

CVE-2015-9415

Vulnerability context: The BJ Lazy Load plugin for WordPress (versions before 1.0) has a Remote File Inclusion (RFI) vulnerability via TimThumb. The connected nuclei template explicitly notes RFI through TimThumb in BJ Lazy Load

WordPress bj-lazy-load plugin remote file inclusion vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. bj-lazy-load is a page content delayed loading plugin used in it. A remote file inclusion vulnerability exists in versions of the...

WordPress BJ Lazy Load Plugin <= 0.7.5 - Remote File Inclusion

This vulnerability allows any visitor to upload any kind of file in your website. Solution Update the plugin...

VulnCheck KEV: CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

BJ Lazy Load <= 0.7.5 - Remote File Inclusion (Timthumb)

The BJ Lazy Load WordPress plugin was affected by a Remote File Inclusion Timthumb security vulnerability...