Lucene search
K

18 matches found

Nuclei
Nuclei
added 5 hours ago22 views

BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion

The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File Inclusion vulnerability via TimThumb. id: CVE-2015-9415 info: name: BJ Lazy Load Timthumb = 0.7.5 - Remote File Inclusion author: s4e-io severity: high description: | The BJ Lazy Load plugin v0.7.5 for WordPress has a Remote File...

7.5CVSS7.1AI score0.03399EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.12 views

CVE-2026-2300

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 9:31 a.m.12 views

EUVD-2026-29388

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/12 7:48 a.m.40 views

CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS0.00193EPSS
Exploits0References5
CVE
CVE
added 2026/05/12 7:48 a.m.15 views

CVE-2026-2300

The CVE-2026-2300 entry concerns the WordPress plugin BJ Lazy Load (versions ≤ 1.0.9). The root cause is a regex-based HTML processing flaw in filter_images() (preg_replace) that mishandles HTML attribute boundaries, allowing content inside a class attribute to be promoted to real DOM attributes....

6.4CVSS6AI score0.00193EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/12 7:48 a.m.8 views

CVE-2026-2300 BJ Lazy Load <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom HTML Block

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:48 a.m.7 views

CVE-2026-2300

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...

6.4CVSS6AI score0.00193EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

WordPress plugin BJ Lazy Load 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39944

The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filter images function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing preg replace that does not properly handle HTML attribute boundaries when replacing...

6.4CVSS6AI score0.00193EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/11 7:10 p.m.9 views

WordPress BJ Lazy Load plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BJ Lazy Load versions = 1.0.9...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:33 a.m.9 views

CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

7.5CVSS7.2AI score0.03399EPSS
Exploits1References1
EUVD
EUVD
added 2019/09/25 11:31 p.m.4 views

EUVD-2015-9255

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

7.5CVSS7.7AI score0.03399EPSS
Exploits1References2
CVE
CVE
added 2019/09/25 11:31 p.m.114 views

CVE-2015-9415

Vulnerability context: The BJ Lazy Load plugin for WordPress (versions before 1.0) has a Remote File Inclusion (RFI) vulnerability via TimThumb. The connected nuclei template explicitly notes RFI through TimThumb in BJ Lazy Load

7.5CVSS7.7AI score0.03399EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/25 11:31 p.m.21 views

CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

7.7AI score0.03399EPSS
Exploits1References2
CNVD
CNVD
added 2019/09/25 12:0 a.m.1 views

WordPress bj-lazy-load plugin remote file inclusion vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. bj-lazy-load is a page content delayed loading plugin used in it. A remote file inclusion vulnerability exists in versions of the...

7.5CVSS6.8AI score0.03399EPSS
Exploits1References1
Patchstack
Patchstack
added 2015/09/02 12:0 a.m.14 views

WordPress BJ Lazy Load Plugin <= 0.7.5 - Remote File Inclusion

This vulnerability allows any visitor to upload any kind of file in your website. Solution Update the plugin...

3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/09/02 12:0 a.m.29 views

BJ Lazy Load <= 0.7.5 - Remote File Inclusion (Timthumb)

The BJ Lazy Load WordPress plugin was affected by a Remote File Inclusion Timthumb security vulnerability...

5CVSS2.3AI score0.03399EPSS
Exploits1References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2015/09/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2015-9415

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...

7.5CVSS7.1AI score0.03399EPSS
Exploits1References1
Rows per page
Query Builder