5 matches found
PT-2026-39944
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filter images function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing preg replace that does not properly handle HTML attribute boundaries when replacing...
CVE-2025-46508 WordPress Advanced lazy load plugin <= 1.6.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in kasonzhao Advanced lazy load advanced-lazy-load allows Stored XSS.This issue affects Advanced lazy load: from n/a through = 1.6.0...
EUVD-2015-9255
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...
VulnCheck KEV: CVE-2015-9415
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion...
WordPress Lazy Load Plugin <= 0.7.5 - Remote File Inclusion
This vulnerability allows any visitor to upload any kind of file in your website. Solution Update the plugin...