VYPR

A3 Lazy Load

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-6427MedMay 28, 2026
    risk 0.42cvss 6.4epss 0.00

    The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the _filter_videos() method that breaks HTML attribute quoting when processing crafted elements, combined with…

  • CVE-2025-9873MedDec 13, 2025
    risk 0.42cvss 6.4epss 0.00

    The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with…