Bj Lazy Load
by WordPress
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9415 | Hig | 0.49 | 7.5 | 0.03 | Sep 26, 2019 | The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | ||
| CVE-2026-2300 | Med | 0.42 | 6.4 | 0.00 | May 12, 2026 | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing (`preg_replace`) that does not properly handle HTML attribute… |
- risk 0.49cvss 7.5epss 0.03
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.
- risk 0.42cvss 6.4epss 0.00
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `filter_images()` function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing (`preg_replace`) that does not properly handle HTML attribute…