WordPress Plugin Vulnerabilities

BJ Lazy Load < 1.0 - Remote File Inclusion (Timthumb)

Description

The BJ Lazy Load WordPress plugin was affected by a Remote File Inclusion (Timthumb) security vulnerability.

Affects Plugins

Plugin icon
bj-lazy-load
Fixed in 1.0

References

CVE
CVE-2015-9415
URL
https://secupress.me/blog/bj-lazy-load-timthumb/

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98
CVSS
7.5 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
c15aef94-822d-40eb-80a6-e4a0611cb5c1

Timeline

Publicly Published
2015-09-02 (about 10 years ago)
Added
2015-09-02 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-09-10
Title
Ultimate Classified Listings < 1.7 - Authenticated (Contributor+) Local File Inclusion
Published
2025-09-04
Title
Femme <= 1.3.11 - Unauthenticated Local File Inclusion
Published
2025-08-21
Title
Magazine Elite <= 1.2.4 - Unauthenticated Local File Inclusion
Published
2025-09-04
Title
Gardis <= 1.2.13 - Unauthenticated Local File Inclusion
Published
2025-04-16
Title
Subscribe to Unlock Lite < 1.3.1 - Authenticated (Contributor+) Local File Inclusion