Does Disable Lazy Load have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Disable Lazy Load compatible with WordPress 6.1.10?

According to WordPress.org data, Disable Lazy Load 1.0.4 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Disable Lazy Load compatible with PHP 7.2+?

Disable Lazy Load requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Disable Lazy Load updated?

Disable Lazy Load was last updated on Dec 13, 2022. Frequent updates are generally a positive security signal.

What is Disable Lazy Load's security score?

Disable Lazy Load has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disable Lazy Load Security & Risk Analysis

wordpress.org/plugins/disable-lazy-load

Simple plugin to disable lazy loading feature on the site or only on specific images.

400 active installs v1.0.4 PHP 7.2+ WP 6.1+ Updated Dec 13, 2022

disable-lazy-loadimageslazy-loadingskip-lazy-loading

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Disable Lazy Load Safe to Use in 2026?

Generally Safe

Score 85/100

Disable Lazy Load has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "disable-lazy-load" plugin v1.0.4 exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events, combined with the lack of dangerous function usage and file operations, significantly limits the potential attack surface. Furthermore, all SQL queries are properly prepared, and there are no external HTTP requests, indicating good secure coding practices in these areas. The vulnerability history is also clean, with zero known CVEs, suggesting a history of secure development or prompt patching.

However, there are a couple of minor concerns. The 50% output escaping rate means that half of the plugin's outputs are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities if the plugin handles user-supplied input that is then outputted without sanitization. Additionally, the complete lack of nonce checks and capability checks, while mitigated by the very small attack surface, indicates a potential weakness if the plugin were to introduce new entry points or handle sensitive data in the future. Despite these minor points, the plugin's current design is largely secure.

Key Concerns

Outputs not properly escaped
No nonce checks
No capability checks

Vulnerabilities

None known

Disable Lazy Load Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Disable Lazy Load Release Timeline

v1.0.4Current

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Disable Lazy Load Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped2 total outputs

Attack Surface

Disable Lazy Load Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionplugins_loadedsrc\class-disable-lazy-load.php:17

filterwp_lazy_loading_enabledsrc\class-disable-lazy-load.php:32

filterwp_get_attachment_image_attributessrc\class-disable-lazy-load.php:38

filterwp_img_tag_add_loading_attrsrc\class-disable-lazy-load.php:42

filterwp_get_attachment_image_attributessrc\class-disable-lazy-load.php:43

actionadmin_initsrc\Core\Settings.php:15

filterattachment_fields_to_editsrc\Core\Settings.php:17

filterattachment_fields_to_savesrc\Core\Settings.php:19

Maintenance & Trust

Disable Lazy Load Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedDec 13, 2022

PHP min version7.2

Downloads8K

Community Trust

Rating86/100

Number of ratings6

Active installs400

Alternatives

Disable Lazy Load Alternatives

LazyLoad Plugin – Lazy Load Images, Videos, and Iframes

rocket-lazy-load

100

The best free lazy load plugin for WordPress. Lazy load images, videos, and iframes to improve performance and Core Web Vitals scores.

100K No CVEs

BJ Lazy Load

bj-lazy-load

Lazy loading for images and iframes makes your site load faster and saves bandwidth. Uses no external JS libraries and degrades gracefully for non-js …

20K 1 unpatched

Lazy Loader

lazy-loading-responsive-images

Lazy loading plugin that supports images, iFrames, video and audio elements and uses the lightweight lazysizes script. With manual modification of the …

10K No CVEs

Dominant Colors Lazy Loading

dominant-colors-lazy-loading

This plugin allows you to lazy load your images while showing the dominant color of each image as a placeholder – like Pinterest or Google Images.

100 No CVEs

Disable Default Lazy Loading

disable-default-lazy-loading

Disable WordPress' default lazy loading features easily.

10 No CVEs

Developer Profile

Disable Lazy Load Developer Profile

Sachyya

2 plugins · 470 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Disable Lazy Load

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/disable-lazy-load/vendor/autoload.php

HTML / DOM Fingerprints

CSS Classes

dll_settingsdll_post_thumbnails_settings

Data Attributes

attachments-X-dll_on_attachment

FAQ