Does Disable Lazy Load have any unpatched vulnerabilities?

No. All known vulnerabilities in Disable Lazy Load have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Disable Lazy Load compatible with WordPress 6.9.4?

According to WordPress.org data, Disable Lazy Load 2.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Disable Lazy Load compatible with PHP 5.6.20+?

Disable Lazy Load requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Disable Lazy Load updated?

Disable Lazy Load was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is Disable Lazy Load's security score?

Disable Lazy Load has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disable Lazy Load Security & Risk Analysis

wordpress.org/plugins/disable-lazy-loading

Activate this plugin to disable the Lazy Loading feature that was added in WP v5.5.

10K active installs v2.5 PHP 5.6.20+ WP 5.4+ Updated Jan 28, 2026

imageslazylazy-loadlazyloadload

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Disable Lazy Load Safe to Use in 2026?

Generally Safe

Score 100/100

Disable Lazy Load has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "disable-lazy-loading" v2.5 plugin exhibits a strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the attack surface, and importantly, all entry points are either absent or have proper authorization checks. Code signals are overwhelmingly positive, with no dangerous functions, 100% prepared SQL statements, and 100% properly escaped output. There are also no file operations, external HTTP requests, or bundled libraries, which further reduce potential vulnerabilities. Taint analysis shows zero flows, indicating no identified risks related to unsanitized data. The plugin's vulnerability history is also clean, with no known CVEs recorded, suggesting a history of secure development and maintenance. Overall, this plugin appears to be very secure. The only area for potential improvement, though not a current risk based on the data, is the complete lack of nonce and capability checks. While the attack surface is currently zero, if any new entry points were to be introduced in future versions, the absence of these fundamental security checks could become a concern.

Vulnerabilities

None known

Disable Lazy Load Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Disable Lazy Load Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Disable Lazy Load Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

filterwp_lazy_loading_enableddisable-lazy-loading.php:40

filterwp_get_attachment_image_attributesdisable-lazy-loading.php:46

Maintenance & Trust

Disable Lazy Load Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 28, 2026

PHP min version5.6.20

Downloads148K

Community Trust

Rating90/100

Number of ratings23

Active installs10K

Alternatives

Disable Lazy Load Alternatives

Smart LazyLoad – Lazy Load Images, Videos and Iframes

lazy-load-for-images

100

The best free, lightweight lazy load plugin for WordPress. Lazy loading images, videos, and iframes to improve performance and Core Web Vitals scores.

300 No CVEs