[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ftogd5GXstPrXkOXl5e-VshUrBRRaGZPgV9Op7goSvA8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":64,"crawl_stats":38,"alternatives":68,"analysis":161,"fingerprints":312},"lazy-load-for-videos","Lazy Load for Videos","2.18.9","kevinweber","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevinweber\u002F","\u003Cp>This plugin improves page load time and increases your Google PageSpeed Score. It works with oEmbed and replaces embedded Youtube and Vimeo videos with a clickable preview image.\u003Cbr \u002F>\nBy loading videos only when the user clicks on the preview image, no unnecessary JavaScript is loaded. Especially on sites with many embedded videos this will make your visitors happy. Additionally, all Youtube videos are loaded in a privacy-enhanced mode using the “https:\u002F\u002Fwww.youtube-nocookie.com” embed URL.\u003C\u002Fp>\n\u003Cp>This plugin works for your existing YouTube and Vimeo blocks. No vendor lock-in and no custom shortcodes: Easily turn the plugin on and off anytime.\u003C\u002Fp>\n\u003Cp>Plugin review with speed test results \u003Ca href=\"https:\u002F\u002Fwptavern.com\u002Fspeed-up-wordpress-with-lazy-load-for-videos\" rel=\"nofollow ugc\">on WP Tavern\u003C\u002Fa>.\u003Cbr \u002F>\nDevelopers can contribute \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkevinweber\u002Flazy-load-for-videos\" rel=\"nofollow ugc\">on Github\u003C\u002Fa>.\u003Cbr \u002F>\nMore about the author: \u003Ca href=\"https:\u002F\u002Fwww.kweber.com\" rel=\"nofollow ugc\">on kweber.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Some additional features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display video titles on preview images\u003C\u002Fli>\n\u003Cli>Display privacy disclaimer on top of preview images (e.g. for GDPR compliance)\u003C\u002Fli>\n\u003Cli>Pre-roll and post-roll advertisements: Convert all videos into a playlist and automatically add your corporate video, product teaser or another video advertisement to every video. (Great for branding and video ads!)\u003C\u002Fli>\n\u003Cli>Hide annotations such as “subscribe to channel” to avoid distractions\u003C\u002Fli>\n\u003Cli>Add custom CSS via the plugin’s admin panel\u003C\u002Fli>\n\u003Cli>Choose custom colour for your Vimeo player\u003C\u002Fli>\n\u003Cli>Hide controls from Youtube player\u003C\u002Fli>\n\u003Cli>Hide information like the video title and uploader when the video starts playing\u003C\u002Fli>\n\u003Cli>Even lazy load videos in text widgets (Youtube only)\u003C\u002Fli>\n\u003Cli>Choose between thumbnail sizes (standard or cover)\u003C\u002Fli>\n\u003Cli>Choose from several play button styles\u003C\u002Fli>\n\u003Cli>Choose the traditional red or the alternative white progress bar for the Youtube video player\u003C\u002Fli>\n\u003Cli>Don’t show related videos at the end of your videos\u003C\u002Fli>\n\u003Cli>Works with WordPress Multisite and many plugins such as TablePress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Future features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set a custom preview image per video\u003C\u002Fli>\n\u003Cli>Track how often the videos have been loaded with Google Analytics\u003C\u002Fli>\n\u003Cli>… YOU want a new feature RIGHT NOW? Please implement it yourself and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkevinweber\u002Flazy-load-for-videos\" rel=\"nofollow ugc\">contribute on Github\u003C\u002Fa>, and I’ll publish your enhancements to the official WordPress directory.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Serbian (sr_RS) – \u003Ca href=\"\u002F\u002Ffirstsiteguide.com\u002F\" rel=\"nofollow ugc\">Ogi Djuraskovic\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) – \u003Ca href=\"http:\u002F\u002Fpo5i.github.io\u002F\" rel=\"nofollow ugc\">Carlos Villavicencio\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have created your own language pack, or have an update of an existing one, you can \u003Ca href=\"https:\u002F\u002Fwww.kweber.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">send me\u003C\u002Fa> your gettext PO and MO so that I can bundle it into my plugin. You can download the latest POT file \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flazy-load-for-videos\u002Ftrunk\u002Flanguages\u002Flazy-load-for-videos.pot\" rel=\"nofollow ugc\">from here\u003C\u002Fa>.\u003C\u002Fp>\n","Boost page speed by replacing embedded YouTube and Vimeo videos with a clickable preview image. Video scripts only load on click.",10000,447036,88,105,"2025-08-23T09:05:00.000Z","6.8.5","5.6","7.2",[20,21,22,23,24],"lazy-load","performance","privacy","vimeo","youtube","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flazy-load-for-videos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-load-for-videos.2.18.9.zip",98,2,0,"2025-08-26 12:22:01","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-7732","lazy-load-for-videos-authenticated-contributor-stored-cross-site-scripting-via-data-video-title-and-href-attributes","Lazy Load for Videos \u003C= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes","The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied 'data-video-title' and 'href' attributes, decode HTML entities by default, and pass them directly into DOM sinks without any escaping or validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.18.7","2.18.8","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-08-27 01:46:48",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d28bd7d-ad3f-4720-9e09-466169fc672b?source=api-prod",1,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2023-45656","lazy-load-for-videos-cross-site-request-forgery","Lazy Load for Videos \u003C= 2.18.2 - Cross-Site Request Forgery","The Lazy Load for Videos plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.2. This is due to missing or incorrect nonce validation on one of its function. This makes it possible for unauthenticated attackers to invoke this function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.18.2","2.18.3",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-10-12 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa467ad30-8271-421c-8af4-8165fd60c03e?source=api-prod",103,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},52,87,"2026-04-04T09:16:29.321Z",[69,91,109,128,145],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":88,"download_link":89,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":90,"fetched_at":31},"wp-youtube-lyte","WP YouTube Lyte","1.7.30","Frank Goossens","https:\u002F\u002Fprofiles.wordpress.org\u002Ffuttta\u002F","\u003Cp>WP YouTube Lyte allows you to “lazy load” your video’s, by inserting responsive “Lite YouTube Embeds”. These look and feel like normal embedded YouTube, but only call the “fat” YouTube-player when clicked on, thereby \u003Ca href=\"http:\u002F\u002Fblog.futtta.be\u002F2012\u002F04\u002F03\u002Fspeed-matters-re-evaluating-wp-youtube-lytes-performance\u002F\" rel=\"nofollow ugc\">reducing download size & rendering time substantially\u003C\u002Fa> when embedding YouTube occasionally and improving page performance dramatically when you’ve got multiple YouTube video’s on one and the same page. The plugin can be configured to cache YouTube thumbnails locally, improving both performance and privacy. As such LYTE embedded YouTube videos do not require requests to the YouTube servers, probably (I am not a lawyer) allowing for better GDPR-compliance.\u003C\u002Fp>\n\u003Cp>The plugin picks up on normal YouTube links, taking over from WordPress core’s oEmbed. Alternatively you can add a YouTube-link for a video or \u003Ca href=\"http:\u002F\u002Fblog.futtta.be\u002F2011\u002F10\u002F11\u002Fwp-youtube-lyte-support-for-playlists-almost-included\u002F\" rel=\"nofollow ugc\">an entire playlist\u003C\u002Fa> with “httpv” instead of “http(s)” or add a Lyte widget to your sidebar and WP YouTube Lyte replaces that link with the correct performance-optimized code. Some examples:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>httpv:\u002F\u002Fwww.youtube.com\u002Fwatch?v=_SQkWbRublY (normal video embed)\u003C\u002Fli>\n\u003Cli>httpv:\u002F\u002Fyoutu.be\u002F_SQkWbRublY (video embed with youtube-shortlink)\u003C\u002Fli>\n\u003Cli>httpa:\u002F\u002Fwww.youtube.com\u002Fwatch?v=_SQkWbRublY (audio only embed)\u003C\u002Fli>\n\u003Cli>httpv:\u002F\u002Fwww.youtube.com\u002Fplaylist?list=PLA486E741B25F8E00 (playlist embed)\u003C\u002Fli>\n\u003Cli>httpv:\u002F\u002Fwww.youtube.com\u002Fwatch?v=_SQkWbRublY#stepSize=-1 (video player, one size smaller than what’s configured as default)\u003C\u002Fli>\n\u003Cli>httpv:\u002F\u002Fwww.youtube.com\u002Fwatch?v=_SQkWbRublY?start=20&showinfo=0 (video player, start playing at 20 seconds and don’t show title)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Or using shortcodes:\u003C\u002Fp>\n\u003Cpre>\u003Ccode> [lyte id='_SQkWbRublY' \u002F]\n [lyte id='_SQkWbRublY' audio='true' \u002F]\n [lyte id='A486E741B25F8E00' playlist='true' \u002F]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>WP YouTube Lyte has been written with optimal performance as primary goal, but has been tested for maximum browser-compatibility (iPad included) while keeping an eye on accessibility. Starting with version 1.2.0 lyte embeds are fully responsive and can automatically embed \u003Ca href=\"http:\u002F\u002Fsupport.google.com\u002Fwebmasters\u002Fbin\u002Fanswer.py?hl=en&answer=2413309\" rel=\"nofollow ugc\">videoObject microdata\u003C\u002Fa> as well. The plugin is fully multi-language, with support for Catalan, Dutch, English, French, German, Hebrew, Romanian, Spanish and Slovene.\u003C\u002Fp>\n\u003Cp>Feedback is welcome; see \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-youtube-lyte\u002Ffaq\u002F\" rel=\"ugc\">info in the faq\u003C\u002Fa> for bug reports\u002F feature requests and feel free to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-youtube-lyte\u002F\" rel=\"ugc\">rate and\u002For report on compatibility on wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","High performance YouTube video, playlist and audio-only embeds which don't slow down your blog and offer optimal accessibility.",30000,985811,96,206,"2026-03-14T15:08:00.000Z","7.0","6.0","",[86,20,21,87,24],"gdpr","video","http:\u002F\u002Fblog.futtta.be\u002Fwp-youtube-lyte\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-youtube-lyte.1.7.30.zip","2025-11-14 00:00:00",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":17,"tags":106,"homepage":107,"download_link":108,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"simple-lazy-load-videos","Simple Lazy Load Videos","1.7.2","Valerii Bohdanov","https:\u002F\u002Fprofiles.wordpress.org\u002Frad_\u002F","\u003Cp>The plugin reduces page load time and increases your Google PageSpeed score.\u003C\u002Fp>\n\u003Cp>It replaces the embedded YouTube and Vimeo videos with a video preview image, third-party CSS & JS are downloaded only after a click.\u003C\u002Fp>\n","Simple Lazy Load for embedded video from YouTube and Vimeo",300,14213,100,5,"2026-01-04T19:34:00.000Z","6.9.4","4.9",[21,87,23,24],"https:\u002F\u002Fgithub.com\u002Fradkill\u002Fsimple-lazy-load-videos","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-lazy-load-videos.1.7.2.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":99,"downloaded":117,"rating":79,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":84,"tags":122,"homepage":125,"download_link":126,"security_score":127,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"velocity","Velocity – Video Lazy Loading for YouTube, Twitch and Vimeo","1.2.1","connekthq","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnekthq\u002F","\u003Cp>Velocity is an alternative loading method to the standard to YouTube, Vimeo, Twitch and Soundcloud iframe embeds.\u003C\u002Fp>\n\u003Cp>With Velocity you will decrease the loading time and increase overall performance of your website by lazy loading media on-demand instead of on initial page load.\u003C\u002Fp>\n\u003Cp>To add Velocity to your site, simply create a Velocity shortcode by selecting a preview image and media type using the intuitive shortcode builder then add the generated snippet to your page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Fvelocity\u002F\" rel=\"nofollow ugc\">Get More Information\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Shortcode Parameters\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>type\u003C\u002Fstrong> – Choose a media type [youtube, vimeo, twitch, soundcloud].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>id\u003C\u002Fstrong> – The ID of the media item.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>options\u003C\u002Fstrong> – Add optional styling and display parameters for the embedded media – e.g. rel=0&controls=0&showinfo=0.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>playlist\u003C\u002Fstrong> – Is this a Soundcloud playlist [true\u002Ffalse].\u003C\u002Fli>\n\u003Cli>\u003Cstrong>img\u003C\u002Fstrong> – The path to the preview image.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>alt\u003C\u002Fstrong> – The alternative text to be attached to the preview image.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>color\u003C\u002Fstrong> – Play button arrow color.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bkg_color\u003C\u002Fstrong> – Play button background color.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Example Shortcode\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>[velocity type=\"youtube\" id=\"239793212\" img=\"http:\u002F\u002Fyourwebsite.com\u002Fwp-content\u002Fuploads\u002F2016\u002F01\u002Fimage-1263626715.jpg\" alt=\"Play Video\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Tested Browsers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Firefox (Mac, PC)\u003C\u002Fli>\n\u003Cli>Chrome (Mac, PC, iOS, Android)\u003C\u002Fli>\n\u003Cli>Safari (Mac, iOS)\u003C\u002Fli>\n\u003Cli>IE10+\u003C\u002Fli>\n\u003Cli>Android (Native)\u003C\u002Fli>\n\u003Cli>BB10 (Native)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Website\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Fvelocity\u002F\u003C\u002Fp>\n","Improve website performance by lazy loading and customizing your YouTube, Vimeo, Twitch and SoundCloud media embeds.",8684,6,"2020-01-04T16:19:00.000Z","5.3.21","4.0",[21,123,124,23,24],"soundcloud","twitch","https:\u002F\u002Fconnekthq.com\u002Fplugins\u002Fvelocity\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvelocity.zip",85,{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":99,"downloaded":136,"rating":101,"num_ratings":118,"last_updated":137,"tested_up_to":16,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":143,"download_link":144,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"yep-youtube-embed","YEP: Optimize YouTube Embeds","1.1.2","Webamator","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebamator\u002F","\u003Cp>YouTube iframe embeds often load many unnecessary resources, which slows down your page. YEP: Optimize YouTube Embeds is a lightweight WordPress plugin that replaces YouTube iframes with a clickable preview image.\u003Cbr \u002F>\nThe actual video loads only when the user clicks the play button, improving page load times and reducing initial page size.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin uses the external YouTube thumbnail service (https:\u002F\u002Fi.ytimg.com) to display preview images of YouTube videos.\u003Cbr \u002F>\nWhen a page with a YouTube embed is loaded, the plugin requests the thumbnail image directly from YouTube servers.\u003Cbr \u002F>\nNo personal data is sent from your site to YouTube, only the video ID (already public in the YouTube URL).\u003C\u002Fp>\n\u003Cp>Privacy Policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003Cbr \u002F>\nTerms of Service: https:\u002F\u002Fwww.youtube.com\u002Ft\u002Fterms\u003C\u002Fp>\n","Short Description: Load YouTube videos faster by replacing iframes with a preview image; the video plays only when clicked play.",2248,"2025-09-20T16:32:00.000Z","5.2","7.4",[20,141,21,87,142],"optimize","youtube-embed","https:\u002F\u002Fwww.helper-wp.com\u002Fplugins\u002Fyoutube-embed-plugin-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyep-youtube-embed.1.1.2.zip",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":153,"downloaded":154,"rating":101,"num_ratings":155,"last_updated":156,"tested_up_to":16,"requires_at_least":83,"requires_php":82,"tags":157,"homepage":84,"download_link":160,"security_score":101,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"better-core-video-embeds","Better Core Video Embeds","1.3.8","Highrise Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Fhighrisedigital\u002F","\u003Cp>This plugin provides page optimisations for pages and posts which have embedded Youtube, Vimeo or Daily Motion videos which have been added using the core embed block.\u003C\u002Fp>\n\u003Cp>Without this plugin, when using the core embed block, when your page loads, lots of external scripts and styles are loaded from the embed service, regardless of whether a visitor actually interacts with the embedded video.\u003C\u002Fp>\n\u003Cp>This plugin prevents these scripts and styles from loading until the user actually interacts with the video. It does this by replacing the video embed, on page load with the video thumbnail image (added on Youtube, Vimeo or Daily Motion). When a user clicks the thumbnail the embedded video, along with associated scripts and styles are loaded.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fk7A2kZWUb9Q?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","A plugin which enhances the core embed block for Youtube, Daily Motion and Vimeo videos by not loading unnecessary scripts until they are needed.",200,15784,11,"2025-06-02T10:52:00.000Z",[158,159,21,23,24],"embed","oembed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-core-video-embeds.1.3.8.zip",{"attackSurface":162,"codeSignals":266,"taintFlows":301,"riskAssessment":302,"analyzedAt":311},{"hooks":163,"ajaxHandlers":262,"restRoutes":263,"shortcodes":264,"cronEvents":265,"entryPointCount":29,"unprotectedCount":29},[164,170,173,176,178,182,185,190,193,196,201,205,209,212,216,218,222,224,227,228,233,235,236,237,238,240,241,242,243,245,247,249,250,252,253,254,256,257,259,260],{"type":165,"name":166,"callback":167,"file":168,"line":169},"action","init","lazyload_load_textdomain","codeispoetry.php",68,{"type":165,"name":166,"callback":171,"file":168,"line":172},"lazyload_videos_init_plugins_loaded",76,{"type":165,"name":166,"callback":174,"priority":175,"file":168,"line":27},"lazyload_videos_admin_init",16,{"type":165,"name":166,"callback":177,"priority":175,"file":168,"line":101},"lazyload_videos_frontend_init",{"type":165,"name":179,"callback":179,"file":180,"line":181},"admin_init","src\\php\\class-admin-options.php",7,{"type":165,"name":183,"callback":183,"file":180,"line":184},"admin_enqueue_scripts",8,{"type":186,"name":187,"callback":188,"priority":189,"file":180,"line":189},"filter","oembed_dataparse","lazyload_replace_video",10,{"type":165,"name":191,"callback":192,"file":180,"line":155},"admin_menu","lazyload_create_menu",{"type":165,"name":194,"callback":166,"file":195,"line":189},"enqueue_block_editor_assets","src\\php\\class-editor.php",{"type":165,"name":197,"callback":198,"file":199,"line":200},"wp_enqueue_scripts","closure","src\\php\\class-frontend.php",112,{"type":165,"name":202,"callback":203,"file":204,"line":155},"add_meta_boxes","add_meta_box","src\\php\\class-meta.php",{"type":165,"name":206,"callback":207,"file":204,"line":208},"save_post","save",12,{"type":165,"name":206,"callback":198,"file":210,"line":211},"src\\php\\class-register.php",49,{"type":165,"name":213,"callback":214,"file":210,"line":215},"admin_notices","plugin_notice_activation",56,{"type":165,"name":166,"callback":198,"file":210,"line":217},101,{"type":186,"name":219,"callback":220,"priority":208,"file":221,"line":118},"tablepress_cell_content","run_shortcode","src\\php\\inc\\support_for_tablepress.php",{"type":186,"name":219,"callback":223,"priority":208,"file":221,"line":181},"autoembed",{"type":186,"name":225,"callback":220,"priority":184,"file":226,"line":118},"widget_text","src\\php\\inc\\support_for_widgets.php",{"type":186,"name":225,"callback":223,"priority":184,"file":226,"line":181},{"type":186,"name":229,"callback":230,"priority":189,"file":231,"line":232},"woocommerce_product_export_skip_meta_keys","lazyload_videos_woocommerce_product_export_skip_meta_keys","src\\php\\inc\\support_for_woocommerce_csv_export.php",21,{"type":165,"name":166,"callback":167,"file":234,"line":169},"trunk\\codeispoetry.php",{"type":165,"name":166,"callback":171,"file":234,"line":172},{"type":165,"name":166,"callback":174,"priority":175,"file":234,"line":27},{"type":165,"name":166,"callback":177,"priority":175,"file":234,"line":101},{"type":165,"name":179,"callback":179,"file":239,"line":181},"trunk\\src\\php\\class-admin-options.php",{"type":165,"name":183,"callback":183,"file":239,"line":184},{"type":186,"name":187,"callback":188,"priority":189,"file":239,"line":189},{"type":165,"name":191,"callback":192,"file":239,"line":155},{"type":165,"name":194,"callback":166,"file":244,"line":189},"trunk\\src\\php\\class-editor.php",{"type":165,"name":197,"callback":198,"file":246,"line":200},"trunk\\src\\php\\class-frontend.php",{"type":165,"name":202,"callback":203,"file":248,"line":155},"trunk\\src\\php\\class-meta.php",{"type":165,"name":206,"callback":207,"file":248,"line":208},{"type":165,"name":206,"callback":198,"file":251,"line":211},"trunk\\src\\php\\class-register.php",{"type":165,"name":213,"callback":214,"file":251,"line":215},{"type":165,"name":166,"callback":198,"file":251,"line":217},{"type":186,"name":219,"callback":220,"priority":208,"file":255,"line":118},"trunk\\src\\php\\inc\\support_for_tablepress.php",{"type":186,"name":219,"callback":223,"priority":208,"file":255,"line":181},{"type":186,"name":225,"callback":220,"priority":184,"file":258,"line":118},"trunk\\src\\php\\inc\\support_for_widgets.php",{"type":186,"name":225,"callback":223,"priority":184,"file":258,"line":181},{"type":186,"name":229,"callback":230,"priority":189,"file":261,"line":232},"trunk\\src\\php\\inc\\support_for_woocommerce_csv_export.php",[],[],[],[],{"dangerousFunctions":267,"sqlUsage":268,"outputEscaping":271,"fileOperations":29,"externalRequests":29,"nonceChecks":299,"capabilityChecks":29,"bundledLibraries":300},[],{"prepared":269,"raw":29,"locations":270},20,[],{"escaped":272,"rawEcho":175,"locations":273},26,[274,277,279,281,283,285,287,289,291,292,293,294,295,296,297,298],{"file":180,"line":275,"context":276},255,"raw output",{"file":180,"line":278,"context":276},311,{"file":180,"line":280,"context":276},319,{"file":180,"line":282,"context":276},320,{"file":180,"line":284,"context":276},395,{"file":180,"line":286,"context":276},403,{"file":204,"line":288,"context":276},67,{"file":210,"line":290,"context":276},66,{"file":239,"line":275,"context":276},{"file":239,"line":278,"context":276},{"file":239,"line":280,"context":276},{"file":239,"line":282,"context":276},{"file":239,"line":284,"context":276},{"file":239,"line":286,"context":276},{"file":248,"line":288,"context":276},{"file":251,"line":290,"context":276},4,[],[],{"summary":303,"deductions":304},"The \"lazy-load-for-videos\" plugin v2.18.9 demonstrates some good security practices, such as using prepared statements for all SQL queries and performing nonce checks.  However, a significant concern arises from its vulnerability history, which includes two medium-severity CVEs, specifically Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). The fact that these vulnerabilities were present indicates a need for more robust input validation and output escaping, especially considering that only 62% of outputs are properly escaped. The absence of any critical or high-severity vulnerabilities in its history is positive, and the fact that there are currently no unpatched vulnerabilities is also reassuring. The plugin also has a remarkably small attack surface, with no apparent unprotected entry points, which is a strong positive security signal.",[305,307,309],{"reason":306,"points":189},"Medium severity CVEs in history (XSS, CSRF)",{"reason":308,"points":184},"Significant portion of outputs not properly escaped",{"reason":310,"points":102},"No capability checks implemented","2026-03-16T17:51:15.555Z",{"wat":313,"direct":322},{"assetPaths":314,"generatorPatterns":317,"scriptPaths":318,"versionParams":319},[315,316],"\u002Fwp-content\u002Fplugins\u002Flazy-load-for-videos\u002Fsrc\u002Fjs\u002Fadmin-settings.js","\u002Fwp-content\u002Fplugins\u002Flazy-load-for-videos\u002Fsrc\u002Fcss\u002Fadmin-settings.css",[],[315],[320,321],"\u002Fwp-content\u002Fplugins\u002Flazy-load-for-videos\u002Fsrc\u002Fjs\u002Fadmin-settings.js?ver=","\u002Fwp-content\u002Fplugins\u002Flazy-load-for-videos\u002Fsrc\u002Fcss\u002Fadmin-settings.css?ver=",{"cssClasses":323,"htmlComments":325,"htmlAttributes":327,"restEndpoints":334,"jsGlobals":335,"shortcodeOutput":338},[324],"llv-modal-video",[326],"\u003C!-- Plugin by Kevin Weber || www.kweber.com -->",[328,329,330,331,332,333],"data-lazy-video-id","data-lazy-video-width","data-lazy-video-height","data-lazy-video-title","data-lazy-video-lazy","data-lazy-video-type",[],[336,337],"KW_LLV_Frontend","KW_LLV_Settings",[]]