Does lazysizes have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is lazysizes compatible with WordPress 5.5.18?

According to WordPress.org data, lazysizes 1.3.3 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is lazysizes compatible with PHP 5.6+?

lazysizes requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is lazysizes updated?

lazysizes was last updated on Aug 13, 2020. Frequent updates are generally a positive security signal.

What is lazysizes's security score?

lazysizes has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

lazysizes Security & Risk Analysis

wordpress.org/plugins/lazysizes

High performance and SEO friendly lazy loader for images, iframes and more. Many features, like low-res Blurhash placeholders and image fade-in

700 active installs v1.3.3 PHP 5.6+ WP 3.9+ Updated Aug 13, 2020

blurhashimagelazy-loadlazysizesperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is lazysizes Safe to Use in 2026?

Generally Safe

Score 85/100

lazysizes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The lazysizes v1.3.3 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. The code adheres to many best practices, including the absence of dangerous functions, 100% use of prepared statements for SQL queries, and proper output escaping for all identified outputs. The limited attack surface, with only one AJAX handler and no REST API routes or shortcodes, further contributes to its security. The presence of nonce checks on the AJAX handler is a positive sign. The complete lack of known CVEs, including unpatched vulnerabilities, is a significant indicator of past and ongoing security diligence.

Vulnerabilities

None known

lazysizes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

lazysizes Release Timeline

v1.3.3Current

v1.3.2

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.3.0

v0.2.0

v0.1.3

Code Analysis

Analyzed Mar 16, 2026

lazysizes Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped7 total outputs

Attack Surface

lazysizes Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_lazysizes_blurhashinc\Lazysizes\PluginCore.php:136

WordPress Hooks 19

actionplugins_loadedinc\Lazysizes\PluginCore.php:80

actionadmin_enqueue_scriptsinc\Lazysizes\PluginCore.php:84

actionwp_headinc\Lazysizes\PluginCore.php:91

actionwp_headinc\Lazysizes\PluginCore.php:97

actionwp_enqueue_scriptsinc\Lazysizes\PluginCore.php:101

filterthe_contentinc\Lazysizes\PluginCore.php:104

filteracf_the_contentinc\Lazysizes\PluginCore.php:108

filterwidget_textinc\Lazysizes\PluginCore.php:113

filterpost_thumbnail_htmlinc\Lazysizes\PluginCore.php:117

filterget_avatarinc\Lazysizes\PluginCore.php:122

filterwp_get_attachment_image_attributesinc\Lazysizes\PluginCore.php:127

filterwp_generate_attachment_metadatainc\Lazysizes\PluginCore.php:133

filterwp_prepare_attachment_for_jsinc\Lazysizes\PluginCore.php:134

filterbody_classinc\Lazysizes\PluginCore.php:139

filterwp_lazy_loading_enabledinc\Lazysizes\PluginCore.php:144

actionadmin_menuinc\Lazysizes\Settings.php:44

actionadmin_initinc\Lazysizes\Settings.php:45

actionadmin_enqueue_scriptsinc\Lazysizes\Settings.php:46

actionupgrader_process_completeinc\Lazysizes\Settings.php:47

Maintenance & Trust

lazysizes Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedAug 13, 2020

PHP min version5.6

Downloads18K

Community Trust

Rating100/100

Number of ratings6

Active installs700

Alternatives

lazysizes Alternatives

Lazy Loader

lazy-loading-responsive-images

Lazy loading plugin that supports images, iFrames, video and audio elements and uses the lightweight lazysizes script. With manual modification of the …

10K No CVEs

Unveil Lazy Load

unveil-lazy-load

Unveil Lazy Load is a WordPress Plugin whitch makes lazy-image-load possible to decrease number of requests and improve page loading time.

3K No CVEs

Smart Image Loader

smart-image-loader

Smart Image Loader is a fire-and-forget priority and lazy loader for image sources. Can be a huge performance boost especially for one pagers.

100 No CVEs

Native Image Lazy Loading

native-image-lazy-loading

Automatically add the new loading attribute to images within your content to support native image lazy loading.

20 No CVEs

Lazy Load Image Filter

lazy-load-image-filter

The Lazy Load Image Filter plugin makes every image in your WordPress site use lazy loading to drasticly increase performance! Why this plugin? This p …

10 No CVEs

Developer Profile

lazysizes Developer Profile

Patrick Sletvold

2 plugins · 3K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect lazysizes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lazysizes/css//wp-content/plugins/lazysizes/js/

Script Paths

/wp-content/plugins/lazysizes/js/lazysizes.min.js

Version Parameters

lazysizes/css/lazyload.css?ver=lazysizes/js/lazysizes.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

lazysizes-blurhashlazysizes-loading

HTML Comments

Data Attributes

data-srcdata-srcsetdata-sizesdata-parent-fitdata-expanddata-ratio+8 more

JS Globals

lazysizes

FAQ