Does LZ Scroll Up have any unpatched vulnerabilities?

No. All known vulnerabilities in LZ Scroll Up have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LZ Scroll Up compatible with WordPress 5.7.15?

According to WordPress.org data, LZ Scroll Up 1.2.0 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is LZ Scroll Up updated?

LZ Scroll Up was last updated on May 15, 2021. Frequent updates are generally a positive security signal.

What is LZ Scroll Up's security score?

LZ Scroll Up has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LZ Scroll Up Security & Risk Analysis

wordpress.org/plugins/lz-scroll-up

LZ Scroll Up is an awesome, Super lightweight plugin for your wordpress website

10 active installs v1.2.0 PHP + WP 4.0+ Updated May 15, 2021

back-to-toplink-to-topnavigationscrollscroll-back-to-top

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LZ Scroll Up Safe to Use in 2026?

Generally Safe

Score 85/100

LZ Scroll Up has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

Based on the static analysis, the "lz-scroll-up" v1.2.0 plugin presents a generally positive security posture due to the absence of known critical vulnerabilities and a lack of dangerous functions or file operations. The complete lack of external HTTP requests and the use of prepared statements for all SQL queries are commendable security practices.

However, a significant concern arises from the fact that 100% of the 12 identified output points are not properly escaped. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or dynamic content displayed by the plugin could be executed as JavaScript in the user's browser. The absence of nonce and capability checks across all entry points is also a notable weakness, potentially allowing unauthorized users to trigger plugin actions, although the analysis indicates a very limited attack surface with no identified unprotected entry points.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the static analysis findings of no critical taint flows, suggests a historically well-maintained plugin. Nevertheless, the critical issue of unescaped output needs immediate attention to mitigate potential XSS risks and maintain its strong security reputation.

Key Concerns

Unescaped output found
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

LZ Scroll Up Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

LZ Scroll Up Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped12 total outputs

Attack Surface

LZ Scroll Up Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actioninitmain-hooks.php:16

actionadmin_menumain-hooks.php:34

actionadmin_enqueue_scriptsmain-hooks.php:53

actionadmin_initmain-hooks.php:61

actionwp_headmain-hooks.php:222

Maintenance & Trust

LZ Scroll Up Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMay 15, 2021

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

LZ Scroll Up Alternatives

LZ Scroll Bar

lz-scroll-bar

LZ Scroll Bar Up is an awesome, Super lightweight plugin for your wordpress website

0 No CVEs

Beam me up Scotty – Back to Top Button

beam-me-up-scotty

Add a back to top button to your site quickly and easily with this simple and easy to configure plugin.

1K 1 unpatched

Smooth Scroll Up

smooth-scroll-up

Smooth Scroll Up is a lightweight plugin that creates a customizable back to top feature in your WordPress website.

7K No CVEs

Back To Top Pro

back-to-top-pro

100

Scroll To Top plus 3 more Buttons including Back to Top, Home, Back and Email Buttons. Multiple styles, colors, position, sizes, opacity and more

100 No CVEs

Scrollr

scrollr

100

Scroll smoothly to a page's section or push it back to the top.

100 No CVEs

Developer Profile

LZ Scroll Up Developer Profile

Nazmul Islam

3 plugins · 10 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LZ Scroll Up

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lz-scroll-up/js/color-pickr.js/wp-content/plugins/lz-scroll-up/js/jquery.scrollUp.js

Script Paths

js/color-pickr.jsjs/jquery.scrollUp.js

Version Parameters

lz-scroll-up/js/jquery.scrollUp.js?ver=js/color-pickr.js?ver=

HTML / DOM Fingerprints

Data Attributes

class="lz-color-field"

JS Globals

jQuery.scrollUp

FAQ