CVE-2015-9415

HIGH EXPLOITED NUCLEI

Angrycreative BJ Lazy Load < 1.0 - Improper Input Validation

Title source: rule

Description

The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion.

Exploits (1)

github WORKING POC 4 stars
by halilkirazkaya · poc
https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2015/CVE-2015-9415.md

Nuclei Templates (1)

BJ Lazy Load (Timthumb) <= 0.7.5 - Remote File Inclusion
HIGHVERIFIEDby s4e-io
FOFA: body="/wp-content/plugins/bj-lazy-load"

References (2)

Scores

CVSS v3 7.5
EPSS 0.1803
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2015-09-02
CWE
CWE-20
Status published
Products (1)
angrycreative/bj_lazy_load < 1.0
Published Sep 26, 2019
Tracked Since Feb 18, 2026