Title: Security Vulnerablity
Last modified: October 3, 2022

---

# Security Vulnerablity

 *  Resolved [alexDx](https://wordpress.org/support/users/alexdx/)
 * (@alexdx)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/)
 * We are getting a critical message on all our sites that the a3 lazy load plugin
   has a security vulnerability. Can you please advise if there is a planned update
   for this? Otherwise I will be removing this plugin from 260 of my websites.

Viewing 10 replies - 1 through 10 (of 10 total)

 *  Plugin Author [Steve Truman](https://wordpress.org/support/users/a3rev/)
 * (@a3rev)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16066476)
 * Hello [@alexdx](https://wordpress.org/support/users/alexdx/)
 * Thank you for your report – please go to our website [https://a3rev.com/contact-us-page/](https://a3rev.com/contact-us-page/)
   and send me an email with the details of what you are seeing.
 * In the email please send the details of what you have found.
 * We need to know what the vulnerability is, how we might reproduce it and a site
   you are seeing the issue on.
 * Please don’t post any of those details on here so we have the time to resolve
   the issue and put out a patched version of indeed it is not a false positive.
 * Thank you
    Steve
 *  [wpkevin12](https://wordpress.org/support/users/wpkevin12/)
 * (@wpkevin12)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16066541)
 * I’m getting the same vulnerability message. Mine is from the WordFence Security
   plugin. It may or not be a false positive. I will also send an email to the contact
   page you listed above. Thanks.
 *  Plugin Author [Steve Truman](https://wordpress.org/support/users/a3rev/)
 * (@a3rev)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16066845)
 * Hello [@wpkevin12](https://wordpress.org/support/users/wpkevin12/),
 * Thank you – we have been able to get the same vulnerability message from running
   a Wordfence scan – it is for a ‘known’ vulnerability which is news to me. I have
   emailed Wordfence support to report the issue and as them what it is about.
 * We are putting a new version 2.6.1 out that has a very low-level vulnerability
   patch that we were aware of in the plugin framework and guessing that is what
   is causing the issue.
 * As soon as it is out we will test and see if that is it while we wait to hear
   from Wordfence.
 * I’ll keep you and [@alexdx](https://wordpress.org/support/users/alexdx/) updated
   on here.
 * Thank you
    Steve
 *  Plugin Author [Steve Truman](https://wordpress.org/support/users/a3rev/)
 * (@a3rev)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16067204)
 * [@wpkevin12](https://wordpress.org/support/users/wpkevin12/) [@alexdx](https://wordpress.org/support/users/alexdx/),
 * Ok so we have put out version 2.6.1 with what we thought may have been triggering
   the Wordfence Vulnerability scan report – but no it was not that.
 * I am sorry – we just have to wait now for Wordfence to actually inform us of 
   why they are returning that. There is no vulnerability that we are aware of at
   this stage. If we did know we would fix it. I mean we are Wordfence Premium customers
   and run Wordfence and a3 Lazy Load on our own and all of our customer sites, 
   so I’m just as keen as anyone to get to the bottom of this.
 * I am tagging the Wordfence team here, to try and get some help because I cannot
   get a response from them via email and I am locked out of my Wordfence account
   after doing just 2 login attempts and a password reset and attempting to log 
   in with the new password.
 * [@mmaunder](https://wordpress.org/support/users/mmaunder/), [@mbarry](https://wordpress.org/support/users/mbarry/),
   [@wfryan](https://wordpress.org/support/users/wfryan/), [@wfmattr](https://wordpress.org/support/users/wfmattr/)
 * Thank you
    Steve
    -  This reply was modified 3 years, 7 months ago by [Steve Truman](https://wordpress.org/support/users/a3rev/).
 *  [wpkevin12](https://wordpress.org/support/users/wpkevin12/)
 * (@wpkevin12)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16067247)
 * Thanks for the fast response!
 *  [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16068446)
 * [@a3rev](https://wordpress.org/support/users/a3rev/): Sorry for the trouble —
   we got your message overnight for most of our team. We’ll be back in touch via
   email.
 * -Matt R
 *  Plugin Author [Steve Truman](https://wordpress.org/support/users/a3rev/)
 * (@a3rev)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16069898)
 * Hello [@alexdx](https://wordpress.org/support/users/alexdx/) [@wpkevin12](https://wordpress.org/support/users/wpkevin12/)
 * I have been contacted by the Wordfence team. Please upgrade to the Wordfence 
   version 7.7.1 and you will see that a3 lazy Load no longer appears as a vulnerability
   in the scan results.
 * Thank you to the Wordfence team for quickly resolving the issue. [@wfmattr](https://wordpress.org/support/users/wfmattr/)
 * Steve
 *  [wpkevin12](https://wordpress.org/support/users/wpkevin12/)
 * (@wpkevin12)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16069968)
 * Thanks again, Steve!
 * I have to say, your incredibly rapid and consistent responses are impressive 
   and appreciated!
 * I actually just wrote a 5 star review about you and your plugin, and invite anyone
   else that feels the same to do the same here: [https://wordpress.org/support/plugin/a3-lazy-load/reviews/](https://wordpress.org/support/plugin/a3-lazy-load/reviews/)
 *  Thread Starter [alexDx](https://wordpress.org/support/users/alexdx/)
 * (@alexdx)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16069970)
 * Thank you [@a3rev](https://wordpress.org/support/users/a3rev/) & [@wfmattr](https://wordpress.org/support/users/wfmattr/)!
 *  Plugin Author [Steve Truman](https://wordpress.org/support/users/a3rev/)
 * (@a3rev)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16070025)
 * Hi [@alexdx](https://wordpress.org/support/users/alexdx/) [@wpkevin12](https://wordpress.org/support/users/wpkevin12/)
 * Thank you both for the 5-star reviews and recommendations. Pleased we were able
   to get the issue quickly sorted out.
 * Steve

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Security Vulnerablity’ is closed to new replies.

 * ![](https://ps.w.org/a3-lazy-load/assets/icon.svg?rev=1049979)
 * [a3 Lazy Load](https://wordpress.org/plugins/a3-lazy-load/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/a3-lazy-load/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/a3-lazy-load/)
 * [Active Topics](https://wordpress.org/support/plugin/a3-lazy-load/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/a3-lazy-load/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/a3-lazy-load/reviews/)

 * 15 replies
 * 4 participants
 * Last reply from: [Steve Truman](https://wordpress.org/support/users/a3rev/)
 * Last activity: [3 years, 7 months ago](https://wordpress.org/support/topic/security-vulnerablity/#post-16070025)
 * Status: resolved