cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forlottiefiles lottiefiles

Direction: ascending
Feb 28, 2026

LottieFiles – Lottie block for Gutenberg # CVE-2025-68043

CVE, Research URL

CVE-2025-68043

Home page URL

Security reports for LottieFiles – Lottie block for Gutenberg

Application

LottieFiles – Lottie block for Gutenberg

Date
Feb 20, 2026
Research Description
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
Affected versions
max 3.0.0.
Status
vulnerable
Apr 16, 2026

LottieFiles &#8211; Lottie block for Gutenberg # CVE-2026-0717

CVE, Research URL

CVE-2026-0717

Home page URL

Security reports for LottieFiles &#8211; Lottie block for Gutenberg

Application

LottieFiles &#8211; Lottie block for Gutenberg

Date
Jan 14, 2026
Research Description
The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.
Affected versions
max 3.1.0.
Status
vulnerable