Vulnerabilities and security researches forlottiefiles lottiefiles

Apr 16, 2026

CVE, Research URL: CVE-2026-0717
Home page URL: Security reports for LottieFiles – Lottie block for Gutenberg
Application: LottieFiles – Lottie block for Gutenberg
Date: Jan 14, 2026
Research Description: The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.
Affected versions: max 3.1.0.
Status: vulnerable

Feb 28, 2026

CVE, Research URL: CVE-2025-68043
Home page URL: Security reports for LottieFiles – Lottie block for Gutenberg
Application: LottieFiles – Lottie block for Gutenberg
Date: Feb 20, 2026
Research Description: Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
Affected versions: max 3.0.0.
Status: vulnerable