cleantalk
Vulnerabilities and Security Researches

LottieFiles – Lottie block for Gutenberg, CVE-2026-0717

CVE, Research URL

CVE-2026-0717

Home page URL

Security reports for LottieFiles – Lottie block for Gutenberg

Application

LottieFiles – Lottie block for Gutenberg

Published on
Jan 14, 2026
Research Description
The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.
Affected versions
max 3.1.0.
Status
vulnerable
Previous vulnerability researches
Geo Mashup (CVE-2026-2416) , Apr 15, 2026
Geo Mashup (CVE-2018-14071) , Jun 07, 2024
Geo Mashup (CVE-2015-1383) , Jun 07, 2024
Geo Mashup (CVE-2022-4974) , Nov 15, 2024
Geo Mashup (CVE-2024-44008) , Sep 19, 2024
New vulnerability
Stripe Payments by Buy Now Plus – Best WordPress Stripe Credit Card Payments Plugin (CVE-2026-1295) , Apr 16, 2026
ZoomifyWP Free (CVE-2026-1187) , Apr 16, 2026
SEATT: Simple Event Attendance (CVE-2026-1983) , Apr 16, 2026
CP Image Store with Slideshow (CVE-2026-0684) , Apr 16, 2026
Payment Page | Best Payment Plugin for Stripe & PayPal (CVE-2026-0751) , Apr 16, 2026