LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization

LottieFiles LottieFiles = 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges. id: CVE-2025-68043 info: name: LottieFiles WordPress Plugin =...

VulnCheck KEV: CVE-2025-68043

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043

CVE-2025-68043 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin LottieFiles (versions &lt;= 3.0.0). The NVD and nuclei/patch sources describe an insecure access control configuration that lets an attacker bypass authorization and access or modify restricted...

CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

PT-2026-21081

Name of the Vulnerable Software and Affected Versions LottieFiles versions through 3.0.0 Description An authorization issue exists in LottieFiles lottiefiles, allowing exploitation of incorrectly configured access control security levels. Recommendations Update to a version later than 3.0.0...

WordPress plugin LottieFiles 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin LottieFiles versions = 3.0.0...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2026-0717

CVE-2026-0717 affects the LottieFiles – Lottie block for Gutenberg (WordPress). The Wordfence vulnerability report and CVE entries confirm unauthenticated exposure of sensitive information via the REST API endpoint /wp-json/lottiefiles/v1/settings/ for versions up to and including 3.0.0, enabling...

CVE-2026-0717 LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2026-0717 LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

WordPress plugin LottieFiles – Lottie block for Gutenberg 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

PT-2026-2832

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

EUVD-2024-46324

Malicious code in bioql PyPI...

CVE-2024-5060

The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

MAL-2024-10301 Malicious code in @lottiefiles/lottie-player (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security faa879b0fa360852899250846599b4b81d442b942d5e4fec4101044400272af1 The NPM package @lottiefiles/lottie-player had unauthorized new versions published that contained malicious code. The malicious code...