CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043

CVE-2025-68043 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin LottieFiles (versions &lt;= 3.0.0). The NVD and nuclei/patch sources describe an insecure access control configuration that lets an attacker bypass authorization and access or modify restricted...

CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

WordPress plugin LottieFiles 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

PT-2026-2832

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2024-5060

The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5060

The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

PT-2024-34349 · WordPress · Lottiefiles

Name of the Vulnerable Software and Affected Versions: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress versions up to, and including, 1.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...