CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043 WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through = 3.0.0...

CVE-2025-68043

CVE-2025-68043 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin LottieFiles (versions &lt;= 3.0.0). The NVD and nuclei/patch sources describe an insecure access control configuration that lets an attacker bypass authorization and access or modify restricted...

WordPress plugin LottieFiles 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

PT-2026-2832

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2024-5060

The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5060

The LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

PT-2024-34349 · WordPress · Lottiefiles

Name of the Vulnerable Software and Affected Versions: LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor plugin for WordPress versions up to, and including, 1.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...