Yoshi Cat

**Name of the Vulnerable Software and Affected Versions** LottieFiles – Lottie block for Gutenberg plugin for WordPress versions prior to 3.0.1 **Description** The LottieFiles – Lottie block for Gutenberg plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can retrieve a site owner’s LottieFiles.com account credentials, including their API access token and email address, when the 'Share LottieFiles account with other WordPress users' option is enabled. This is possible through the `/wp-json/lottiefiles/v1/settings/` API endpoint. The `API access token` is a credential used to access the LottieFiles.com service. **Recommendations** Update to version 3.0.1 or later.