CVE-2026-0717

Name of the Vulnerable Software and Affected Versions LottieFiles – Lottie block for Gutenberg plugin for WordPress versions prior to 3.0.1

Description The LottieFiles – Lottie block for Gutenberg plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can retrieve a site owner’s LottieFiles.com account credentials, including their API access token and email address, when the 'Share LottieFiles account with other WordPress users' option is enabled. This is possible through the /wp-json/lottiefiles/v1/settings/ API endpoint. The API access token is a credential used to access the LottieFiles.com service.

Recommendations Update to version 3.0.1 or later.