PT-2026-2832 · Unknown+1 · Lottiefiles+1
Yoshi Cat
·
Published
2026-01-14
·
Updated
2026-01-14
·
CVE-2026-0717
CVSS v3.1
5.3
Medium
| AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LottieFiles – Lottie block for Gutenberg plugin for WordPress versions prior to 3.0.1
Description
The LottieFiles – Lottie block for Gutenberg plugin for WordPress is susceptible to exposure of sensitive information. An unauthenticated attacker can retrieve a site owner’s LottieFiles.com account credentials, including their API access token and email address, when the 'Share LottieFiles account with other WordPress users' option is enabled. This is possible through the
/wp-json/lottiefiles/v1/settings/ API endpoint. The API access token is a credential used to access the LottieFiles.com service.Recommendations
Update to version 3.0.1 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lottie Block For Gutenberg
Lottiefiles