CVE-2026-0717

CVSS v3.1

5.3

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the

/wp-json/lottiefiles/v1/settings/

REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2026-0717

Affected Products

Lottiefiles – Lottie Block For Gutenberg

CVE-2026-0717

Weakness Enumeration

Related Identifiers

Affected Products

References · 3