LottieFiles – Lottie block for Gutenberg

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.

Basic Information

ID CVE-2026-0717

Source Wordfence

Published Jan 14, 2026 at 05:28

Affected Product

Vendor lottiefile

Product LottieFiles – Lottie block for Gutenberg

Version *

Affected Versions lottiefile LottieFiles – Lottie block for Gutenberg *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The LottieFiles \u2013 Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.",
    "published": "2026-01-14T05:28:04.741Z",
    "modified": "2026-01-14T05:28:04.741Z",
    "type": "cve",
    "title": "LottieFiles \u2013 Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/19b159ca-4b41-48b4-880d-9b9dc44b3463?source=cve\nhttps://plugins.trac.wordpress.org/browser/lottiefiles/tags/3.0.0/src/common.php?marks=21,122#L21",
    "id": "CVE-2026-0717",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "lottiefile LottieFiles \u2013 Lottie block for Gutenberg *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LottieFiles \u2013 Lottie block for Gutenberg",
    "version": "*",
    "vendor": "lottiefile",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure_CVE-2026-0717