Medium severity5.3NVD Advisory· Published Jan 14, 2026· Updated Apr 15, 2026
CVE-2026-0717
CVE-2026-0717
Description
The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site owner's LottieFiles.com account credentials including their API access token and email address when the 'Share LottieFiles account with other WordPress users' option is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.0.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.