WordPress Plugin Vulnerabilities

LottieFiles < 3.1.0 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
lottiefiles
Fixed in 3.1.0

References

CVE
CVE-2025-68043
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/9505b778-294f-45bc-a36c-22fbb894a294

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.2 (high)

Miscellaneous

Original Researcher
NumeX
Verified
No
WPVDB ID
c36b7701-2ab5-430f-8a9f-9bcc9216d894

Timeline

Publicly Published
2026-02-05 (about 3 months ago)
Added
2026-02-09 (about 3 months ago)
Last Updated
2026-02-10 (about 3 months ago)

Other

Published
Title
Published
2023-12-27
Title
Build App Online < 1.0.21 - Subscriber+ Privilege Escalation
Published
2026-02-25
Title
Tutor LMS – eLearning and online course solution < 3.9.6 - Missing Authorization
Published
2023-07-10
Title
Buy Me a Coffee – Button and Widget Plugin < 3.8 - Subscriber+ Unauthorized Data Modification
Published
2026-02-23
Title
Frontend Profile <= 1.3.9 - Missing Authorization
Published
2025-05-07
Title
GS Testimonial Slider < 3.3.1 - Missing Authorization