Does AM LottiePlayer have any unpatched vulnerabilities?

No. All known vulnerabilities in AM LottiePlayer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AM LottiePlayer compatible with WordPress 6.9.4?

According to WordPress.org data, AM LottiePlayer 3.6.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AM LottiePlayer compatible with PHP 7.0+?

AM LottiePlayer requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AM LottiePlayer updated?

AM LottiePlayer was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is AM LottiePlayer's security score?

AM LottiePlayer has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AM LottiePlayer Security & Risk Analysis

wordpress.org/plugins/am-lottieplayer

The most complete Lottie Player plugin! It is lightweight, versatile and easy to use, and it works with Gutenberg, Divi, Elementor and Flatsome.

800 active installs v3.6.3 PHP 7.0+ WP 5.9+ Updated Mar 11, 2026

bodymovingifgutenberglottiesvg

A · Safe

CVEs total1

Unpatched0

Last CVEApr 30, 2025

Plugin page Download

Safety Verdict

Is AM LottiePlayer Safe to Use in 2026?

Generally Safe

Score 99/100

AM LottiePlayer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 30, 2025Updated 24d ago

Risk Assessment

The "am-lottieplayer" plugin, version 3.6.3, presents a generally positive security posture based on the static analysis. The absence of dangerous functions, SQL queries without prepared statements, file operations, and external HTTP requests are strong indicators of secure coding practices. The high percentage of properly escaped output and the presence of nonce and capability checks further bolster its security. The limited attack surface, with only one shortcode and no unprotected entry points, is also a significant strength.

The vulnerability history, however, reveals a past medium-severity Cross-site Scripting (XSS) vulnerability. While this vulnerability is noted as currently unpatched, the timing of the "last vulnerability" date (2025-04-30) seems to be in the future, which might indicate a data anomaly or that the vulnerability was disclosed recently and a patch is pending. The single CVE, despite being medium severity, warrants attention as it highlights a potential weakness in input handling.

Overall, the plugin demonstrates good security practices in its current codebase. The primary area of concern stems from the past XSS vulnerability, suggesting a need for continued vigilance in input sanitization and output escaping, even if current analysis shows high compliance. Users should ensure they are on the latest version if available to mitigate any previously disclosed vulnerabilities.

Key Concerns

Past medium severity XSS vulnerability

Vulnerabilities

AM LottiePlayer Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-1529medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File

Apr 30, 2025 Patched in 3.5.4 (1d)

Code Analysis

Analyzed Mar 16, 2026

AM LottiePlayer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

74 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

89% escaped83 total outputs

Attack Surface

AM LottiePlayer Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[am-lottieplayer] includes\builders\builder.php:42

WordPress Hooks 20

actionactivated_pluginincludes\admin.php:24

actionpre_current_active_pluginsincludes\admin.php:28

actionadmin_enqueue_scriptsincludes\admin.php:33

actionwp_dashboard_setupincludes\admin.php:39

actionwp_enqueue_scriptsincludes\builders\bricks\element.php:482

actioninitincludes\builders\builder.php:23

actiondivi_extensions_initincludes\builders\builder.php:24

actionelementor/widgets/registerincludes\builders\builder.php:25

actionvc_before_initincludes\builders\builder.php:26

actionwp_enqueue_scriptsincludes\builders\builder.php:28

filterwp_check_filetype_and_extincludes\media.php:19

filterupload_mimesincludes\media.php:62

filterwp_generate_attachment_metadataincludes\media.php:73

filterwp_get_attachment_metadataincludes\media.php:147

filterwp_handle_upload_prefilterincludes\media.php:164

filterwp_mime_type_iconincludes\media.php:248

filterhttps_ssl_verifyincludes\media.php:288

actionwp_enqueue_mediaincludes\media.php:292

actionadmin_footerincludes\media.php:306

filterupload_mimesincludes\upload-thumbnail.php:55

Maintenance & Trust

AM LottiePlayer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version7.0

Downloads26K

Community Trust

Rating100/100

Number of ratings5

Active installs800

Alternatives

AM LottiePlayer Alternatives

LottieFiles

lottiefiles

LottieFiles for WordPress is the easiest way to add Lottie animations to your WordPress website using the Gutenberg editor.

8K 2 CVEs

Lottie Player – Add Interactive Lottie Animations with Block Support

embed-lottie-player

Lottie Player lets you embed any type of LottieFiles animations into WordPress Gutenberg blocks. Enhances your website with dynamic motion graphics.

5K 1 CVE

Animentor – Lottie & Bodymovin for Elementor

animentor-lottie-bodymovin-elementor

An Elementor extension that adds a widget for Lottie animations.

4K No CVEs

LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor

include-lottie-animation-for-elementor

Creative layout to your site with smaller json file using Lottie animations.

3K 1 CVE

JVM Rich Text Icons

jvm-rich-text-icons

Insert icons anywhere in your content — inline in text, headings, buttons, or as a standalone block.

3K 2 CVEs

Developer Profile

AM LottiePlayer Developer Profile

Johan Martin Aarstein

2 plugins · 800 total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect AM LottiePlayer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/am-lottieplayer/assets/css/admin.min.css

Script Paths

/wp-content/plugins/am-lottieplayer/assets/js/vendor/dotlottie-player.js/wp-content/plugins/am-lottieplayer/assets/js/vendor/dotlottie-player-light.js/wp-content/plugins/am-lottieplayer/assets/js/media.js

Version Parameters

am-lottieplayer/assets/css/admin.min.css?ver=am-lottieplayer/assets/js/vendor/dotlottie-player.js?ver=am-lottieplayer/assets/js/vendor/dotlottie-player-light.js?ver=am-lottieplayer/assets/js/media.js?ver=

HTML / DOM Fingerprints

CSS Classes

am-lottieplayer-dashboard-widget

HTML Comments

Data Attributes

data-am-lottieplayer-iddata-am-lottieplayer-srcdata-am-lottieplayer-options

JS Globals

aamdPHPVariables

REST Endpoints

/wp/v2/media/

Shortcode Output

[am_lottieplayer[am_lottieplayer_vc][am_lottieplayer_elementor]

FAQ