Does LottieFiles have any unpatched vulnerabilities?

No. All known vulnerabilities in LottieFiles have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LottieFiles compatible with WordPress 6.9.4?

According to WordPress.org data, LottieFiles 3.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LottieFiles compatible with PHP 5.6+?

LottieFiles requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LottieFiles updated?

LottieFiles was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is LottieFiles's security score?

LottieFiles has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LottieFiles Security & Risk Analysis

wordpress.org/plugins/lottiefiles

LottieFiles for WordPress is the easiest way to add Lottie animations to your WordPress website using the Gutenberg editor.

8K active installs v3.1.0 PHP 5.6+ WP 5.9+ Updated Jan 19, 2026

animationanimationsbodymovingutenberglottie

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 5, 2026

Plugin page Download

Safety Verdict

Is LottieFiles Safe to Use in 2026?

Generally Safe

Score 93/100

LottieFiles has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 5, 2026Updated 2mo ago

Risk Assessment

The "lottiefiles" v3.1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries and output escaping, with 100% of both being properly secured. The absence of dangerous functions, file operations, and external HTTP requests is also a strength. However, significant concerns arise from the attack surface analysis, which reveals one unprotected REST API route. This represents a direct entry point that could be exploited without proper authorization checks.

The vulnerability history of this plugin is a major red flag, with two known CVEs, including a past critical vulnerability. The historical prevalence of Missing Authorization and Exposure of Sensitive Information issues suggests recurring weaknesses in how the plugin handles access control and data security. While there are currently no unpatched CVEs, the past critical issue and the presence of an unprotected REST API route indicate a pattern of exploitable flaws.

In conclusion, while "lottiefiles" v3.1.0 has some secure coding practices, the single unprotected REST API route and its history of critical vulnerabilities, particularly those related to authorization and information exposure, present a substantial risk. Users should be cautious and ensure this plugin is updated to the latest version, as past critical vulnerabilities highlight a significant potential for compromise.

Key Concerns

Unprotected REST API route
History of critical vulnerability
History of medium vulnerability
Common vulnerability: Missing Authorization
Common vulnerability: Exposure of Sensitive Information

Vulnerabilities

LottieFiles Security Vulnerabilities

CVEs by Year

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-68043critical · 9.8Missing Authorization

LottieFiles <= 3.0.0 - Missing Authorization

Feb 5, 2026 Patched in 3.1.0 (5d)

CVE-2026-0717medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

LottieFiles – Lottie block for Gutenberg <= 3.0.0 - Unauthenticated Sensitive Information Exposure

Jan 13, 2026 Patched in 3.1.0 (24d)

Code Analysis

Analyzed Mar 17, 2026

LottieFiles Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped2 total outputs

Attack Surface

1 unprotected

LottieFiles Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/lottiefiles/v1/settings/src\common.php:117

WordPress Hooks 10

actionadmin_inithost.php:29

filterupload_mimeshost.php:55

filterwp_check_filetype_and_exthost.php:64

actioninitsrc\admin\settings\init.php:8

actionadmin_enqueue_scriptssrc\admin\settings\init.php:34

actionadmin_menusrc\admin\settings\init.php:42

actionrest_api_initsrc\common.php:7

filterupload_mimessrc\gutenberg-block\init.php:87

actioninitsrc\gutenberg-block\init.php:113

actionwp_enqueue_scriptssrc\gutenberg-block\init.php:137

Maintenance & Trust

LottieFiles Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version5.6

Downloads110K

Community Trust

Rating46/100

Number of ratings18

Active installs8K

Alternatives

LottieFiles Alternatives

Lottie Player – Add Interactive Lottie Animations with Block Support

embed-lottie-player

Lottie Player lets you embed any type of LottieFiles animations into WordPress Gutenberg blocks. Enhances your website with dynamic motion graphics.

5K 1 CVE

Animentor – Lottie & Bodymovin for Elementor

animentor-lottie-bodymovin-elementor

An Elementor extension that adds a widget for Lottie animations.

4K No CVEs

UiCore Animate – Free Animations, Transitions, and Interactions Addon for Elementor & Gutenberg blocks

uicore-animate

100

UiCore Animate adds page transitions, smooth scroll, and engaging animations to Elementor and Gutenberg blocks, for smoother, engaging experiences.

40K No CVEs

AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations

animategl

CSS & WebGL Animations for Elementor & Gutenberg Blocks Animations, animations from CSS class, scroll animations, lock to scrollbar.

3K 1 unpatched

LottieFiles – JSON Based Animation Lottie & Bodymovin for Elementor

include-lottie-animation-for-elementor

Creative layout to your site with smaller json file using Lottie animations.

3K 1 CVE

Developer Profile

LottieFiles Developer Profile

LottieFiles

1 plugin · 8K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect LottieFiles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lottiefiles/build/lottiefiles-admin-settings-page-style.css/wp-content/plugins/lottiefiles/build/index.css/wp-content/plugins/lottiefiles/build/lottiefiles-player.js/wp-content/plugins/lottiefiles/build/lottiefiles-interactivity.js

Script Paths

/wp-content/plugins/lottiefiles/build/lottiefiles-admin-settings-page.js/wp-content/plugins/lottiefiles/build/index.js/wp-content/plugins/lottiefiles/build/lottiefiles-player.js/wp-content/plugins/lottiefiles/build/lottiefiles-interactivity.js

Version Parameters

lottiefiles-admin-settings-page.asset.phpindex.asset.phplottiefiles-player.jslottiefiles-interactivity.js

HTML / DOM Fingerprints

CSS Classes

lottiefiles-admin-settings

Data Attributes

data-lottiefiles-iddata-lottiefiles-animation-data

JS Globals

lottiefiles

Shortcode Output

[lottie[lottieplayer

FAQ