CVE-2025-68043 PoC — WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-68043.yaml

Associated Vulnerability

Title:WordPress LottieFiles plugin <= 3.0.0 - Broken Access Control vulnerability (CVE-2025-68043)
Description:Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.

Description

LottieFiles LottieFiles <= 3.0.0 contains a broken access control vulnerability caused by incorrectly configured access control security levels, letting attackers exploit missing authorization, exploit requires no special privileges.

File Snapshot


 id: CVE-2025-68043

info:
  name: LottieFiles WordPress Plugin <= 3.0.0 - Missing Authorization
  au

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →