Compliance Impact

This vulnerability exposes sensitive information such as the site owner's LottieFiles.com account credentials, including API access tokens and email addresses, to unauthenticated attackers. Such exposure of personal and authentication data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access. Therefore, this vulnerability negatively impacts compliance with these common standards and regulations by risking unauthorized disclosure of protected data. [2]

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in the LottieFiles – Lottie block for Gutenberg WordPress plugin (up to version 3.0.0) and involves sensitive information exposure via the `/wp-json/lottiefiles/v1/settings/` REST API endpoint. Because the REST API endpoints have no authentication or permission checks (permission_callback always returns true), unauthenticated attackers can access the site owner's LottieFiles.com account credentials, including their API access token and email address, if the 'Share LottieFiles account with other WordPress users' option is enabled. This happens because the plugin exposes privileged configuration data without proper access controls. [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow unauthenticated attackers to retrieve sensitive account credentials such as API access tokens and email addresses associated with the LottieFiles.com account of the site owner. This could lead to unauthorized access to the LottieFiles account, potential misuse of API access, and compromise of the site's integration with LottieFiles services. Additionally, because the REST API endpoints allow modification and deletion of configuration data without authentication, attackers could alter or delete plugin settings, potentially disrupting site functionality or escalating privileges. [2]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking if the vulnerable REST API endpoint `/wp-json/lottiefiles/v1/settings/` is accessible without authentication. For example, you can use the following curl command to see if sensitive information is exposed: curl -X GET https://your-wordpress-site.com/wp-json/lottiefiles/v1/settings/ If the response contains LottieFiles.com account credentials such as API tokens or email addresses, the site is vulnerable. Additionally, monitoring HTTP requests to this endpoint for unauthorized access attempts can help detect exploitation. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include disabling or restricting access to the `/wp-json/lottiefiles/v1/settings/` REST API endpoint to prevent unauthenticated access. This can be done by applying authentication or capability checks to the endpoint or by disabling the LottieFiles – Lottie block for Gutenberg plugin until a patched version is available. Also, review and disable the 'Share LottieFiles account with other WordPress users' option if enabled, as it contributes to the exposure of sensitive credentials. [2]

Useful 0 Not Useful 0