@debridge-finance/solana-grpc (>=1.1.2 <=1.1.3), @mochi-web3/connect-wallet-widget (>=0.0.7 <=0.2.10) +2 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.74.0)

@solana/web3.js NPM version =1.74.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @debridge-finance/solana-grpc =1.1.2, =0.0.7, =0.2.2, =1.194.0, =1.261.0 Source cves: CVE-2024-30253 Source advisory:...

WordPress EthPress – Web3 Login Plugin < 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software EthPress – Web3 Login Type Plugin Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8300c2068fb2 Credits Rafie Muhammad Patchstack...

WordPress EthPress – Web3 Login plugin <= 1.5.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress EthPress – Web3 Login plugin versions = 1.5.0. Solution Update the WordPress EthPress – Web3 Login plugin to the latest available version at least 1.5.1...

WordPress EthPress – Web3 Login plugin <= 1.5.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress EthPress – Web3 Login plugin versions = 1.5.0. Solution Update the WordPress EthPress – Web3 Login plugin to the latest available version at least 1.5.1...