Mlgualtieri

**Name of the Vulnerable Software and Affected Versions** gatsby-source-wordpress versions prior to 4.0.8 and 5.9.2 **Description** The gatsby-source-wordpress plugin leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. This issue affects users who initialize basic authentication credentials in the gatsby-config.js. A patch has been introduced to mitigate the issue by filtering all variables specified in the `auth: { }` section. **Recommendations** For versions prior to 4.0.8, upgrade to gatsby-source-wordpress@4.0.8, run `gatsby clean` followed by a `gatsby build`. For versions prior to 5.9.2, upgrade to gatsby-source-wordpress@5.9.2, run `gatsby clean` followed by a `gatsby build`. As a temporary workaround, consider manually editing the app.js file post-build to remove leaked credentials.