Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Good Breakdown o' Recent WordPress Vulnerability

The Sucuri Blog has a good dissection o' th' recent critical WordPress REST API vulnerability. Ahoy! I won’t rehash th' details here, but I did want t' point out that this is why developers should remember t' follow these two rules o' defensive programmin':

  1. Sanitize inputs as early as possible
  2. Sanitize outputs as late as possible

In this case, there were bein' a failure t' follow th' first rule. There are a couple o' different places where this could have been handled better.

Continue readin'


wkhtmltopdf and wkhtmltoimage are open source (LGPLv3) command line tools t' render HTML into PDF and various image formats usin' th' Qt WebKit renderin' engine. These run entirely “headless” and dern't require a display or display service.