Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Monthly Archives: February 2017

Good Breakdown of Recent WordPress Vulnerability

The Sucuri Blog has a good dissection of the recent critical WordPress REST API vulnerability. I won’t rehash the details here, but I did want to point out that this is why developers should remember to follow these two rules of defensive programming:

  1. Sanitize inputs as early as possible
  2. Sanitize outputs as late as possible

In this case, there was a failure to follow the first rule. There are a couple of different places where this could have been handled better.

Continue reading