fix: address security vulnerabilities in webhooks plugin #336
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🦋 Changeset detectedLatest commit: cff50ab The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
ℹ️ Download the latest wp-graphql-webhooks plugin zip from this PR |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR strengthens security in the wp-graphql-webhooks plugin by sanitizing inputs/outputs, tightening authorization checks, and ensuring sensitive data isn’t logged by default.
- Added
esc_htmland proper sanitization functions to exception messages, nonces, and user inputs - Wrapped debug logs in
WP_DEBUGchecks and removed sensitive URL/headers from default logs - Replaced capability checks and nonce verifications for admin actions
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| plugins/wp-graphql-webhooks/src/Services/PluginServiceLocator.php | Escape exception messages with esc_html to prevent HTML injection |
| plugins/wp-graphql-webhooks/src/Rest/WebhookTestEndpoint.php | Conditional debug logging, redact sensitive URL/headers, and static triggered_by |
| plugins/wp-graphql-webhooks/src/Handlers/WebhookHandler.php | Wrapped dispatch logs in WP_DEBUG checks, but still logs sensitive URL/headers |
| plugins/wp-graphql-webhooks/src/Events/SmartCacheWebhookManager.php | Added debug log guard and switched from parse_url to wp_parse_url |
| plugins/wp-graphql-webhooks/src/Admin/WebhooksListTable.php | Sanitized orderby/order, escaped nonces, and outputs for bulk actions |
| plugins/wp-graphql-webhooks/src/Admin/WebhooksAdmin.php | Improved nonce unslashing, but replaced capability check with only nonce verification |
| .changeset/spotty-mice-behave.md | Added changelog entries for security hardening |
theodesp
approved these changes
Jul 15, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces security enhancements and debugging improvements to the
wp-graphql-webhooksplugin. Key changes include improved input/output sanitization, stricter authorization checks, conditional logging for debugging, and adjustments to ensure sensitive information is not exposed in logs.