Protecting everyone from WordPress Content Injection

On February 1, 2017, a severe vulnerability was announced by the WordPress Security Team that allowed unauthenticated users to change content on websites using unpatched (below version 4.7.2) WordPress. The issue was discovered by Sucuri and reported to WordPress. In response, the WordPress team collaborated with WAF vendors like Cloudflare to implement protection measures before a patch became available. Two rules were rolled out to protect against exploitation of this vulnerability. These rules are automatically turned on for customers on paid plans, while free users can upgrade to a paid plan and enable the Cloudflare WordPress ruleset in the WAF for full protection.