/plushcap/analysis/cloudflare/protecting-everyone-from-wordpress-content-injection

Protecting everyone from WordPress Content Injection

What's this blog post about?

On February 1, 2017, a severe vulnerability was announced by the WordPress Security Team that allowed unauthenticated users to change content on websites using unpatched (below version 4.7.2) WordPress. The issue was discovered by Sucuri and reported to WordPress. In response, the WordPress team collaborated with WAF vendors like Cloudflare to implement protection measures before a patch became available. Two rules were rolled out to protect against exploitation of this vulnerability. These rules are automatically turned on for customers on paid plans, while free users can upgrade to a paid plan and enable the Cloudflare WordPress ruleset in the WAF for full protection.

Company
Cloudflare

Date published
Feb. 1, 2017

Author(s)
Ben Cartwright-Cox

Word count
213

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.