Protecting everyone from WordPress Content Injection
On February 1, 2017, a severe vulnerability was announced by the WordPress Security Team that allowed unauthenticated users to change content on websites using unpatched (below version 4.7.2) WordPress. The issue was discovered by Sucuri and reported to WordPress. In response, the WordPress team collaborated with WAF vendors like Cloudflare to implement protection measures before a patch became available. Two rules were rolled out to protect against exploitation of this vulnerability. These rules are automatically turned on for customers on paid plans, while free users can upgrade to a paid plan and enable the Cloudflare WordPress ruleset in the WAF for full protection.
Company
Cloudflare
Date published
Feb. 1, 2017
Author(s)
Ben Cartwright-Cox
Word count
213
Language
English
Hacker News points
None found.