Alert Logic® will cover the most recent six months of exploitable CVEs (those that have exploit samples) for the Wordpress content management system (CMS) and plugins.
Alert Logic is covering 75 exploitable Common Vulnerabilities and Exposures (CVEs) candidates for the initial launch of the Alert Logic Virtual Patches for AWS WAF. However, a large number of regular expression matches comprise those "rules" - 75 core "rules" is actually over 250 "patterns" or pieces of content that are being evaluated/compared against requests. This allows us to account for variances in different parameters or values that can be used to execute the same attack.
A good reference for Wordpress related CVEs is here: https://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
This section notes changes made to Alert Logic’s Managed Rules for AWS WAF, beginning January 10, 2018.
January 10 2018: AWS WAF Wordpress content update released.