WordPress Source Code Exposed Online
Big reveal today: https://patchstack.com/articles/wordpress-source-code-exposed-online
This is probably a good time to export your Wordpress sites as static HTML, for those of you who can. For the rest, consider blocking POST requests if your website doesn’t need it. For those that can do neither, good luck!
It’ll probably be years before the Wordpress devs are able to recover from the constant barrage of vulnerabilities that will be discovered now. Expect that they’ll likely only fix them one at a time, reactively.