In my opinion WHMCS should be contacting CloudFlare as well with vulnerability details so CloudFlare can develop their Web Application Firewall. Such a partnership could be great, since CloudFlare could block the vulnerabilities in the first hour before they're even patched.