diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 9b44a2d..12310cc 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -982,6 +982,8 @@ SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcontent"
 
 # Opening the plugins page
+# Exclusion of rule 951240 together with test 9507971-4 can be remove after we drop
+# support for CRS 3.
 SecRule REQUEST_FILENAME "@rx /wp-admin/(?:plugins|plugin-install)\.php$" \
     "id:9507971,\
     phase:1,\