Feeds.4Sysops
Cloudflare WAF Mitigates Critical WordPress Vulnerabilities
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Cloudflare has implemented new Web Application Firewall (WAF) rules to protect against two critical vulnerabilities in WordPress: an unauthenticated remote code execution (RCE) flaw in the REST API and a SQL injection vulnerability. These vulnerabilities affect WordPress versions 6.8 and above, with the RCE impacting versions from 6.9 onwards. Cloudflare's protections are available to all users, including those on free plans, as long as their traffic is proxied through Cloudflare. The rules were deployed on July 17, 2026, at 17:03 UTC. WordPress has released version 7.0.2 to address these issues, with backports for earlier versions. Users are advised to confirm they are on a patched release while Cloudflare's WAF rules provide temporary protection. The vulnerabilities are classified as high-severity, and the WordPress security team has prioritized automatic updates for affected sites.
Key Points: • Cloudflare deployed WAF rules for two critical WordPress vulnerabilities on July 17, 2026. • The vulnerabilities include an unauthenticated RCE and SQL injection affecting versions 6.8 and above. • WordPress has released version 7.0.2 with fixes, and users are urged to update promptly.