Internal site search spam

My domain is being affected by “internal site search spam”, as described by YOAST in this article: [https://yoast.com/internal-site-search-spam/]
As I’m using Cloudflare, can someone help me to solve this situation?
There are over 50.000 “404 pages” crawled in my Google Search Console!
Thanks.

I wonder how did the SPAM come to your Website at first sight :thinking:

Via some comments box, or malicious code via vulnerable plugin?

Since you’re mentioning Yoast, I assume you’re using WordPress? :thinking:

Hod did those links come up in Yoast sitemap.xml file at all, if so?
GSC would pick this up from there.

Otherwise, if you updated the plugin, could be settings are new and changed, therefore some more things got indexed like commets etc. I’d suggest you to double-check the Yoast plugin settings too.

I am afraid Cloudflare isn’t involved into this issue.