Question About New WordPress Vulnerabilities (CVEs)

MichaelTr · January 22, 2023, 2:12pm

Hello everyone,

I tried looking around and only found some blog posts about older CVEs and how Cloudflare took care of them, but nothing yet from Cloudflare about the following CVEs:

Paid Memberships Pro CVE-2023-23488
Easy Digital Downloads CVE-2023-23489
Survey Maker CVE-2023-23490

I wanted to ask, does Cloudflare protect against those vulnerabilities? Can we rest assured? Or is it something that still needs to have managed rules added?

Thank you in advance.

albert · January 22, 2023, 4:06pm

No. The only correct solution is patching the affected instance(s) - either manually or with an update.

There is no guarantee Cloudflare’s WAF will block exploit attempts. It is always possible the detection is incomplete or that someone finds a bypass.

With that said, Cloudflare publishes information about updates to the WAF here:

system · February 6, 2023, 4:07pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.