Question About New WordPress Vulnerabilities (CVEs)

Hello everyone,

I tried looking around and only found some blog posts about older CVEs and how Cloudflare took care of them, but nothing yet from Cloudflare about the following CVEs:

Paid Memberships Pro CVE-2023-23488
Easy Digital Downloads CVE-2023-23489
Survey Maker CVE-2023-23490

I wanted to ask, does Cloudflare protect against those vulnerabilities? Can we rest assured? Or is it something that still needs to have managed rules added?

Thank you in advance.

No. The only correct solution is patching the affected instance(s) - either manually or with an update.

There is no guarantee Cloudflare’s WAF will block exploit attempts. It is always possible the detection is incomplete or that someone finds a bypass.

With that said, Cloudflare publishes information about updates to the WAF here:


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.