securityonline.info 7/18/2026, 11:11:23 AM · external

Cloudflare Adds WAF Rule to Block WordPress wp2shell RCE Exploit

Cloudflare Adds WAF Rule to Block WordPress wp2shell RCE Exploit

CLOUDFLARE has implemented emergency WAF rules to block the critical wp2shell Remote Code Execution (RCE) vulnerability in WordPress, allowing attackers to gain unauthorized administrative access. Following reports from cybersecurity experts, WordPress has issued urgent security updates for versions 6.8.x to 7.1.x, emphasizing the importance of upgrading to secure versions to eliminate vulnerabilities.

Cloudflare's newly added WAF rule sets include measures against both the wp2shell RCE vulnerability and SQL injection flaws, with automatic protections for free-tier users. Site owners are advised to check their WordPress dashboards for pending updates to secure their sites.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline