WAF is not affected by this vulnerability. However, if your website business uses WordPress, we recommend that you configure appropriate protection rules.
This vulnerability is found in the load-scripts.php file. load-scripts.php is the built-in script of WordPress, a Content Management System (CMS) system. The
names into the
load parameter. The
names are separated with commas (,).
For example, in the request of
We recommend that you use the custom protection policy and HTTP flood protection features provided by WAF to protect your WordPress website.
- You can use the custom protection policy feature to restrict the number of parameters passed by load-scripts.php. For example, you can add the following rule to restrict the length of the parameter passed by load-scripts.php to up to 50 characters.
- You can also use the custom HTTP flood protection feature to restrict the frequency at which IP addresses can send requests to the load-scripts.php file. For example, you can add the following rule to restrict the frequency at which an IP address sends requests to the load-scripts.php file to up to 100 times per 5 seconds.
For more information about the custom protection policy and custom HTTP flood protection features, see Create a custom protection policy.