The Cloudflare Blog

Subscribe to receive notifications of new posts:

Patching a WHMCS zero day on day zero

2013-10-03

Dane Knecht

1 min read

A critical zero-day vulnerability was published today affecting any hosting provider using WHMCS. As part of building a safer web, CloudFlare has added a ruleset to our Web Application Firewall (WAF) to block the published attack vector. Hosting partners running their WHMCS behind CloudFlare's WAF can enable the WHMCS Ruleset and implement best practices to be fully protected from the attack.

Our friends at WHMCS quickly published a patch here: blog.whmcs.com/?t=79427

CloudFlare recommends applying the patch for your current version of WHMCS or updating WHMCS to version 5.2.8 to close this vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities DDoS WAF

Follow on X

Dane Knecht|@dok2001

Cloudflare|@cloudflare

December 11, 2025 4:20 PM

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is protecting customers. ...

Cloudforce One

Vulnerabilities, Threat Intelligence, Research

December 03, 2025 2:20 PM

Cloudflare WAF proactively protects against React vulnerability

Cloudflare offers protection against a new high profile vulnerability for React Server Components: CVE-2025-55182. All WAF customers are automatically protected as long as the WAF is deployed....

Daniele Molteni

Cloudforce One, WAF, Web Application Firewall, Vulnerabilities, CVE, React

December 03, 2025 2:00 PM

Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets

Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025....

Omer Yoachimik,
Jorge Pacheco

DDoS Reports, DDoS

November 24, 2025 2:00 PM

Get better visibility for the WAF with payload logging

The WAF provides ways for our customers to gain insight into why it takes certain actions. The more granular and precise the insight, the more reproducible and understandable it is. Revamped payload logging is one such method. ...

Paschal Obba

Firewall, WAF, Logging