Vulnerabilities and security researches forcloudflare cloudflare

Mar 27, 2026

PSC, Research URL: PSC-2026-64631
Home page URL: Security reports for Cloudflare
Application: Cloudflare
Date: Mar 27, 2026
Research Description: CDN and caching integrations are security-relevant because they introduce privileged configuration flows inside wp-admin, handle API tokens, and can directly affect availability and security posture at the edge. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive integration metadata, or manipulate settings that impact how the site is protected and cached. Cloudflare version 4.14.2 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64631, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for CDN, caching, and edge-security integration plugins.
Affected versions: Min 4.14.2, max 4.14.2.
Status: SAFE & CERTIFIED

Jun 07, 2024

CVE, Research URL: f08cd4b8d2fd9232b03273f997f5656375cae41d
Home page URL: Security reports for Cloudflare
Application: Cloudflare
Date: Mar 28, 2016
Research Description: Cloudflare [cloudflare] < 1.3.21 WordPress CloudFlare Plugin <= 1.3.20 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions: max 1.3.21.
Status: vulnerable

CVE, Research URL: CVE-2017-9841
Home page URL: Security reports for Cloudflare
Application: Cloudflare
Date: Jun 27, 2017
Research Description: Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
Affected versions: max 4.12.3.
Status: vulnerable

CVE, Research URL: CVE-2024-0212
Home page URL: Security reports for Cloudflare
Application: Cloudflare
Date: Jan 29, 2024
Research Description: The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.
Affected versions: max 4.12.3.
Status: vulnerable