diff --git a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
index 6201f2beab152dfc2cd1965b36cc5c955bef6f07..2af6211fc41197f6fe310e3c2ec6309e5c836e57 100644
--- a/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
+++ b/conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
@@ -15,3 +15,10 @@ SecRule REQUEST_URI "@beginsWith /wp-admin/site-health.php" \
     pass,\
     nolog,\
     ctl:ruleEngine=Off"
+
+SecRule REQUEST_URI "@beginsWith /wp-admin/themes.php" \
+    "id:1002,\
+    pass,\
+    nolog,\
+    ctl:ruleRemoveByTag=attack-xss"
+