SQL query crashing MariaDB

We have a Medium size AWS instance running 3 small low-traffic WordPress websites. They are all running Wordfence Free. We are seeing occasional downtime where an SQL query is overwhelming MariaDB. Here is the query:

SELECT HEX(meta_value) as a, IF (meta_value LIKE '%meta_value LIKE '%meta_value LIKE '%meta_value LIKE '%meta_value LIKE '%fromCharCode%' OR meta_value LIKE '%setTimeout%' OR meta_value LIKE '%setInterval%' OR meta_value LIKE '%meta_value LIKE '%href%' OR meta_value LIKE '%base64_decode%', 1, 0) as a_norm, IF (IF(SUBSTRING(meta_value, 1, 4) = ':AI:', FROM_BASE64(SUBSTRING(meta_value, 5)), FROM_BASE64(¨C13C)) LIKE '% 53666 AND (((LENGTH(meta_value) <= 665600 AND (meta_value LIKE '%<script%' OR meta_value LIKE '%<iframe%' OR meta_value LIKE '%<object%' OR meta_value LIKE '%<embed%' OR meta_value LIKE '%fromCharCode%' OR meta_value LIKE '%setTimeout%' OR meta_value LIKE '%setInterval%' OR meta_value LIKE '%<?php%' OR meta_value LIKE '%href%' OR meta_value LIKE '%base64_decode%'))) OR ((LENGTH(meta_value) <= 665600 AND (CHAR_LENGTH(meta_value) % 4 = 0 AND meta_value REGEXP '^(:AI:)?*={0,3}$')))) HAVING a_norm = 1 OR a_b64 = 1 ORDER BY meta_id LIMIT 1000;

I tried searching the files on the server to find the source of the query. This is the most success I had:

[master_a***********y]:plugins$ grep -Rl “FROM_BASE64”
wordfence/vendor/wordfence/wf-waf/src/lib/parser/sqli.php

It looks like Malware scanning to me. The query occurred at 9pm and multiple times under each account on the server (We have Wordfence installed across all sites).

Can anyone else confirm that this is Wordfence? Do we need to upgrade our server if this kind of query is crashing MariaDB?