A web application firewall (WAF) can use a virtual patch for its inbound firewall rules. While a WAF covers general types of attacks, a virtual patch is a more targeted rules set. The goal of a virtual patch is to protect you in place of traditional software patches, which is why it is so targeted.
For example, a Common Vulnerability and Exposure (CVE) update details a particular WordPress form/request that is vulnerable to SQL injection. "Normal" WAF coverage would catch this by virtue of general coverage for SQL injection in all forms, against all parameters. Virtual patches would be specific to the page, form, and/or parameter, and potentially even the method of injection if it's unique to that.