Plugin triggers mod_security XSS rule

  • Resolved Anonymous User

    (@anonymized-8960782)


    12 years, 3 months ago

    Your plugin seems to trigger a mod_security rule when it calls /wp-content/plugins/wpfront-notification-bar/jquery-plugins/jquery.cookie.js and subsequently will start banning users. I had to remove your plugin and release hundreds of blocked IP address because of this problem.

    https://ww.wp.xz.cn/plugins/wpfront-notification-bar/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Syam Mohan

    (@syammohanm)

    12 years, 3 months ago

    I’m sorry that this plugin was giving you issues with mod_security. By default mod_security won’t allow “cookie” in file names. I have renamed that file and deployed a new version. Thank you for reporting this issue.

    Anonymous User 13290616

    (@anonymized-13290616)

    11 years, 9 months ago

    Hello,

    An easy solution is removing the OWASP base_rules which cause the problem, so that your WordPress works perfectly with mod_security!

    http://programarivm.com/2014/08/wordpress-y-mod_security-arreglan-sus-diferencias/

    The post above explains how to do it, but it is in Spanish. Please translate with Google, or whatever. Hope to help.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Plugin triggers mod_security XSS rule’ is closed to new replies.

  • 2 replies
  • 3 participants
  • Last reply from: Anonymous User 13290616
  • Last activity: 11 years, 9 months ago
  • Status: resolved