You are right. Did some additional digging and found a resolution to the issue. Just posting here to let others stumbling upon this thread in the future know – this solution fixed my problem:
https://ww.wp.xz.cn/support/topic/disable-mod-security?replies=16
Specifically adding the following to .htaccess:
<IfModule mod_security.c>
SecFilterScanPOST Off
</IfModule>
This is not an isolated problem. I’m experiencing exactly the same issue after the last update to WordPress. I’ve worked around it by replacinf the f in each “from” to the entity representation of “f” (thanks crazy_jrt for finding that’s the problem) but I’m rather convinced nothing has changed in my hosting setup recently.
It’s exactly the same line, and the same problem.
