[wp-trac] [WordPress Trac] #53783: Visiting Widgets Is Blocking Access To My Server

WordPress Trac noreply at wordpress.org
Mon Jul 26 11:46:00 UTC 2021


#53783: Visiting Widgets Is Blocking Access To My Server
--------------------------+-----------------------------
 Reporter:  inkwellcd     |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Widgets       |    Version:  5.8
 Severity:  blocker       |   Keywords:  needs-patch
  Focuses:                |
--------------------------+-----------------------------
 Any time I visit widgets with my current host I get blocked from visiting
 all of my websites on the server.

 Here are the details:

 triggering a mod security rule as below:

  941160 Warning. Pattern match \"(?i:(?:<\\w[\\s\\S]*[\\s\\/]|\'\\"
 ?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange
 ...\" at REQUEST_HEADERS:Referer. [file
 \"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941
 -APPLICATION-ATTACK-XSS.conf\"] [line \"199\"] [id \"941160\"] [msg
 \"NoScript XSS InjectionChecker: HTML Injection\"] [data \"Matched Data:
 \x0d\x0a 2021-07-24 18:22:36

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53783>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list