- This topic has 5 replies, 3 voices, and was last updated 4 years, 1 month ago by
.
-
Posts
-
To debug, I did a fresh WP install on WPXHosting, activated GPP and then imported Catalyst from the site library.
Without making any changes, I pressed the Update button for the Home, Style Guide and Contact pages. ALL these pages give me the error: “Updating failed. Error message: The response is not a valid JSON response.”
The Sample Page and Blog page update without any issue.
One thing I noticed is that all the pages that fail have sections and all the pages that update without any issues do not have sections.
My errorlog shows the following:
[Tue Mar 03 10:25:50.626441 2020] [:error] [pid 106554:tid 139678691022592] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6FDt8YJYXkk9PvjcweSAAAA9s”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:27:45.231338 2020] [:error] [pid 106554:tid 139677868537600] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6Fgd8YJYXkk9PvjcwsBwAABD0”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:29:21.564298 2020] [:error] [pid 106554:tid 139682140423936] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6F4d8YJYXkk9Pvjcw6zQAAAjw”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:30:07.706404 2020] [:error] [pid 108599:tid 139679958320896] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GDxE3xAYLZ2DZfY04tQAAA0c”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:30:52.825098 2020] [:error] [pid 108599:tid 139686815160064] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GPBE3xAYLZ2DZfY08jgAAAAs”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:31:33.669117 2020] [:error] [pid 108599:tid 139679488329472] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GZRE3xAYLZ2DZfY1AIAAAA38”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:32:41.886384 2020] [:error] [pid 108599:tid 139683231475456] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GqRE3xAYLZ2DZfY1GnAAAAb4”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:33:16.450444 2020] [:error] [pid 108599:tid 139675182872320] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GzBE3xAYLZ2DZfY1LAAAABYM”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:35:13.009797 2020] [:error] [pid 108599:tid 139682694342400] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6HQRE3xAYLZ2DZfY1VwAAAAf8”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:37:16.502696 2020] [:error] [pid 108599:tid 139675023410944] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/15”] [unique_id “Xl6HvBE3xAYLZ2DZfY1iPQAABZY”], referer: http://mysitename.com/wp-admin/post.php?post=15&action=edit
[Tue Mar 03 10:39:31.097601 2020] [:error] [pid 108599:tid 139676659988224] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6IQxE3xAYLZ2DZfY1xOgAABNI”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
[Tue Mar 03 10:40:31.752322 2020] [:error] [pid 108599:tid 139679396009728] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356/autosaves”] [unique_id “Xl6IfxE3xAYLZ2DZfY13fAAAA4o”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=editCustomer Support
Hi there,
all those errors are related to the GDPR Cookie Consent plugin.
Can you try disabling that plugin to see if thats the problem.Not sure what you’re asking me to do.
I only have 8 plugins, 7 inactive, 1 active (GPP 1.9.1)
None say anything about about GDPR
The inactive plugins are:
Askimet Version 4.1.3
Black Studio Tiny MCE Widget Version 2.6.9
GenerateBlocks Version 1.0-alpha.2
Lightweight Grid Columns Version 1.0
Lightweight Social Icons Version 1.0.1
Menu Icons Version 0.12.2
W3 Total Cache Version Version 0.13.1Customer Support
That is very strange. The errors are definitely pointing something towards GDPR.
Can you switch to a twenty series theme temporarily and see if the same issue exists?
Let us know 🙂
I contacted WPX Hosting to see if maybe the problem was at their end and it turns out their firewall was blocking the updates due to a tag reference somewhere in those pages labeled “attack-xss”. So they were interpreted as some sort of security attack on my site.
Once they whitelisted my update calls, everything worked.
Glad to hear!
- You must be logged in to reply to this topic.