[Resolved] Updating failed. Error message: The response is not a valid JSON response.

Home Forums Support Updating failed. Error message: The response is not a valid JSON response.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1183762
    Lorne

    To debug, I did a fresh WP install on WPXHosting, activated GPP and then imported Catalyst from the site library.

    Without making any changes, I pressed the Update button for the Home, Style Guide and Contact pages. ALL these pages give me the error: “Updating failed. Error message: The response is not a valid JSON response.”

    The Sample Page and Blog page update without any issue.

    One thing I noticed is that all the pages that fail have sections and all the pages that update without any issues do not have sections.

    My errorlog shows the following:

    [Tue Mar 03 10:25:50.626441 2020] [:error] [pid 106554:tid 139678691022592] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6FDt8YJYXkk9PvjcweSAAAA9s”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:27:45.231338 2020] [:error] [pid 106554:tid 139677868537600] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6Fgd8YJYXkk9PvjcwsBwAABD0”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:29:21.564298 2020] [:error] [pid 106554:tid 139682140423936] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6F4d8YJYXkk9Pvjcw6zQAAAjw”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:30:07.706404 2020] [:error] [pid 108599:tid 139679958320896] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GDxE3xAYLZ2DZfY04tQAAA0c”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:30:52.825098 2020] [:error] [pid 108599:tid 139686815160064] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GPBE3xAYLZ2DZfY08jgAAAAs”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:31:33.669117 2020] [:error] [pid 108599:tid 139679488329472] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GZRE3xAYLZ2DZfY1AIAAAA38”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:32:41.886384 2020] [:error] [pid 108599:tid 139683231475456] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GqRE3xAYLZ2DZfY1GnAAAAb4”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:33:16.450444 2020] [:error] [pid 108599:tid 139675182872320] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6GzBE3xAYLZ2DZfY1LAAAABYM”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:35:13.009797 2020] [:error] [pid 108599:tid 139682694342400] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6HQRE3xAYLZ2DZfY1VwAAAAf8”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:37:16.502696 2020] [:error] [pid 108599:tid 139675023410944] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/15”] [unique_id “Xl6HvBE3xAYLZ2DZfY1iPQAABZY”], referer: http://mysitename.com/wp-admin/post.php?post=15&action=edit
    [Tue Mar 03 10:39:31.097601 2020] [:error] [pid 108599:tid 139676659988224] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356”] [unique_id “Xl6IQxE3xAYLZ2DZfY1xOgAABNI”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit
    [Tue Mar 03 10:40:31.752322 2020] [:error] [pid 108599:tid 139679396009728] [client 198.164.187.209:0] [client 198.164.187.209] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file “/opt/apache24/httpd/modsecurity.d/activated_rules/slr_rules.conf”] [line “2981”] [id “2500108”] [msg “SLR: WordPress Plugin GDPR Cookie Consent < 1.8.3 – Stored XSS”] [severity “CRITICAL”] [tag “platform-multi”] [tag “attack-xss”] [tag “language-php”] [tag “application-WordPress”] [tag “https://wpvulndb.com/vulnerabilities/10069”%5D [hostname “mysitename.com”] [uri “/wp-json/wp/v2/pages/1356/autosaves”] [unique_id “Xl6IfxE3xAYLZ2DZfY13fAAAA4o”], referer: http://mysitename.com/wp-admin/post.php?post=1356&action=edit

    #1183872
    David
    Staff
    Customer Support

    Hi there,

    all those errors are related to the GDPR Cookie Consent plugin.
    Can you try disabling that plugin to see if thats the problem.

    #1183896
    Lorne

    Not sure what you’re asking me to do.

    I only have 8 plugins, 7 inactive, 1 active (GPP 1.9.1)

    None say anything about about GDPR

    The inactive plugins are:

    Askimet Version 4.1.3
    Black Studio Tiny MCE Widget Version 2.6.9
    GenerateBlocks Version 1.0-alpha.2
    Lightweight Grid Columns Version 1.0
    Lightweight Social Icons Version 1.0.1
    Menu Icons Version 0.12.2
    W3 Total Cache Version Version 0.13.1

    #1183919
    Leo
    Staff
    Customer Support

    That is very strange. The errors are definitely pointing something towards GDPR.

    Can you switch to a twenty series theme temporarily and see if the same issue exists?

    Let us know 🙂

    #1183921
    Lorne

    I contacted WPX Hosting to see if maybe the problem was at their end and it turns out their firewall was blocking the updates due to a tag reference somewhere in those pages labeled “attack-xss”. So they were interpreted as some sort of security attack on my site.

    Once they whitelisted my update calls, everything worked.

    #1183934
    Leo
    Staff
    Customer Support
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.