403 and mod_sec issues

  • I use wp-member on two domains. Several times I have encountered errors when trying to add a field. The server support techs shared this from the logs. I felt I should share with the plugin creator somehow.

    CSRF vulnerability in WP-Members Membership plugin 3.2.7 for WordPress

    I will note that I am now on 3.3.52 but the excerpt from the logs was from back in May.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Chad Butler

    (@cbutlerjr)

    The issue with 3.2.7 was reported 6/13/2019, and 3.2.8 was released on 6/14/2019 to address it. It is noted in the changelog for 3.2.8 which is in the readme file included in the plugin or viewable here.

    Thread Starter kellyhelp

    (@kellyhelp)

    Thank you @cbutlerjr, however as noted above I am running 3.3.52 and still seem to be getting mod-sec 403 errors. Would it be helpful if I had my server techs send me last weeks logs to share with you?

    Plugin Author Chad Butler

    (@cbutlerjr)

    Sending that wouldn’t actually matter as the issue is server side. If it’s triggering modsec, then that’s a result of the ruleset the host has applied (which would seem to be outdated if they’re blocking a vulnerability that was addressed over a year ago), which either needs to be updated, reviewed, or an exception applied.

    • This reply was modified 4 years, 2 months ago by Chad Butler.
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘403 and mod_sec issues’ is closed to new replies.