XSS in this plugin is triggering modsecurity

  • I have been having no end of problems logging in to one of my sites. My ip keeps getting locked out due to modsecurity. Looking at the logs it is XSS attack that is causing the issues.

    Part of log

    [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”] [hostname “xxx.xxx.xxx.xxx”] [uri “/~xxxxxx/xxxxxx/wp-content/plugins/jquery-vertical-accordion-menu/js/jquery.cookie.js”]

    Any suggestions on how to prevent this? or is it just forget about this plugin until security is sorted?

    https://www.ads-software.com/plugins/jquery-vertical-accordion-menu/

Viewing 2 replies - 1 through 2 (of 2 total)

  • Is there any more info on this one? I’m having the same problem and have been for the last couple of weeks. Would love to get it sorted (don’t really want to have to change plugins!). Thanks, Ellen.

    Thread Starter colinsp

    (@colinsp)

    @ekronen

    I have heard nothing from the developer and so I have removed this plugin from my site until he / she sorts it.

    It hasn’t been updated in 16 months and comments can’t now be posted on the devs site.

    Bearing in mind no response here I suspect we will have to find an alternative. I haven’t found one yer but if you do please let me know.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘XSS in this plugin is triggering modsecurity’ is closed to new replies.