False positive with Caldera Forms plugin

  • strarsis

    (@strarsis)


    7 years ago

    When viewing Caldera forms submissions (as non-admin user), the page stays empty and an error is logged for the ajax request:

    A potentially unsafe operation has been detected in your request to this site.

    Related GitHub Caldera Forms issue:
    https://github.com/CalderaWP/Caldera-Forms/issues/2125

    How can I find out what to whitelist and can this parameter be added to default Wordfence whitelist so this won’t happen again?

    Edit: The Worfence firewall is currently in Learning mode. After reinstalling (redploying the site) the plugins, the block went away. But it may come back again as it happened before.

    • This topic was modified 7 years ago by strarsis.
Viewing 11 replies - 1 through 11 (of 11 total)
  • wfyann

    (@wfyann)

    Hi @strarsis,

    Can you see the requests that were blocked listed in “Live Traffic”?

    If so, you could whitelist them from there.

    Thread Starter strarsis

    (@strarsis)

    @wfyann: Where can I find the “Live Traffic” section?
    Wordfence -> Firewall ?

    wfyann

    (@wfyann)

    Hi @strarsis,

    In Wordfence 7 Live Traffic is located under Tools > Live Traffic. If you prefer to have a direct link to Live Traffic in the left navigation as it used to be in the older versions of Wordfence:

    1. Open the “Live Traffic Options” tab on the “Live Traffic” page
    2. Enable the option “Display top level Live Traffic menu option”
    3. Click “Save Changes”

    Thread Starter strarsis

    (@strarsis)

    @wfyann: Thank you, I was able to find the live traffic and the blocked request:

    Activity Detail
    <User> in <Country> <Country> left https://www.example.com/wp/wp-admin/admin.php?page=caldera-forms-pin-CF5a412104a3c31 and was blocked by firewall for Caldera Forms <= 1.3.5 – Sensitive Data Exposure at https://www.example.com/wp/wp-admin/admin-ajax.php?_fs_blog_admin=true
    20.3.2018 20:44:05 (1 minute ago)
    IP: <ip> Hostname: <hostname>
    Human/Bot: Human
    Browser: Chrome version 0.0 running on Win10
    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36

    It would be great if a default exception/white list record could be added to WordFence for this activity/URL so this blocking won’t happen again on other sites that use Caldera Forms.

    This is Josh, the lead developer of Caldera Forms.

    To answer @strarsis immediate concern, it is often the case that if WordPress is installed in a sub-directory and WordFence is installed, the entry viewer does not work properly. I believe their is a way to set WordFence to not block these requests, I’m not sure as I’ve never gotten a good explanation for why. Yes, there was a security issue in Caldera Forms 1.3.5 on that endpoint that was disclosed a few years ago. I am unaware of any related issues. If there are, this is not the forum to discuss them.

    This has been a consistent issue with WordFence, I’m not sure why, but would love to figure this out and prevent having to revisit it.

    Is it possible that someone from WordFence can reach out to me? https://calderaforms.com/contact

    Thread Starter strarsis

    (@strarsis)

    @wfyann, @shelob9: Just enountered this issue on another site today again.
    Will this be added to the official whitelist because this is really inconvenient?

    • This reply was modified 6 years, 11 months ago by strarsis.

    @strarsis I’d love to get this fixed. The problem here though is that we had a security issue in 1.3.5, so they are explicitly blocking this endpoint. What you need is WordFence to remove a rule. I’d be happy to help, no idea how to do that.

    Thread Starter strarsis

    (@strarsis)

    @wfyann: Could you fix it or discuss this with your colleagues? This Wordfence rule can cause real trouble with Caldera Forms, clients are unable to view the forms, this is annoying for them and can cause even some panic because this can be interpreted as data loss (“all forms are gone”) by some laymans.

    Hi @strarsis,

    Sorry about the delayed update.

    This Firewall rule is indeed related to the security issue in Caldera Forms 1.3.5 mentioned by @shelob9.

    If you confirm that you’re running a recent version I suggest you disable that specific Firewall rule:

    • Go to the “Wordfence –> Firewall –> All Firewall Options” page
    • In the “Advanced Firewall Options” section click the “Show All Rules” button under the partial list of rules
    • Locate the “Caldera Forms <= 1.3.5 – Sensitive Data Exposure” rule and disable it using the toggle switch
    • Hit “Save Changes” (top right) to validate the modification

    ******************************************

    @shelob9,

    Our developers are looking into adjusting the rule to allow non-admins; it was kept this way to allow sufficient time for sites to update to a safe version.

    Hi @wfyann,

    I have the exact same issue, but I couldn’t find the “Caldera Forms <= 1.3.5 – Sensitive Data Exposure” rule in the “Advanced Firewall Options” of Wordfence settings. Does it mean that it has been removed? And if so, then why does the submition of Caldera forms keeps getting blocked on my site?

    I have the most recent versions of WordPress, Wordfence and Caldera forms.

    Thank you.

    @wfyann – Why not disable the rule if the version of Caldera Forms — check the CFCORE_VER constant — is greater than 1.3.5?

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘False positive with Caldera Forms plugin’ is closed to new replies.