Wordfence Firewall Blocks LearnPress Ajax Request

  • Hi,
    I have LearnPress installed on my website https://taleemkahani.com but when I activate the firewall, it blocks learnpress’s ajax request on home page that loads list of courses.

    The url of API request is
    https://taleemkahani.com/wp-json/lp/v1/widgets/api?_locale=user

    This is the payload:

    {
    “widget”: “learnpress_widget_course_recent”,
    “instance”: “{\”title\”:\”\”,\”show_teacher\”:0,\”show_thumbnail\”:1,\”limit\”:12,\”desc_length\”:0,\”show_price\”:0,\”css_class\”:\”\”,\”bottom_link_text\”:\”\”}”
    }

    When I put the firewall in learning mode, it is not blocked but as soon as it gets active, it starts blocking the page. I am unable to understand how to add it to exceptions list.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @bilalscientist, thanks for getting in touch about this!

    If you’re getting blocked with operations through LearnPress, it’s likely that they’re being logged in your Live Traffic.

    Try an operation that gets hit with a block, head over to your Live Traffic page and find the corresponding block(s) that just happened there near the top. Clicking that line (or “eye” icon) to expand it will show the block reason in red text. Sometimes you are presented with a “ADD PARAM TO FIREWALL ALLOWLIST” button here that could solve any problems blocking this LearnPress request going forward. This button automatically inserts the URL and its required params to the Allowlisted URLs section of the plugin.

    If that doesn’t work, try running the site in Learning Mode and attempting to perform the previously blocked action again. This should teach the firewall the script that’s running is normal and should be allowed in the future. Afterwards, return the firewall to “Enabled and Protecting”.

    Let me know how you get on!
    Peter.

    Thread Starter bilalscientist

    (@bilalscientist)

    Hi,

    Thank you for your quick reply.

    This is what I see in live traffic:

    https://taleemkahani.com/bilal/28144/?and?was?blocked by firewall for LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection?at?https://taleemkahani.com/wp-json/lp/v1/widgets/api?_locale=user

    Should I just add it to allow list or discuss it with the plugin developers?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @bilalscientist,

    We have a case on Wordfence Intelligence describing this issue: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/learnpress/learnpress-41732-unauthenticated-local-file-inclusion

    We always recommend keeping WordPress core and your plugins up-to-date, the developers have patched this in version 4.2 so updating should solve this message.

    Thanks again,
    Peter.

    Thread Starter bilalscientist

    (@bilalscientist)

    Hi,

    I just checked. My LearnPress version is 4.2.2.4 and everything is up to date. I do not see any update prompts (core, theme or plugin).

    I am still seeing the message.

    What should I do then?

    Hey @bilalscientist,

    Here’s what we would do:

    1. First, submit your concern to the developers of LearnPress. Ask them if they’re aware of the issue you’re experiencing. If they are, most likely, they will share with you their action plan or solution.
    2. Whitelist the URL of the API request you listed above. To do this, follow the method shared by @wfpeter in his first reply above.

    Cheers!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Wordfence Firewall Blocks LearnPress Ajax Request’ is closed to new replies.