coreruleset / wordpress-rule-exclusions-plugin Goto Github PK

Rule exclusion plugin for WordPress.

License: Apache License 2.0

crs crs-plugin

wordpress-rule-exclusions-plugin's Introduction

OWASP CRS - WordPress Rule Exclusions Plugin

Description

This plugin contains rule exclusions for WordPress, a content management system (CMS), so it can be run flawlessly together with OWASP CRS (CRS).

This plugin only supports functionality provided with vanilla WordPress (without plugins installed). False positives that are due to WordPress plugins must be resolved with custom rule exclusions.

Installation

For full and up to date instructions for the different available plugin installation methods, refer to How to Install a Plugin in the official CRS documentation.

Testing

After the plugin is enabled, your WordPress instance should work without any problems possibly caused by CRS (for example, false positives while blocking requests). If you are still having any problems, please file a new issue on github.

License

The OWASP CRS and its official plugins are distributed under Apache Software License (ASL) version 2. Please see the enclosed LICENSE file for full details.

wordpress-rule-exclusions-plugin's People

Contributors

Stargazers

Watchers

Forkers

redxanadu theseion themiddleblue xhoenix esadcetiner romainmenke

wordpress-rule-exclusions-plugin's Issues

False positive on WordPress - Operation: Navigation menu update

Description

I've found two false positives for the site navigation update operation on a Modsecurity with CRS and the wordpress-rule-exclusions-plugin that I have setup acting as a WAF for a WordPress Website.

How to reproduce the misbehavior

Just login as Admin, access the site editor > Navigation and change the menu (as an example, exchange the menu order). The problem happens when one clicks the Save button on the bottom of the page. Both false positives happens for the same action. I first solved one and then the other.

Logs

Anonymized audit log for the first false positive:

{"transaction":{"client_ip":"x.x.x.x","time_stamp":"Sun Jun 23 16:33:19 2024","server_id":"ee6660e22e1b7266d9f64d244facfa35f16ebdfe","client_port":51324,"host_ip":"x.x.x.x","host_port":8443,"unique_id":"171917119994.590543","request":{"method":"POST","http_version":2.0,"uri":"/wp-json/wp/v2/navigation/7?_locale=user","headers":{"x-wp-nonce":"bcb814b590","content-type":"application/json","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","sec-fetch-site":"same-origin","sec-ch-ua-mobile":"?0","origin":"https://mydomain.com","x-http-method-override":"PUT","accept":"application/json, */*;q=0.1","cache-control":"no-cache","sec-ch-ua":"\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\"","pragma":"no-cache","sec-ch-ua-platform":"\"Linux\"","referer":"https://mydomain.com/wp-admin/site-editor.php?postId=7&postType=wp_navigation","content-length":"269","priority":"u=1, i","host":"mydomain.com","sec-fetch-mode":"cors","sec-fetch-dest":"empty","accept-encoding":"gzip, deflate, br, zstd","cookie":"wordpress_test_cookie=WP%20Cookie%20check; wp_lang=pt_BR; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1718505837; cookieconsent_status=dismiss; wordpress_logged_in_0da61ab4e4440fb955c5f024aed18563=adfmb%7C1719248598%7Cmdcis24i8kJD2suIQP8pNOzAjtKcqRi40GtQu5Kxyli%7C5a32e4a0e3a95d033927f71e58f2d19b7191c9f354d8313069b64c36857f0b04","accept-language":"pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"}},"response":{"body":"","http_code":200,"headers":{"Access-Control-Allow-Origin":"https://mydomain.com","Cache-Control":"no-cache, must-revalidate, max-age=0, no-store, private","Expires":"Wed, 11 Jan 1984 05:00:00 GMT","X-Robots-Tag":"noindex","X-WP-Nonce":"bcb814b590","Access-Control-Allow-Headers":"Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type","Access-Control-Allow-Credentials":"true","Server":"Blessed","Server":"Blessed","X-Frame-Options":"SAMEORIGIN","Access-Control-Allow-Methods":"OPTIONS, GET, POST, PUT, PATCH, DELETE","Date":"Sun, 23 Jun 2024 19:33:19 GMT","Connection":"close","Access-Control-Expose-Headers":"X-WP-Total, X-WP-TotalPages, Link","X-Content-Type-Options":"nosniff","X-Content-Type-Options":"nosniff","Vary":"Accept-Encoding","Vary":"Origin","Content-Encoding":"gzip","Allow":"GET, POST, PUT, PATCH, DELETE","X-Powered-By":"","Content-Type":"application/json; charset=UTF-8","Link":"<https://mydomain.com/wp-json/>; rel=\"https://api.w.org/\"","X-XSS-Protection":"1; mode=block","Referrer-Policy":"no-referrer-when-downgrade","Content-Security-Policy":"default-src * data: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https: blob:;"}},"producer":{"modsecurity":"ModSecurity v3.0.12 (Linux)","connector":"ModSecurity-nginx v1.0.3","secrules_engine":"Enabled","components":["OWASP_CRS/4.2.0\""]},"messages":[{"message":"HTTP header is restricted by policy (/x-http-method-override/)","details":{"match":"Matched \"Operator `Within' with parameter `/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/' against variable `TX:header_name_920450_x-http-method-override' (Value: `/x-http-method-override/' )","reference":"o0,10v420,10t:lowercaseo0,12v353,12t:lowercaseo0,10v239,10t:lowercaseo0,14v535,14t:lowercaseo0,16v218,16t:lowercaseo0,6v499,6t:lowercaseo0,22v443,22t:lowercaseo0,6v384,6t:lowercaseo0,13v118,13t:lowercaseo0,9v142,9t:lowercaseo0,6v101,6t:lowercaseo0,18v471,18t:lowercaseo0,7v606,7t:lowercaseo0,14v81,14t:lowercaseo0,8v794,8t:lowercaseo0,4v55,4t:lowercaseo0,14v563,14t:lowercaseo0,14v584,14t:lowercaseo0,15v700,15t:lowercaseo0,6v811,6t:lowercaseo0,15v741,15t:lowercaseo61,24","ruleId":"920450","file":"/etc/modsecurity.d/owasp-crs-wordpress/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf","lineNumber":"1174","data":"Restricted header detected: /x-http-method-override/","severity":"2","ver":"OWASP_CRS/4.2.0","rev":"","tags":["modsecurity","modsecurity","application-multi","language-multi","platform-multi","attack-protocol","paranoia-level/1","OWASP_CRS","capec/1000/210/272","PCI/12.1"],"maturity":"0","accuracy":"0"}},{"message":"Node-Validator Deny List Keywords","details":{"match":"Matched \"Operator `Pm' with parameter `document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[' against variable `ARGS:json.content' (Value: `<!-- wp:navigation-link {\"label\":\"O Autor\",\"url\":\"/author/fulano\",\"kind\":\"custom\"} /-->\\x0a\\x0a<!-- w (122 characters omitted)' )","reference":"o0,4v13,216t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls","ruleId":"941180","file":"/etc/modsecurity.d/owasp-crs-wordpress/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf","lineNumber":"252","data":"Matched Data: <!-- found within ARGS:json.content: <!-- wp:navigation-link {\"label\":\"O Autor\",\"url\":\"/author/fulano\",\"kind\":\"custom\"} /-->\n\n<!-- wp:navigation-link {\"label\":\"Blog\",\"type\":\"page\",\"id\":20,\"url\":\"https://mydomain.com/blog/\",\"kind\":\"post-type\"} /-->","severity":"2","ver":"OWASP_CRS/4.2.0","rev":"","tags":["modsecurity","application-multi","language-multi","platform-multi","attack-xss","xss-perf-disable","paranoia-level/1","OWASP_CRS","capec/1000/152/242"],"maturity":"0","accuracy":"0"}}]}}

Anonymized audit log for the second false positive:

{"transaction":{"client_ip":"x.x.x.x","time_stamp":"Sun Jun 23 17:31:21 2024","server_id":"a77536b873b48dbdacb2d074f0c1e64a06e1f6aa","client_port":49524,"host_ip":"x.x.x.x","host_port":8443,"unique_id":"171917468134.564060","request":{"method":"POST","http_version":2.0,"uri":"/wp-json/wp/v2/navigation/31?_locale=user","headers":{"x-wp-nonce":"bcb814b590","content-type":"application/json","user-agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36","sec-fetch-site":"same-origin","sec-ch-ua-mobile":"?0","origin":"https://mydomain.com","x-http-method-override":"PUT","accept":"application/json, */*;q=0.1","cache-control":"no-cache","sec-ch-ua":"\"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\"","pragma":"no-cache","sec-ch-ua-platform":"\"Linux\"","referer":"https://mydomain.com/wp-admin/site-editor.php?postId=31&postType=wp_navigation","content-length":"291","priority":"u=1, i","host":"mydomain.com","sec-fetch-mode":"cors","sec-fetch-dest":"empty","accept-encoding":"gzip, deflate, br, zstd","cookie":"wordpress_test_cookie=WP%20Cookie%20check; wp_lang=pt_BR; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1718505837; cookieconsent_status=dismiss; wordpress_logged_in_0da61ab4e4440fb955c5f024aed18563=adfmb%7C1719248598%7Cmdcis24i8kJD2suIQP8pNOzAjtKcqRi40GtQu5Kxyli%7C5a32e4a0e3a95d033927f71e58f2d19b7191c9f354d8313069b64c36857f0b04","accept-language":"pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7"}},"response":{"body":"","http_code":200,"headers":{"Access-Control-Allow-Origin":"https://mydomain.com","Cache-Control":"no-cache, must-revalidate, max-age=0, no-store, private","Expires":"Wed, 11 Jan 1984 05:00:00 GMT","X-Robots-Tag":"noindex","X-WP-Nonce":"bcb814b590","Access-Control-Allow-Headers":"Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type","Access-Control-Allow-Credentials":"true","Server":"Blessed","Server":"Blessed","X-Frame-Options":"SAMEORIGIN","Access-Control-Allow-Methods":"OPTIONS, GET, POST, PUT, PATCH, DELETE","Date":"Sun, 23 Jun 2024 20:31:21 GMT","Connection":"close","Access-Control-Expose-Headers":"X-WP-Total, X-WP-TotalPages, Link","X-Content-Type-Options":"nosniff","X-Content-Type-Options":"nosniff","Vary":"Accept-Encoding","Vary":"Origin","Content-Encoding":"gzip","Allow":"GET, POST, PUT, PATCH, DELETE","X-Powered-By":"","Content-Type":"application/json; charset=UTF-8","Link":"<https://mydomain.com/wp-json/>; rel=\"https://api.w.org/\"","X-XSS-Protection":"1; mode=block","Referrer-Policy":"no-referrer-when-downgrade","Content-Security-Policy":"default-src * data: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https: blob:;"}},"producer":{"modsecurity":"ModSecurity v3.0.12 (Linux)","connector":"ModSecurity-nginx v1.0.3","secrules_engine":"Enabled","components":["OWASP_CRS/4.2.0\""]},"messages":[{"message":"Node-Validator Deny List Keywords","details":{"match":"Matched \"Operator `Pm' with parameter `document.cookie document.domain document.write .parentnode .innerhtml window.location -moz-binding <!-- <![cdata[' against variable `ARGS:json.content' (Value: `<!-- wp:navigation-link {\"label\":\"O Autor\",\"type\":\"page\",\"url\":\"/author/fulano\",\"kind\":\"post-type\"} / (139 characters omitted)' )","reference":"o0,4v13,233t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls","ruleId":"941180","file":"/etc/modsecurity.d/owasp-crs-wordpress/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf","lineNumber":"252","data":"Matched Data: <!-- found within ARGS:json.content: <!-- wp:navigation-link {\"label\":\"O Autor\",\"type\":\"page\",\"url\":\"/author/fulano\",\"kind\":\"post-type\"} /-->\n\n<!-- wp:navigation-link {\"label\":\"Blog\",\"type\":\"page\",\"id\":20,\"url\":\"https://mydomain.com/blog/\",\"kind\":\"post-type\"} /-->","severity":"2","ver":"OWASP_CRS/4.2.0","rev":"","tags":["modsecurity","application-multi","language-multi","platform-multi","attack-xss","xss-perf-disable","paranoia-level/1","OWASP_CRS","capec/1000/152/242"],"maturity":"0","accuracy":"0"}}]}

Your Environment

CRS version (e.g., v3.3.4): 4.2.0
Paranoia level setting (e.g. PL1) : PL1
ModSecurity version (e.g., 2.9.6): v3.0.12
Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): Nginx 1.26
Operating System and version: Docker image owasp/modsecurity-crs:4.2.0-nginx-202405220605 running on a Ubuntu 22.04

Confirmation

[ x ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.

Possible solution

Exclusion rule for the second false positive:

# Updating wordpress website navigation
SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/navigation/" \
    "id:1002,\
    phase:1,\
    pass,\
    t:none,\
    nolog,\
    chain"
    SecRule REQUEST_HEADERS:x-http-method-override "@streq PUT" \
        "t:none,\
        ctl:ruleRemoveById=920450"

Exclusion rule for the second false positive:

# Updating wordpress website navigation
SecRule REQUEST_URI "@beginsWith /wp-json/wp/v2/navigation/" \
    "id:1003,\
    phase:2,\
    pass,\
    t:none,\
    nolog,\
    chain"
    SecRule ARGS:json.content "@pm <!--" \
        "t:none,t:utf8toUnicode,t:urlDecodeUni,t:htmlEntityDecode,t:jsDecode,t:cssDecode,t:removeNulls,\
        ctl:ruleRemoveById=941180"

Note: It is interesting to try to reproduce the problem also in other contexts. I think that, especially the second false positive may be affecting other places since full site editing and block template themes uses a lot of  type of content everywhere.

Issue in default WordPress with `x-http-method-override` header at PL 1

I created a PR (#11) in March fixing this issue, but due to ongoing discussion about the header I'd to later close the PR. This header x-http-method-override still causes FP in default WordPress at PL 1.

Update:- Issue is in CRS 4.0

[Sat Oct 14 00:35:11.891548 2023] [:error] [pid 19341] [client 127.0.0.1:56236] [client 127.0.0.1] ModSecurity: Warning. String match within "/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/" at TX:header_name_920450_x-http-method-override. [file "/etc/modsecurity/coreruleset/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1167"] [id "920450"] [msg "HTTP header is restricted by policy (/x-http-method-override/)"] [data "Restricted header detected: /x-http-method-override/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ZSmU56gix_dBFGBF5VZBbQAAAAA"], referer: http://localhost/wp-admin/post.php?post=1&action=edit

False positives with WordPress 6.3.1 and full site editing

Summary

When attempting to save edits to after changing styles using the full site editor (/wp-admin/site-editor.php?path=%2Fwp_global_styles), seven errors are displayed.

There are five:

[file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"]

And one each of these two:

[file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"]

[file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"]

Full log:

[Tue Oct 10 00:03:34.648190 2023] [security2:error] [pid 1325651:tid 139687177930432] [remote XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:styles.blocks.core/post-date.typography.fontFamily: var(--wp--preset--font-family--source-serif-pro)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles
[Tue Oct 10 00:03:34.648359 2023] [security2:error] [pid 1325651:tid 139687177930432] [remote XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:styles.blocks.core/post-terms.typography.fontFamily: var(--wp--preset--font-family--source-serif-pro)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles
[Tue Oct 10 00:03:34.648516 2023] [security2:error] [pid 1325651:tid 139687177930432] [remote XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:styles.elements.button.color.text: var(--wp--preset--color--base)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles
[Tue Oct 10 00:03:34.648662 2023] [security2:error] [pid 1325651:tid 139687177930432] [remote XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:styles.elements.button.:visited.color.text: var(--wp--preset--color--base)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles
[Tue Oct 10 00:03:34.648778 2023] [security2:error] [pid 1325651:tid 139687177930432] [remote XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/usr/share/modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within ARGS:styles.elements.heading.typography.fontFamily: var(--wp--preset--font-family--source-serif-pro)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles
[Tue Oct 10 00:03:34.656891 2023] [security2:error] [pid 1325651:tid 139687177930432] [remote XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles
[Tue Oct 10 00:03:34.657520 2023] [security2:error] [pid 1325651:tid 139686926149312] [client XXX.XXX.XXX.XXX:62076] [client XXX.XXX.XXX.XXX] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=25,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "xxxxxxxxx.org"] [uri "/index.php"] [unique_id "ZSTNFkPkvf5768haEecC1wAA1xM"], referer: https://xxxxxxxxx.org/wp-admin/site-editor.php?path=%2Fwp_global_styles

WP-Cron blocked

see:
2024/03/09 08:45:26 [error] 2711#2711: *1414 [client <internal-ip-of-wp-docker-container>] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/usr/local/nginx/conf/conf.d/include/coreruleset/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "176"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.0.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [hostname "<external-ip>"] [uri "/wp-cron.php"] [unique_id "170997032676.301850"] [ref ""], client: <internal-ip-of-wp-docker-container>, server: <domain>, request: "POST /wp-cron.php?doing_wp_cron=1709970326.3545379638671875000000 HTTP/1.1", host: "<domain>"

949110 triggered when trying to Upload images to Wordpress

I enabled this ruleset on CloudFlare, left it at the default setting and was unable to upload images to Wordpress for a day and a half. It was a very savvy Cloudflare support specialist who sent me the email below. Disabling OWASP altogether fixed the problem immediately. Here's the screenshot that started it all

https://www.dropbox.com/s/tm6tpfp959vbu7l/Screenshot%202022-05-18%20163404.png?dl=0

I sent CF a .HAR file output from that page and below was their response, along with a screenshot of how they found the solution.

Hello,
Thank you for providing the HAR file.
I investigated this issue using the Ray ID associated with the 403 error in the HAR file.
Ray ID: 70d65a881e3c2d40
In the Security Overview section in your Cloudflare Dashboard I searched the Ray ID, and I see that the 403 error is due to the Cloudflare OWASP Core Ruleset. You can see in the image below that the request triggered the Cloudflare OWASP Core Ruleset, which blocked the request, resulting in a 403 error.

You can also view this information by going to your Cloudflare Dashboard > Security > Overview, and then adding a filter and inputting the Ray ID.
The Cloudflare WAF contains mainly 2 packages:
Cloudflare Managed Ruleset: These rules are managed by Cloudflare WAF Engineers. For "security reasons", we don't provide the rule patterns as this would increase the likelihood that a malicious party could learn to bypass the rules.
OWASP ModSecurity Core Rule Set: These rules are not managed by Cloudflare. They are created by the OWASP Group and Cloudflare integrates with this OWASP package as part of our WAF for additional security. If you would like to know why an OWASP rule has triggered, you can review the rules (expressions and sensitivity score) in the GitHub repository in this link.
If you're encountering false positives, there are a couple actions that you could take here:
• Add WAF Exception
You can define WAF exceptions in the Cloudflare dashboard or using the Rulesets API.
• If the rule blocking is 949110 (new OWASP), it means it was blocked by the OWASP rules. In your particular case the rule that blocked your request is 949110. I recommend decreasing the OWASP Anomaly Score Threshold or lower the OWASP Paranoia Level.
Resources:
False Positives
Package: OWASP ModSecurity Core Rule Set

Please let me know if you have any questions.
Kind regards,
Paige Kammeyer
Technical Support Engineer -Cloudflare

Screenshot detailing how they traced it
https://www.dropbox.com/s/k3r9crld4oavjt4/details.png?dl=0

Meanwhile, I think I aged about 5 years. Never would I have checked OWASP for this issue

WordPress: wp_autosave false positive at PL2

Description

WordPress has an autosave function while creating a new post or page. It sends an HTTP request with the content of the excerpt to /wp-admin.php that can contains HTML tags. This lead to False Positives on different rules (see below) at PL2.

Audit Logs / Triggered Rule Numbers

example on CRS sandbox:

$ curl -s \
  -H 'x-crs-paranoia-level: 2' \
  -H 'x-backend: apache' \
  -H 'x-format-output: txt-matched-rules' \
  -d 'data[wp_autosave][excerpt]=<p><strong>25 Jun - 02 Jul 2023</strong></p>' \
  --path-as-is \
  "https://sandbox.coreruleset.org/wp-admin/admin-ajax.php"
 
941320 PL2 Possible XSS Attack Detected - HTML Tag Handler
942131 PL2 SQL Injection Attack: SQL Boolean-based attack detected
949110 PL1 Inbound Anomaly Score Exceeded (Total Score: 10)
980170 PL1 Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=0-10-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=5, XSS=5, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0)

Confirmation

I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.

FP /wp-json/paypal/v1/incoming

on woocommerce plugin, CRS blocks API /wp-json/paypal/v1/incoming because of 931130 at PL2 during a payment

example

Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link

Matched "Operator `EndsWith' with parameter `.personal-tour.it' against variable `TX:rfi_parameter_ARGS:json.links.array_1.href' (Value: `.api.paypal.com' )

Matched Data: https://api.paypal.com/v1/notifications/webhooks-events/WH-12345-12345/resend found within TX:rfi_parameter_ARGS:json.links.array_1.href: .api.paypal.com

is it worth creating an exclusion for this?

Wordpress false positive is user password begins with "$"

Hello,

I had several issues adding new users in latest WordPress and latest OWASP WordPress rules exclusion plugin.

The log is as follows:

[Sat Mar 02 11:48:20.631053 2024] [:error] [pid 27350] [client REDACTED:55579] [client REDACTED] ModSecurity: Warning. Pattern match "\\\\$+(?:[a-zA-Z_\\\\x7f-\\\\xff][a-zA-Z0-9_\\\\x7f-\\\\xff]*|\\\\s*{.+})(?:\\\\s|\\\\[.+\\\\]|{.+}|/\\\\*.*\\\\*/|//.*|#.*)*\\\$.*\\\$" at ARGS:pass1. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "460"] [id "933180 "] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: $mm82rEJpdrmYns(Oa) found within ARGS:pass1: $mm82rEJpdrmYns(Oa)889aV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "www.REDACTED.com"] [uri "/wp-admin/user-new.php"] [unique_id "ZeMSBJ3nkXCGEAmPg4frkwAAAAM "], referer: https://www.REDACTED.com/wp-admin/user-new.php

The matched data, found in ARGS:pass1, is exactly the random password WordPress created. I believe the pattern triggers because it thinks I am passing a PHP variable (they begin with "$").

False positive with Semplice theme editing

Summary

When attempting to save edits using the Semplice theme (/wp-admin/admin.php?page=semplice-admin&ref=edit.php%3Fpost_type%3Dpage#edit/106), 12 errors are displayed:

Eight errors like this:

[file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "93"] - Execution error - PCRE limits exceeded (-47)

One like this:

[file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "56"] [id "941100"] [msg "XSS Attack Detected via libinjection"]

One like this:

[file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "200"] [id "941160"] [msg "NoScript XSS InjectionChecker: HTML Injection"]

One like this:

[file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"]

One like this:

[file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"]

Full log

[Tue Oct 10 22:45:30.582304 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b89b29990 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "93"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.589442 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b89a11ad8 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "270"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.591032 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b8a9fa258 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "321"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.596788 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b8974e830 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "346"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.599402 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b899edaa8 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "371"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.601465 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b89848eb0 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "396"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.603069 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b89048b18 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "421"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:30.604521 2023] [security2:error] [pid 1447922:tid 139687355848384] [remote XX.XX.XX.XX:53949] [client XX.XX.XX.XX] ModSecurity: Rule 7f0b8a2bd170 [id "-"][file "/usr/share/modsecurity-crs/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line "446"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "xxxxx"] [uri "/wp-admin/admin.php"] [unique_id "ZSYMR_w1fglWMkS6nqzDKQAAUwA"], referer: https://xxxxx/wp-admin/edit.php?post_type=page
[Tue Oct 10 22:45:49.786142 2023] [security2:error] [pid 1447922:tid 139687211517632] [remote XX.XX.XX.XX:53954] [client XX.XX.XX.XX] ModSecurity: Warning. detected XSS using libinjection. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "56"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:content: {\\x22order\\x22:{\\x22cover\\x22:{\\x22row_cover\\x22:{\\x22columns\\x22:{}}},\\x22section_4oyl7zz8h\\x22:{\\x22row_ar3ffrmrd\\x22:{\\x22columns\\x22:{\\x22column_bx3ggw0k7\\x22:[]}}},\\x22section_u6pjka8tj\\x22:{\\x22row_2ivolrelu\\x22:{\\x22columns\\x22:{\\x22column_r2a1mwhz0\\x22:[\\x22content_yob9mq8jz\\x22,\\x22content_w2xg6epaa\\x22]}}},\\x22section_8hbip9nk7\\x22:{\\x22row_2rxwoi2lm\\x22:{\\x22columns\\x22:{\\x22column_9x87max31\\x22:[\\x22content_aoyy83i4o\\x22]}},\\x22row_8qsrgd2nf\\x..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "xxxxx"] [uri "/wp-json/semplice/v1/editor/save"] [unique_id "ZSYMXfw1fglWMkS6nqzDUgAARA0"], referer: https://xxxxx/wp-admin/admin.php?page=semplice-admin&ref=edit.php%3Fpost_type%3Dpage
[Tue Oct 10 22:45:49.789369 2023] [security2:error] [pid 1447922:tid 139687211517632] [remote XX.XX.XX.XX:53954] [client XX.XX.XX.XX] ModSecurity: Warning. Pattern match "(?i:(?:<\\\\w[\\\\s\\\\S]*[\\\\s\\\\/]|['\\"](?:[\\\\s\\\\S]*[\\\\s\\\\/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange ..." at ARGS:content. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "200"] [id "941160"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: \\x22order\\x22:{\\x22cover\\x22:{\\x22row_cover\\x22:{\\x22columns\\x22:{}}},\\x22section_4oyl7zz8h\\x22:{\\x22row_ar3ffrmrd\\x22:{\\x22columns\\x22:{\\x22column_bx3ggw0k7\\x22:[]}}},\\x22section_u6pjka8tj\\x22:{\\x22row_2ivolrelu\\x22:{\\x22columns\\x22:{\\x22column_r2a1mwhz0\\x22:[\\x22content_yob9mq8jz\\x22,\\x22content_w2xg6epaa\\x22]}}},\\x22section_8hbip9nk7\\x22:{\\x22row_2rxwoi2lm\\x22:{\\x22columns\\x22:{\\x22column_9x87max31\\x22:[\\x22content_aoyy83i4o\\x22]}},\\x22row_8qsrgd2nf\\x22:{\\x22columns\\x22:{\\x22column_iflz4..."] [severity "CRITICAL"] [ver "OWASP_CRS/3 [hostname "xxxxx"] [uri "/wp-json/semplice/v1/editor/save"] [unique_id "ZSYMXfw1fglWMkS6nqzDUgAARA0"], referer: https://xxxxx/wp-admin/admin.php?page=semplice-admin&ref=edit.php%3Fpost_type%3Dpage
[Tue Oct 10 22:45:49.803335 2023] [security2:error] [pid 1447922:tid 139687211517632] [remote XX.XX.XX.XX:53954] [client XX.XX.XX.XX] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "xxxxx"] [uri "/wp-json/semplice/v1/editor/save"] [unique_id "ZSYMXfw1fglWMkS6nqzDUgAARA0"], referer: https://xxxxx/wp-admin/admin.php?page=semplice-admin&ref=edit.php%3Fpost_type%3Dpage
[Tue Oct 10 22:45:49.803986 2023] [security2:error] [pid 1447922:tid 139687068841664] [client XX.XX.XX.XX:53954] [client XX.XX.XX.XX] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [ver "OWASP_CRS/3.3.4"] [tag "event-correlation"] [hostname "xxxxx"] [uri "/wp-json/semplice/v1/editor/save"] [unique_id "ZSYMXfw1fglWMkS6nqzDUgAARA0"], referer: https://xxxxx/wp-admin/admin.php?page=semplice-admin&ref=edit.php%3Fpost_type%3Dpage

HTTP Payload

post_revision%5Bactive%5D=latest_version&post_revision%5Bpublished%5D=latest_version&content=%7B%22order%22%3A%7B%22cover%22%3A%7B%22row_cover%22%3A%7B%22columns%22%3A%7B%7D%7D%7D%2C%22section_4oyl7zz8h%22%3A%7B%22row_ar3ffrmrd%22%3A%7B%22columns%22%3A%7B%22column_bx3ggw0k7%22%3A%5B%5D%7D%7D%7D%2C%22section_u6pjka8tj%22%3A%7B%22row_2ivolrelu%22%3A%7B%22columns%22%3A%7B%22column_r2a1mwhz0%22%3A%5B%22content_yob9mq8jz%22%2C%22content_w2xg6epaa%22%5D%7D%7D%7D%2C%22section_8hbip9nk7%22%3A%7B%22row_2rxwoi2lm%22%3A%7B%22columns%22%3A%7B%22column_9x87max31%22%3A%5B%22content_aoyy83i4o%22%5D%7D%7D%2C%22row_8qsrgd2nf%22%3A%7B%22columns%22%3A%7B%22column_iflz4npe7%22%3A%5B%22content_fuf3hh9ve%22%5D%7D%7D%7D%2C%22section_9tu2ore4g%22%3A%7B%22row_j5fi586vl%22%3A%7B%22columns%22%3A%7B%22column_dy5xntu1m%22%3A%5B%22content_svw2lvlfg%22%5D%7D%7D%7D%2C%22section_lae76fcs3%22%3A%7B%22row_jf50e7ygp%22%3A%7B%22columns%22%3A%7B%22column_zwa5xlh6r%22%3A%5B%22content_qek6g3kba%22%5D%7D%7D%2C%22row_dxbnhi5f6%22%3A%7B%22columns%22%3A%7B%22column_3tfj74559%22%3A%5B%22content_qodwabe68%22%2C%22content_ynk2qojvc%22%5D%7D%7D%2C%22row_sja0aj78e%22%3A%7B%22columns%22%3A%7B%22column_zsj59du3r%22%3A%5B%22content_yfk2o38c2%22%2C%22content_yi0qvic1x%22%5D%7D%7D%2C%22row_lk89gz32e%22%3A%7B%22columns%22%3A%7B%22column_6u3uonl7f%22%3A%5B%22content_riz0k7pzm%22%2C%22content_u7rkl5ryv%22%5D%7D%7D%2C%22row_yewly3yjf%22%3A%7B%22columns%22%3A%7B%22column_o6v6b3get%22%3A%5B%22content_i5wj9vccd%22%2C%22content_zsb6gsw1r%22%5D%7D%7D%7D%2C%22section_u93u5ndin%22%3A%7B%22row_ikhurmxhp%22%3A%7B%22columns%22%3A%7B%22column_oxx99i9xm%22%3A%5B%22content_4t85wphhs%22%5D%7D%7D%7D%7D%2C%22images%22%3A%7B%22206%22%3A%7B%22url%22%3A%22https%3A%2F%2Fpaulwatabe.com%2Fwp-content%2Fuploads%2F2016%2F03%2Fwork.jpg%22%2C%22width%22%3A2400%2C%22height%22%3A1278%7D%2C%22306%22%3A%7B%22url%22%3A%22https%3A%2F%2Fpaulwatabe.com%2Fwp-content%2Fuploads%2F2020%2F11%2Fpaul-watabe.jpg%22%2C%22width%22%3A1200%2C%22height%22%3A1200%7D%7D%2C%22branding%22%3A%7B%7D%2C%22content_yob9mq8jz%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Ch1+data-mce-style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+data-line-height-xl%3D%5C%223.333rem%5C%22+data-font-size-xl%3D%5C%222.556rem%5C%22+data-font-size-xs%3D%5C%221.333rem%5C%22+data-line-height-xs%3D%5C%222.000rem%5C%22+data-font-size-sm%3D%5C%221.778rem%5C%22+data-line-height-sm%3D%5C%222.667rem%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-mce-style%3D%5C%22color%3A+%231a1b1d%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-letter-spacing-xs%3D%5C%220.044rem%5C%22+data-letter-spacing-sm%3D%5C%220.022rem%5C%22%3E%3Cstrong%3EI'm+Paul%2C+a+Canadian+digital+product+designer+currently+designing+from+Ho+Chi+Minh+City%2C+Vietnam.+%3C%2Fstrong%3E%3C%2Fspan%3E%3C%2Fh1%3E%3Ch1+data-mce-style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+data-line-height-xl%3D%5C%223.333rem%5C%22+data-font-size-xl%3D%5C%222.556rem%5C%22+data-font-size-xs%3D%5C%221.333rem%5C%22+data-line-height-xs%3D%5C%222.000rem%5C%22+data-font-size-sm%3D%5C%221.778rem%5C%22+data-line-height-sm%3D%5C%222.667rem%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-mce-style%3D%5C%22color%3A+%231a1b1d%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-letter-spacing-xs%3D%5C%220.044rem%5C%22+data-letter-spacing-sm%3D%5C%220.022rem%5C%22%3E%3Cstrong%3EFormally+at+%3Cspan+style%3D%5C%22color%3A+rgb(102%2C+102%2C+102)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23666666%3B%5C%22%3EFE+CREDIT%3C%2Fspan%3E+and%26nbsp%3B%3Ca+data-mce-href%3D%5C%22https%3A%2F%2Fblockchainlabs.asia%2F%5C%22+href%3D%5C%22https%3A%2F%2Fblockchainlabs.asia%2F%5C%22+style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(102%2C+102%2C+102)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23666666%3B%5C%22%3EInfinity+Blockchain+Labs%3C%2Fspan%3E.%EF%BB%BF%3C%2Fa%3E%3C%2Fstrong%3E%3C%2Fspan%3E%3C%2Fh1%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.1111111111111112rem%22%2C%22padding-top%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_r2a1mwhz0%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2210%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-valign%22%3A%22center%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22unpublished_changes%22%3Atrue%2C%22content_fuf3hh9ve%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22portfoliogrid%22%2C%22options%22%3A%7B%22title_position%22%3A%22below-left%22%2C%22categories%22%3A%7B%7D%2C%22title_font%22%3A%22font_lla206nf0%22%2C%22category_font%22%3A%22font_lla206nf0%22%2C%22title_fontsize%22%3A%221.1111111111111112rem%22%2C%22category_fontsize%22%3A%220.8888888888888888rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_8hbip9nk7%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%222.2222222222222223rem%22%2C%22padding-bottom%22%3A%224.444444444444445rem%22%7D%2C%22xs%22%3A%7B%22padding-bottom%22%3A%222.2222222222222223rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_w2xg6epaa%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Ch4+style%3D%5C%22line-height%3A+1.556rem%3B+font-size%3A+1rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.556rem%3B+font-size%3A+1rem%3B%5C%22+data-line-height-xl%3D%5C%222.222rem%5C%22+data-font-size-xs%3D%5C%221.000rem%5C%22+data-line-height-xs%3D%5C%221.556rem%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(0%2C+0%2C+0)%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23000000%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-letter-spacing-xs%3D%5C%220.022rem%5C%22%3ECurrently%2C+available+for+new+opportunities.%3C%2Fspan%3E%3C%2Fh4%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_lae76fcs3%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%224.444444444444445rem%22%2C%22padding-bottom%22%3A%224.444444444444445rem%22%7D%2C%22xs%22%3A%7B%22padding-top%22%3A%222.2222222222222223rem%22%2C%22padding-bottom%22%3A%222.2222222222222223rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_zsj59du3r%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_6u3uonl7f%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_yi0qvic1x%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22%3ERPM+(Remote+Patient+Monitoring)+platform%3C%2Fspan%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22%3E+for+Health+Care+Providers%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_riz0k7pzm%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22%3EDr.+Kumo+%5BMobile+app%5D%3Cbr%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_u7rkl5ryv%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22%3EPatient+monitoring+Mobile+app+for+Patients%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_i5wj9vccd%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22%3EDr.+Kumo+%5BWatch+app%5D%3Cbr%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_o6v6b3get%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_zsb6gsw1r%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23888888%3B%5C%22%3EPatient+monitoring+Samsung+Galaxy+Watch+app+for+Patients%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_qek6g3kba%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_zwl0qo0jc+font_nbavm6yiz%5C%22%3ECURRENT+SIDE+PROJECTS%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.1111111111111112rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_zwa5xlh6r%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_yfk2o38c2%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B+font-size%3A+1.111rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B+font-size%3A+1.111rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22+data-font-size-xl%3D%5C%221.111rem%5C%22%3E%3Cspan+class%3D%5C%22font_lla206nf0%5C%22%3EDr.+Kumo+%5BWebsite%5D%3C%2Fspan%3E%3Cbr%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_qodwabe68%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22%3EBillease+%5BMobile+app%5D%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_3tfj74559%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_ynk2qojvc%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23888888%3B%5C%22%3EConsumer+loan+Mobile+app%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_u6pjka8tj%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_4oyl7zz8h%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_bx3ggw0k7%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%224.444444444444445rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%2C%22type%22%3A%22spacer%22%7D%2C%22content_aoyy83i4o%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22spacer%22%2C%22options%22%3A%7B%22height%22%3A%220.05555555555555555rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_9x87max31%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_svw2lvlfg%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22spacer%22%2C%22options%22%3A%7B%22height%22%3A%220.05555555555555555rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_9tu2ore4g%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_dy5xntu1m%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_4t85wphhs%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22spacer%22%2C%22options%22%3A%7B%22height%22%3A%220.05555555555555555rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_u93u5ndin%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_oxx99i9xm%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_iflz4npe7%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%7D&post_id=106&post_settings=%7B%22thumbnail%22%3A%7B%22image%22%3A%22%22%2C%22width%22%3A%224%22%2C%22hover_visibility%22%3A%22disabled%22%7D%2C%22meta%22%3A%7B%22post_title%22%3A%22Work%22%2C%22permalink%22%3A%22work%22%2C%22navbar_visibility%22%3A%22true%22%2C%22navbar%22%3A%22nav_9ynafsmff%22%2C%22footer%22%3A%220%22%2C%22rt_image_size%22%3A%22original%22%7D%2C%22seo%22%3A%7B%7D%7D&post_type=page&save_mode=draft&change_status=no&post_password=&custom_colors=%5B%22%23000000%22%2C%22%23ffd300%22%2C%22%23ff0000%22%2C%22%23111111%22%2C%22%231a1b1d%22%5D&images=%7B%22383%22%3A%7B%22url%22%3A%22https%3A%2F%2Fpaulwatabe.com%2Fwp-content%2Fuploads%2F2023%2F07%2Ffavicon.png%22%2C%22width%22%3A34%2C%22height%22%3A34%7D%7D&editor_notices=%7B%22section_module%22%3A%22unread%22%2C%22text_module%22%3A%22read%22%2C%22motions%22%3A%22read%22%7D&masterblocks=%7B%7D&presets=false

Copy as cURL

curl 'https://xxxxx/wp-json/semplice/v1/editor/save' \
  -H 'authority: xxxxx' \
  -H 'accept: */*' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'content-type: application/x-www-form-urlencoded; charset=UTF-8' \
  -H 'cookie: wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_74aad4fc1171c095d2ce86ebeea7bf40=paulschreiber%7C1698201463%7CLEde90Ce2X1Khc2brRwgLeRJzk7nKEpeL1u9BwFjZkb%7C8ef52f1a3447b2c3200b57fb56d4d3980b9faa2a688d7d6b9a3e936c9b826b51; wp-settings-2=imgsize%3Dfull; wp-settings-time-2=1696991867' \
  -H 'origin: https://xxxxx' \
  -H 'referer: https://xxxxx/wp-admin/admin.php?page=semplice-admin&ref=edit.php%3Fpost_type%3Dpage' \
  -H 'sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-origin' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' \
  -H 'x-requested-with: XMLHttpRequest' \
  -H 'x-wp-nonce: 4adca524c7' \
  --data-raw $'post_revision%5Bactive%5D=latest_version&post_revision%5Bpublished%5D=latest_version&content=%7B%22order%22%3A%7B%22cover%22%3A%7B%22row_cover%22%3A%7B%22columns%22%3A%7B%7D%7D%7D%2C%22section_4oyl7zz8h%22%3A%7B%22row_ar3ffrmrd%22%3A%7B%22columns%22%3A%7B%22column_bx3ggw0k7%22%3A%5B%5D%7D%7D%7D%2C%22section_u6pjka8tj%22%3A%7B%22row_2ivolrelu%22%3A%7B%22columns%22%3A%7B%22column_r2a1mwhz0%22%3A%5B%22content_yob9mq8jz%22%2C%22content_w2xg6epaa%22%5D%7D%7D%7D%2C%22section_8hbip9nk7%22%3A%7B%22row_2rxwoi2lm%22%3A%7B%22columns%22%3A%7B%22column_9x87max31%22%3A%5B%22content_aoyy83i4o%22%5D%7D%7D%2C%22row_8qsrgd2nf%22%3A%7B%22columns%22%3A%7B%22column_iflz4npe7%22%3A%5B%22content_fuf3hh9ve%22%5D%7D%7D%7D%2C%22section_9tu2ore4g%22%3A%7B%22row_j5fi586vl%22%3A%7B%22columns%22%3A%7B%22column_dy5xntu1m%22%3A%5B%22content_svw2lvlfg%22%5D%7D%7D%7D%2C%22section_lae76fcs3%22%3A%7B%22row_jf50e7ygp%22%3A%7B%22columns%22%3A%7B%22column_zwa5xlh6r%22%3A%5B%22content_qek6g3kba%22%5D%7D%7D%2C%22row_dxbnhi5f6%22%3A%7B%22columns%22%3A%7B%22column_3tfj74559%22%3A%5B%22content_qodwabe68%22%2C%22content_ynk2qojvc%22%5D%7D%7D%2C%22row_sja0aj78e%22%3A%7B%22columns%22%3A%7B%22column_zsj59du3r%22%3A%5B%22content_yfk2o38c2%22%2C%22content_yi0qvic1x%22%5D%7D%7D%2C%22row_lk89gz32e%22%3A%7B%22columns%22%3A%7B%22column_6u3uonl7f%22%3A%5B%22content_riz0k7pzm%22%2C%22content_u7rkl5ryv%22%5D%7D%7D%2C%22row_yewly3yjf%22%3A%7B%22columns%22%3A%7B%22column_o6v6b3get%22%3A%5B%22content_i5wj9vccd%22%2C%22content_zsb6gsw1r%22%5D%7D%7D%7D%2C%22section_u93u5ndin%22%3A%7B%22row_ikhurmxhp%22%3A%7B%22columns%22%3A%7B%22column_oxx99i9xm%22%3A%5B%22content_4t85wphhs%22%5D%7D%7D%7D%7D%2C%22images%22%3A%7B%22206%22%3A%7B%22url%22%3A%22https%3A%2F%2Fxxxxx%2Fwp-content%2Fuploads%2F2016%2F03%2Fwork.jpg%22%2C%22width%22%3A2400%2C%22height%22%3A1278%7D%2C%22306%22%3A%7B%22url%22%3A%22https%3A%2F%2Fxxxxx%2Fwp-content%2Fuploads%2F2020%2F11%2Fpaul-watabe.jpg%22%2C%22width%22%3A1200%2C%22height%22%3A1200%7D%7D%2C%22branding%22%3A%7B%7D%2C%22content_yob9mq8jz%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Ch1+data-mce-style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+data-line-height-xl%3D%5C%223.333rem%5C%22+data-font-size-xl%3D%5C%222.556rem%5C%22+data-font-size-xs%3D%5C%221.333rem%5C%22+data-line-height-xs%3D%5C%222.000rem%5C%22+data-font-size-sm%3D%5C%221.778rem%5C%22+data-line-height-sm%3D%5C%222.667rem%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-mce-style%3D%5C%22color%3A+%231a1b1d%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-letter-spacing-xs%3D%5C%220.044rem%5C%22+data-letter-spacing-sm%3D%5C%220.022rem%5C%22%3E%3Cstrong%3EI\'m+Paul%2C+a+Canadian+digital+product+designer+currently+designing+from+Ho+Chi+Minh+City%2C+Vietnam.+%3C%2Fstrong%3E%3C%2Fspan%3E%3C%2Fh1%3E%3Ch1+data-mce-style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+style%3D%5C%22line-height%3A+2.667rem%3B+font-size%3A+1.778rem%3B%5C%22+data-line-height-xl%3D%5C%223.333rem%5C%22+data-font-size-xl%3D%5C%222.556rem%5C%22+data-font-size-xs%3D%5C%221.333rem%5C%22+data-line-height-xs%3D%5C%222.000rem%5C%22+data-font-size-sm%3D%5C%221.778rem%5C%22+data-line-height-sm%3D%5C%222.667rem%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-mce-style%3D%5C%22color%3A+%231a1b1d%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-letter-spacing-xs%3D%5C%220.044rem%5C%22+data-letter-spacing-sm%3D%5C%220.022rem%5C%22%3E%3Cstrong%3EFormally+at+%3Cspan+style%3D%5C%22color%3A+rgb(102%2C+102%2C+102)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23666666%3B%5C%22%3EFE+CREDIT%3C%2Fspan%3E+and%26nbsp%3B%3Ca+data-mce-href%3D%5C%22https%3A%2F%2Fblockchainlabs.asia%2F%5C%22+href%3D%5C%22https%3A%2F%2Fblockchainlabs.asia%2F%5C%22+style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(26%2C+27%2C+29)%3B%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(102%2C+102%2C+102)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23666666%3B%5C%22%3EInfinity+Blockchain+Labs%3C%2Fspan%3E.%EF%BB%BF%3C%2Fa%3E%3C%2Fstrong%3E%3C%2Fspan%3E%3C%2Fh1%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.1111111111111112rem%22%2C%22padding-top%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_r2a1mwhz0%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2210%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-valign%22%3A%22center%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22unpublished_changes%22%3Atrue%2C%22content_fuf3hh9ve%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22portfoliogrid%22%2C%22options%22%3A%7B%22title_position%22%3A%22below-left%22%2C%22categories%22%3A%7B%7D%2C%22title_font%22%3A%22font_lla206nf0%22%2C%22category_font%22%3A%22font_lla206nf0%22%2C%22title_fontsize%22%3A%221.1111111111111112rem%22%2C%22category_fontsize%22%3A%220.8888888888888888rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_8hbip9nk7%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%222.2222222222222223rem%22%2C%22padding-bottom%22%3A%224.444444444444445rem%22%7D%2C%22xs%22%3A%7B%22padding-bottom%22%3A%222.2222222222222223rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_w2xg6epaa%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Ch4+style%3D%5C%22line-height%3A+1.556rem%3B+font-size%3A+1rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.556rem%3B+font-size%3A+1rem%3B%5C%22+data-line-height-xl%3D%5C%222.222rem%5C%22+data-font-size-xs%3D%5C%221.000rem%5C%22+data-line-height-xs%3D%5C%221.556rem%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(0%2C+0%2C+0)%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23000000%3B+letter-spacing%3A+0.022rem%3B%5C%22+data-letter-spacing-xs%3D%5C%220.022rem%5C%22%3ECurrently%2C+available+for+new+opportunities.%3C%2Fspan%3E%3C%2Fh4%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_lae76fcs3%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%224.444444444444445rem%22%2C%22padding-bottom%22%3A%224.444444444444445rem%22%7D%2C%22xs%22%3A%7B%22padding-top%22%3A%222.2222222222222223rem%22%2C%22padding-bottom%22%3A%222.2222222222222223rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_zsj59du3r%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_6u3uonl7f%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_yi0qvic1x%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22%3ERPM+(Remote+Patient+Monitoring)+platform%3C%2Fspan%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22%3E+for+Health+Care+Providers%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_riz0k7pzm%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22%3EDr.+Kumo+%5BMobile+app%5D%3Cbr%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_u7rkl5ryv%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22%3EPatient+monitoring+Mobile+app+for+Patients%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_i5wj9vccd%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22%3EDr.+Kumo+%5BWatch+app%5D%3Cbr%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_o6v6b3get%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_zsb6gsw1r%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23888888%3B%5C%22%3EPatient+monitoring+Samsung+Galaxy+Watch+app+for+Patients%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_qek6g3kba%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_zwl0qo0jc+font_nbavm6yiz%5C%22%3ECURRENT+SIDE+PROJECTS%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.1111111111111112rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_zwa5xlh6r%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_yfk2o38c2%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B+font-size%3A+1.111rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B+font-size%3A+1.111rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22+data-font-size-xl%3D%5C%221.111rem%5C%22%3E%3Cspan+class%3D%5C%22font_lla206nf0%5C%22%3EDr.+Kumo+%5BWebsite%5D%3C%2Fspan%3E%3Cbr%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_qodwabe68%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-mce-style%3D%5C%22line-height%3A+1.333rem%3B%5C%22+data-line-height-xl%3D%5C%221.333rem%5C%22%3EBillease+%5BMobile+app%5D%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_3tfj74559%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%221.7777777777777777rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_ynk2qojvc%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%3Cp+class%3D%5C%22custom_dtlqjd1c1+font_lla206nf0%5C%22%3E%3Cspan+style%3D%5C%22color%3A+rgb(136%2C+136%2C+136)%3B%5C%22+data-mce-style%3D%5C%22color%3A+%23888888%3B%5C%22%3EConsumer+loan+Mobile+app%3C%2Fspan%3E%3C%2Fp%3E%22%7D%2C%22module%22%3A%22text%22%2C%22options%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-bottom%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_u6pjka8tj%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%220rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_4oyl7zz8h%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_bx3ggw0k7%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%22padding-top%22%3A%224.444444444444445rem%22%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%2C%22type%22%3A%22spacer%22%7D%2C%22content_aoyy83i4o%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22spacer%22%2C%22options%22%3A%7B%22height%22%3A%220.05555555555555555rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_9x87max31%22%3A%7B%22width%22%3A%7B%22xl%22%3A%2212%22%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_svw2lvlfg%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22spacer%22%2C%22options%22%3A%7B%22height%22%3A%220.05555555555555555rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_9tu2ore4g%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_dy5xntu1m%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22content_4t85wphhs%22%3A%7B%22content%22%3A%7B%22xl%22%3A%22%22%7D%2C%22module%22%3A%22spacer%22%2C%22options%22%3A%7B%22height%22%3A%220.05555555555555555rem%22%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22section_u93u5ndin%22%3A%7B%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%22data-column-mode-sm%22%3A%22single%22%2C%22data-column-mode-xs%22%3A%22single%22%2C%22data-layout%22%3A%22fluid%22%7D%2C%22customHeight%22%3A%7B%22xl%22%3A%7B%22height%22%3A%2215rem%22%7D%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_oxx99i9xm%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%2C%22column_iflz4npe7%22%3A%7B%22width%22%3A%7B%22xl%22%3A12%7D%2C%22options%22%3A%7B%7D%2C%22layout%22%3A%7B%7D%2C%22styles%22%3A%7B%22xl%22%3A%7B%7D%7D%2C%22motions%22%3A%7B%22active%22%3A%7B%7D%2C%22start%22%3A%7B%7D%2C%22end%22%3A%7B%7D%7D%7D%7D&post_id=106&post_settings=%7B%22thumbnail%22%3A%7B%22image%22%3A%22%22%2C%22width%22%3A%224%22%2C%22hover_visibility%22%3A%22disabled%22%7D%2C%22meta%22%3A%7B%22post_title%22%3A%22Work%22%2C%22permalink%22%3A%22work%22%2C%22navbar_visibility%22%3A%22true%22%2C%22navbar%22%3A%22nav_9ynafsmff%22%2C%22footer%22%3A%220%22%2C%22rt_image_size%22%3A%22original%22%7D%2C%22seo%22%3A%7B%7D%7D&post_type=page&save_mode=draft&change_status=no&post_password=&custom_colors=%5B%22%23000000%22%2C%22%23ffd300%22%2C%22%23ff0000%22%2C%22%23111111%22%2C%22%231a1b1d%22%5D&images=%7B%22383%22%3A%7B%22url%22%3A%22https%3A%2F%2Fxxxxx%2Fwp-content%2Fuploads%2F2023%2F07%2Ffavicon.png%22%2C%22width%22%3A34%2C%22height%22%3A34%7D%7D&editor_notices=%7B%22section_module%22%3A%22unread%22%2C%22text_module%22%3A%22read%22%2C%22motions%22%3A%22read%22%7D&masterblocks=%7B%7D&presets=false' \
  --compressed

Config

WordPress 6.3.1
Semplice 5.3.2
CRS 3.3.4

false positive on save in template editor

I reproduced this on a completely fresh installation with OWASP CRS 4.2.0 and wordpress-rule-exclusions-plugin v1.0.0 with an wordpress installation version 6.5.3 and 6.5.4 with theme Twenty Twenty-Three Version: 1.4

I have nothing done in crs-setup.conf from nor anything changed in the wordpress-rule-exclusions-plugin. If this is my mistake please help me to understand what i missed and why. Thanks.

Error from modsec_audit.log (i hope this shows enough, otherwise i can provide more details if you tell me what is needed):

--18fc1d05-A--
[06/Jun/2024:11:28:08.255620 +0000] ZmGdSKiGpWWaBe02xHB0yAAAABg 1XX.YYY.ZZZ.1 60724 1XX.YYY.ZZZ.185 80
--18fc1d05-B--
POST /index.php?rest_route=%2Fwp%2Fv2%2Ftemplates%2Ftwentytwentythree%2F%2Fpage&_locale=user HTTP/1.1
Host: picard.test.domain.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0
Accept: application/json, */*;q=0.1
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://picard.test.domain.de/wp-admin/site-editor.php?postType=wp_template&postId=twentytwentythree%2F%2Fpage&canvas=edit
X-WP-Nonce: dede7178fa
X-HTTP-Method-Override: PUT
Content-Type: application/json
Content-Length: 1172
Origin: http://picard.test.domain.de
Connection: keep-alive
Cookie: wp-settings-time-1=1717673282; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_5c437b347e89969da010fee89e1e0841=admin%7C1717839898%7CuQMh54IlCJNhoDzEHggvTctk7HxgpKRuzSocECLviqN%7Cff109325c191c841ce4f6d74eeff2cff7e6cfbc43a817413db608a53cb325d91
Priority: u=1

--18fc1d05-H--
Message: Warning. String match within "/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/" at TX:header_name_920450_x-http-method-override. [file "/opt/crs4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1193"] [id "920450"] [msg "HTTP header is restricted by policy (/x-http-method-override/)"] [data "Restricted header detected: /x-http-method-override/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"]
Message: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/opt/crs4/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.2.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"]
Message: Warning. Unconditional match in SecAction. [file "/opt/crs4/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.2.0"] [tag "reporting"] [tag "OWASP_CRS"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1XX.YYY.ZZZ.1] ModSecurity: Warning. String match within "/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/" at TX:header_name_920450_x-http-method-override. [file "/opt/crs4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1193"] [id "920450"] [msg "HTTP header is restricted by policy (/x-http-method-override/)"] [data "Restricted header detected: /x-http-method-override/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "picard.test.domain.de"] [uri "/index.php"] [unique_id "ZmGdSKiGpWWaBe02xHB0yAAAABg"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1XX.YYY.ZZZ.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/opt/crs4/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.2.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "picard.test.domain.de"] [uri "/index.php"] [unique_id "ZmGdSKiGpWWaBe02xHB0yAAAABg"]
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1XX.YYY.ZZZ.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/crs4/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=5, detection=5, per_pl=5-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=0, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=5)"] [ver "OWASP_CRS/4.2.0"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "picard.test.domain.de"] [uri "/index.php"] [unique_id "ZmGdSKiGpWWaBe02xHB0yAAAABg"]
Action: Intercepted (phase 2)
Apache-Handler: proxy:unix:/run/php-fpm/www.sock|fcgi://localhost/
Stopwatch: 1717673288251937 3704 (- - -)
Stopwatch2: 1717673288251937 3704; combined=3375, p1=756, p2=2503, p3=0, p4=0, p5=116, sr=0, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.6 (http://www.modsecurity.org/); OWASP_CRS/4.2.0.
Server: Apache
Engine-Mode: "ENABLED"

--18fc1d05-Z--

FP when opening WP administration with yoast-seo plugin

Server: Apache 2.4.58
Modsecurity version: 2.9.7
CRS version: 4.0.0_rc2
Wordpress version: 5.8.8
wordpress-rule-exclusions-plugin git commit: bcd80ea

GET /wp-admin/index.php HTTP/1.1
Host: www.server.com
Referer: https://www.server.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.server.com%2Fwp-admin%2Findex.php&reauth=1

<script id='yoast-seo-helpers-package-js-translations'>
( function( domain, translations ) {
        var localeData = translations.locale_data[ domain ] || translations.locale_data.messages;
        localeData[""].domain = domain;
        wp.i18n.setLocaleData( localeData, domain );
} )( "wordpress-seo", {"translation-revision-date":"2022-08-09 07:28:20+0000","generator":"GlotPress\/4.0.0-alpha.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=3; plural=(n == 1) ? 0 : ((n >= 2 && n <= 4) ? 1 : 2);","lang":"sk"},"The file size of the uploaded image is too large for %s. File size must be less than %s.":["Ve\u013ekos\u0165 s\u00faboru odovzdan\u00e9ho obr\u00e1zka je pre %s pr\u00edli\u0161 ve\u013ek\u00e1. Ve\u013ekos\u0165 s\u00faboru mus\u00ed by\u0165 men\u0161ia ako %s."],"The format of the uploaded image is not supported. The supported formats are: %s, %s, %s and %s.":["Form\u00e1t nahran\u00e9ho obr\u00e1zka nie je podporovan\u00fd. Podporovan\u00e9 form\u00e1ty s\u00fa: %s, %s, %s a %s."],"You have uploaded a %s. Please note that, if it\u2019s an animated %s, only the first frame will be used.":["Odovzdali ste s\u00fabor %s. Upozor\u0148ujeme, \u017ee ak ide o animovan\u00fa polo\u017eku %s, pou\u017eije sa iba prv\u00e1 sn\u00edmka."],"Your image dimensions are not suitable. The minimum dimensions are %dx%d pixels. The maximum dimensions are %dx%d pixels.":["Rozmery v\u00e1\u0161ho obr\u00e1zka nie s\u00fa vhodn\u00e9. Minim\u00e1lne rozmery s\u00fa %dx%d pixelov. Maxim\u00e1lne rozmery s\u00fa %dx%d pixelov."],"Your image dimensions are not suitable. The minimum dimensions are %dx%d pixels.":["Rozmery v\u00e1\u0161ho obr\u00e1zka nie s\u00fa vhodn\u00e9. Minim\u00e1lne rozmery s\u00fa %dx%d pixelov."],"(Opens in a new browser tab)":["(Otv\u00e1ra sa na novej karte prehliada\u010da)
"]}},"comment":{"reference":"js\/dist\/externals\/helpers.js"}} );
</script>

Message: Warning. Matched phrase "must be less than" at RESPONSE_BODY. [file "/usr/share/modsecurity-crs/rules/RESPONSE-953-DATA-LEAKAGES-PHP.conf"] [line "44"] [id "953100"] [msg "PHP Information Leakage"] [data "Matched Data: must be less than found within RESPONSE_BODY"] [severity "ERROR"] [ver "OWASP_CRS/4.0.0-rc2"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/116"] [tag "PCI/6.5.6"]

Wordpress custom post types are not taken into account.

Some rules have hard coded options for possible content types, e.g. post, page, but these do not take into account that theme developers might add custom post types.

For example rule with id 9507140 :

# Gutenberg
- SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages)" \
+ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:[-_a-z0-9]+)" \
    "id:9507140,\

Issue - async-upload.php

Hello,

Context

When someone upload "X_Y_Z.pdf" file on /wp-admin/upload.php we got these error 400. (Example)

Extract of line -n 80 of modsecurity.conf

 SecRule REQBODY_ERROR "!@eq 0" \"

Error

ModSecurity: Access denied with code 400 (phase 2). Matched "Operator `Eq' with parameter `0' against variable `REQBODY_ERROR' (Value: `1' ) 

[file "modsecurity.conf"] [line "80"] [id "200002"] [rev ""] 
[msg "Failed to parse request body."] 
[data "Multipart parsing error: Multipart: Final boundary missing."] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [uri "/wp-admin/async-upload.php"] [ref "v2132,1"],
request: "POST /wp-admin/async-upload.php HTTP/1.1", referrer: "wp-admin/upload.php"

Wordpress Site Health is unavailable

With CSR 4.0.0 RC1 (actually any CSR version since 3.0.0), the Wordpress "Tools > Site Health" functionality does not work, as the page has the string "session_start()" in the body, which is currently marked as data leakage. An exception for this particular file "site-health.php" from Wordpress could be considered, assuming no other security issues arose in doing so.

Wordpress Elementor Plugin Error 403 on Save

Elementor Plugin

I am getting a 403 error when I try to save some changes that I made to my page using the html/text editor.

Server error Log:

"POST /wp-admin/admin-ajax.php HTTP/1.0" 200 943 "https://xxxxxxxxxx/wp-admin/post.php?post=9&action=elementor"

I will update this post if I find any more information.

WordPress false positive when saving latest LiteSpeed cache settings

Hello,

On a completely new WordPress website I installed today (Apache 2, PHP-FPM 8.2, Ubuntu) I installed the LiteSpeed cache plugin (v6.1).
It's quite popular and works well.

Everything worked correctly, including connecting to their API server and saving that settings page and so on.

However, when I got to the "LiteSpeed Cache Setting" page ( https://www.REDACTED.com/wp-admin/admin.php?page=litespeed-cache ) and tried saving the settings, I got a 403 error.

Here's the quite convoluted pattern the settings page activated:

[Sat Mar 02 12:41:29.712297 2024] [:error] [pid 32198] [client REDACTED:52952] [client REDACTED] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at ARGS:object-global_groups. [file "/usr/share/modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "52"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: options\\x0d\\x0asite-lookup\\x0d found within ARGS:object-global_groups: users\\x0d\\x0auserlogins\\x0d\\x0auseremail\\x0d\\x0auserslugs\\x0d\\x0ausermeta\\x0d\\x0auser_meta\\x0d\\x0asite-transient\\x0d\\x0asite-options\\x0d\\x0asite-lookup\\x0d\\x0asite-details\\x0d\\x0ablog-lookup\\x0d\\x0ablog-details\\x0d\\x0ablog-id-cache\\x0d\\x0arss\\x0d\\x0aglobal-posts\\x0d\\x0aglobal-cache-test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"][hostname "www.REDACTED.com"] [uri "/wp-admin/admin.php"] [unique_id "ZeMeeYc0AlF7wAqgVbsnJgAAAAA"], referer: https://www.REDACTED.com/wp-admin/admin.php?page=litespeed-cache

Wordpress FP on Site Editor

System

Wordpress: Version 6.5 (Default installation, nothing additional)
CRS: 4.1.0 (SecPcreMatchLimit 500000, SecPcreMatchLimitRecursion 500000)
CRS Plugin: wordpress-rule-exclusions-plugin (master)
Apache 2.4.58
ModSecurity 2.9.6 (Apache)

Trigger

Just edit the "Twenty Twenty-Four" for example and add a simple "Test" and press "Save"

Screenshot

Logs

Request

curl 'https://crs.example.com/wp-json/wp/v2/templates/twentytwentyfour//home?_locale=user' \
  -H 'accept: application/json, */*;q=0.1' \
  -H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8,de;q=0.7,hr;q=0.6' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'cookie: nothing here' \
  -H 'origin: https://crs.example.com' \
  -H 'pragma: no-cache' \
  -H 'referer: https://crs.example.com/wp-admin/site-editor.php?return=https%3A%2F%2Fcrs.example.com%2Fwp-admin%2Fthemes.php&canvas=edit' \
  -H 'sec-ch-ua: xxxxx' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: xxx' \
  -H 'sec-fetch-dest: empty' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-site: same-origin' \
  -H 'user-agent: Mozilla/5.0 xxxxxx' \
  -H 'x-http-method-override: PUT' \
  -H 'x-wp-nonce: xxxxxx' \
  --data-raw $'{"id":"twentytwentyfour//home","content":"<\u0021-- wp:template-part {\\"slug\\":\\"header\\",\\"theme\\":\\"twentytwentyfour\\",\\"tagName\\":\\"header\\",\\"area\\":\\"header\\"} /-->\\n\\n<\u0021-- wp:group {\\"tagName\\":\\"main\\",\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"0\\",\\"margin\\":{\\"top\\":\\"0\\"}}},\\"layout\\":{\\"type\\":\\"default\\"}} -->\\n<main class=\\"wp-block-group\\" style=\\"margin-top:0\\"><\u0021-- wp:group {\\"align\\":\\"full\\",\\"style\\":{\\"spacing\\":{\\"padding\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"bottom\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|50\\",\\"right\\":\\"var:preset|spacing|50\\"}}},\\"layout\\":{\\"type\\":\\"constrained\\",\\"contentSize\\":\\"\\",\\"wideSize\\":\\"\\"}} -->\\n<div class=\\"wp-block-group alignfull\\" style=\\"padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\\"><\u0021-- wp:group {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"0px\\"}},\\"layout\\":{\\"type\\":\\"constrained\\",\\"contentSize\\":\\"565px\\"}} -->\\n<div class=\\"wp-block-group\\"><\u0021-- wp:heading {\\"textAlign\\":\\"center\\",\\"level\\":1,\\"fontSize\\":\\"x-large\\"} -->\\n<h1 class=\\"wp-block-heading has-text-align-center has-x-large-font-size\\">A commitment to innovation and sustainability Test</h1>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"1.25rem\\"} -->\\n<div style=\\"height:1.25rem\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"center\\"} -->\\n<p class=\\"has-text-align-center\\">Études is a pioneering firm that seamlessly merges creativity and functionality to redefine architectural excellence.</p>\\n<\u0021-- /wp:paragraph -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"1.25rem\\"} -->\\n<div style=\\"height:1.25rem\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:buttons {\\"layout\\":{\\"type\\":\\"flex\\",\\"justifyContent\\":\\"center\\"}} -->\\n<div class=\\"wp-block-buttons\\"><\u0021-- wp:button -->\\n<div class=\\"wp-block-button\\"><a class=\\"wp-block-button__link wp-element-button\\">About us</a></div>\\n<\u0021-- /wp:button --></div>\\n<\u0021-- /wp:buttons --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|30\\",\\"style\\":{\\"layout\\":[]}} -->\\n<div style=\\"height:var(--wp--preset--spacing--30)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:image {\\"sizeSlug\\":\\"full\\",\\"linkDestination\\":\\"none\\",\\"align\\":\\"wide\\",\\"className\\":\\"is-style-rounded\\"} -->\\n<figure class=\\"wp-block-image alignwide size-full is-style-rounded\\"><img src=\\"https://crs.example.com/wp-content/themes/twentytwentyfour/assets/images/building-exterior.webp\\" alt=\\"Building exterior in Toronto, Canada\\"/></figure>\\n<\u0021-- /wp:image --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:group {\\"align\\":\\"full\\",\\"style\\":{\\"spacing\\":{\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"0\\"},\\"padding\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"bottom\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|50\\",\\"right\\":\\"var:preset|spacing|50\\"}}},\\"backgroundColor\\":\\"base-2\\",\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignfull has-base-2-background-color has-background\\" style=\\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\\"><\u0021-- wp:group {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"0px\\"}},\\"layout\\":{\\"type\\":\\"flex\\",\\"orientation\\":\\"vertical\\",\\"justifyContent\\":\\"center\\"}} -->\\n<div class=\\"wp-block-group\\"><\u0021-- wp:heading {\\"textAlign\\":\\"center\\",\\"className\\":\\"is-style-asterisk\\"} -->\\n<h2 class=\\"wp-block-heading has-text-align-center is-style-asterisk\\">A passion for creating spaces</h2>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"0px\\",\\"style\\":{\\"layout\\":{\\"flexSize\\":\\"1.25rem\\",\\"selfStretch\\":\\"fixed\\"}}} -->\\n<div style=\\"height:0px\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"center\\"} -->\\n<p class=\\"has-text-align-center\\">Our comprehensive suite of professional services caters to a diverse clientele, ranging from homeowners to commercial developers.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|40\\",\\"style\\":{\\"spacing\\":{\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"0\\"}}}} -->\\n<div style=\\"margin-top:0;margin-bottom:0;height:var(--wp--preset--spacing--40)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:columns {\\"align\\":\\"wide\\",\\"style\\":{\\"spacing\\":{\\"blockGap\\":{\\"top\\":\\"var:preset|spacing|30\\",\\"left\\":\\"var:preset|spacing|40\\"}}}} -->\\n<div class=\\"wp-block-columns alignwide\\"><\u0021-- wp:column {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}}} -->\\n<div class=\\"wp-block-column\\"><\u0021-- wp:heading {\\"textAlign\\":\\"left\\",\\"level\\":3,\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"600\\"}},\\"className\\":\\"is-style-asterisk\\",\\"fontSize\\":\\"medium\\",\\"fontFamily\\":\\"body\\"} -->\\n<h3 class=\\"wp-block-heading has-text-align-left is-style-asterisk has-body-font-family has-medium-font-size\\" style=\\"font-style:normal;font-weight:600\\">Renovation and restoration</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"left\\"} -->\\n<p class=\\"has-text-align-left\\">Experience the fusion of imagination and expertise with Études Architectural Solutions.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}}} -->\\n<div class=\\"wp-block-column\\"><\u0021-- wp:heading {\\"textAlign\\":\\"left\\",\\"level\\":3,\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"600\\"}},\\"className\\":\\"is-style-asterisk\\",\\"fontSize\\":\\"medium\\",\\"fontFamily\\":\\"body\\"} -->\\n<h3 class=\\"wp-block-heading has-text-align-left is-style-asterisk has-body-font-family has-medium-font-size\\" style=\\"font-style:normal;font-weight:600\\">Continuous Support</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"left\\"} -->\\n<p class=\\"has-text-align-left\\">Experience the fusion of imagination and expertise with Études Architectural Solutions.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}}} -->\\n<div class=\\"wp-block-column\\"><\u0021-- wp:heading {\\"textAlign\\":\\"left\\",\\"level\\":3,\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"600\\"}},\\"className\\":\\"is-style-asterisk\\",\\"fontSize\\":\\"medium\\",\\"fontFamily\\":\\"body\\"} -->\\n<h3 class=\\"wp-block-heading has-text-align-left is-style-asterisk has-body-font-family has-medium-font-size\\" style=\\"font-style:normal;font-weight:600\\">App Access</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"left\\"} -->\\n<p class=\\"has-text-align-left\\">Experience the fusion of imagination and expertise with Études Architectural Solutions.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:column --></div>\\n<\u0021-- /wp:columns -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|20\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--20)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:columns {\\"align\\":\\"wide\\",\\"style\\":{\\"spacing\\":{\\"blockGap\\":{\\"top\\":\\"var:preset|spacing|30\\",\\"left\\":\\"var:preset|spacing|40\\"}}}} -->\\n<div class=\\"wp-block-columns alignwide\\"><\u0021-- wp:column {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}}} -->\\n<div class=\\"wp-block-column\\"><\u0021-- wp:heading {\\"textAlign\\":\\"left\\",\\"level\\":3,\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"600\\"}},\\"className\\":\\"is-style-asterisk\\",\\"fontSize\\":\\"medium\\",\\"fontFamily\\":\\"body\\"} -->\\n<h3 class=\\"wp-block-heading has-text-align-left is-style-asterisk has-body-font-family has-medium-font-size\\" style=\\"font-style:normal;font-weight:600\\">Consulting</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"left\\"} -->\\n<p class=\\"has-text-align-left\\">Experience the fusion of imagination and expertise with Études Architectural Solutions.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}}} -->\\n<div class=\\"wp-block-column\\"><\u0021-- wp:heading {\\"textAlign\\":\\"left\\",\\"level\\":3,\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"600\\"}},\\"className\\":\\"is-style-asterisk\\",\\"fontSize\\":\\"medium\\",\\"fontFamily\\":\\"body\\"} -->\\n<h3 class=\\"wp-block-heading has-text-align-left is-style-asterisk has-body-font-family has-medium-font-size\\" style=\\"font-style:normal;font-weight:600\\">Project Management</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"left\\"} -->\\n<p class=\\"has-text-align-left\\">Experience the fusion of imagination and expertise with Études Architectural Solutions.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}}} -->\\n<div class=\\"wp-block-column\\"><\u0021-- wp:heading {\\"textAlign\\":\\"left\\",\\"level\\":3,\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"600\\"}},\\"className\\":\\"is-style-asterisk\\",\\"fontSize\\":\\"medium\\",\\"fontFamily\\":\\"body\\"} -->\\n<h3 class=\\"wp-block-heading has-text-align-left is-style-asterisk has-body-font-family has-medium-font-size\\" style=\\"font-style:normal;font-weight:600\\">Architectural Solutions</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"left\\"} -->\\n<p class=\\"has-text-align-left\\">Experience the fusion of imagination and expertise with Études Architectural Solutions.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:column --></div>\\n<\u0021-- /wp:columns --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:group {\\"align\\":\\"full\\",\\"style\\":{\\"spacing\\":{\\"padding\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"bottom\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|50\\",\\"right\\":\\"var:preset|spacing|50\\"},\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"0\\"}}},\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignfull\\" style=\\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\\"><\u0021-- wp:group {\\"align\\":\\"wide\\",\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"0\\"}},\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignwide\\"><\u0021-- wp:group {\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"var:preset|spacing|10\\"}},\\"layout\\":{\\"type\\":\\"flex\\",\\"orientation\\":\\"vertical\\",\\"justifyContent\\":\\"center\\"}} -->\\n<div class=\\"wp-block-group\\"><\u0021-- wp:heading {\\"textAlign\\":\\"center\\",\\"className\\":\\"is-style-asterisk\\"} -->\\n<h2 class=\\"wp-block-heading has-text-align-center is-style-asterisk\\">An array of resources</h2>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"center\\",\\"style\\":{\\"layout\\":{\\"selfStretch\\":\\"fit\\",\\"flexSize\\":null}}} -->\\n<p class=\\"has-text-align-center\\">Our comprehensive suite of professional services caters to a diverse clientele, ranging from homeowners to commercial developers.</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|40\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--40)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:columns {\\"align\\":\\"wide\\",\\"style\\":{\\"spacing\\":{\\"blockGap\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|60\\"}}}} -->\\n<div class=\\"wp-block-columns alignwide\\"><\u0021-- wp:column {\\"verticalAlignment\\":\\"center\\",\\"width\\":\\"40%\\"} -->\\n<div class=\\"wp-block-column is-vertically-aligned-center\\" style=\\"flex-basis:40%\\"><\u0021-- wp:heading {\\"level\\":3,\\"className\\":\\"is-style-asterisk\\"} -->\\n<h3 class=\\"wp-block-heading is-style-asterisk\\">Études Architect App</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:list {\\"style\\":{\\"typography\\":{\\"lineHeight\\":\\"1.75\\"}},\\"className\\":\\"is-style-checkmark-list\\"} -->\\n<ul style=\\"line-height:1.75\\" class=\\"is-style-checkmark-list\\"><\u0021-- wp:list-item -->\\n<li>Collaborate with fellow architects.</li>\\n<\u0021-- /wp:list-item -->\\n\\n<\u0021-- wp:list-item -->\\n<li>Showcase your projects.</li>\\n<\u0021-- /wp:list-item -->\\n\\n<\u0021-- wp:list-item -->\\n<li>Experience the world of architecture.</li>\\n<\u0021-- /wp:list-item --></ul>\\n<\u0021-- /wp:list --></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"width\\":\\"50%\\"} -->\\n<div class=\\"wp-block-column\\" style=\\"flex-basis:50%\\"><\u0021-- wp:image {\\"sizeSlug\\":\\"large\\",\\"linkDestination\\":\\"none\\",\\"className\\":\\"is-style-rounded\\"} -->\\n<figure class=\\"wp-block-image size-large is-style-rounded\\"><img src=\\"https://crs.example.com/wp-content/themes/twentytwentyfour/assets/images/tourist-and-building.webp\\" alt=\\"Tourist taking photo of a building\\"/></figure>\\n<\u0021-- /wp:image --></div>\\n<\u0021-- /wp:column --></div>\\n<\u0021-- /wp:columns -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|40\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--40)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:columns {\\"align\\":\\"wide\\",\\"style\\":{\\"spacing\\":{\\"blockGap\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|60\\"}}}} -->\\n<div class=\\"wp-block-columns alignwide\\"><\u0021-- wp:column {\\"width\\":\\"50%\\"} -->\\n<div class=\\"wp-block-column\\" style=\\"flex-basis:50%\\"><\u0021-- wp:image {\\"sizeSlug\\":\\"large\\",\\"linkDestination\\":\\"none\\",\\"className\\":\\"is-style-rounded\\"} -->\\n<figure class=\\"wp-block-image size-large is-style-rounded\\"><img src=\\"https://crs.example.com/wp-content/themes/twentytwentyfour/assets/images/windows.webp\\" alt=\\"Windows of a building in Nuremberg, Germany\\"/></figure>\\n<\u0021-- /wp:image --></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"verticalAlignment\\":\\"center\\",\\"width\\":\\"40%\\"} -->\\n<div class=\\"wp-block-column is-vertically-aligned-center\\" style=\\"flex-basis:40%\\"><\u0021-- wp:heading {\\"level\\":3,\\"className\\":\\"is-style-asterisk\\"} -->\\n<h3 class=\\"wp-block-heading is-style-asterisk\\">Études Newsletter</h3>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:list {\\"style\\":{\\"typography\\":{\\"lineHeight\\":\\"1.75\\"}},\\"className\\":\\"is-style-checkmark-list\\"} -->\\n<ul style=\\"line-height:1.75\\" class=\\"is-style-checkmark-list\\"><\u0021-- wp:list-item -->\\n<li>A world of thought-provoking articles.</li>\\n<\u0021-- /wp:list-item -->\\n\\n<\u0021-- wp:list-item -->\\n<li>Case studies that celebrate architecture.</li>\\n<\u0021-- /wp:list-item -->\\n\\n<\u0021-- wp:list-item -->\\n<li>Exclusive access to design insights.</li>\\n<\u0021-- /wp:list-item --></ul>\\n<\u0021-- /wp:list --></div>\\n<\u0021-- /wp:column --></div>\\n<\u0021-- /wp:columns --></div>\\n<\u0021-- /wp:group --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:group {\\"metadata\\":{\\"name\\":\\"Testimonial\\"},\\"align\\":\\"full\\",\\"style\\":{\\"spacing\\":{\\"padding\\":{\\"top\\":\\"var:preset|spacing|60\\",\\"bottom\\":\\"var:preset|spacing|60\\",\\"left\\":\\"var:preset|spacing|60\\",\\"right\\":\\"var:preset|spacing|60\\"},\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"0\\"}}},\\"backgroundColor\\":\\"contrast\\",\\"textColor\\":\\"base\\",\\"layout\\":{\\"type\\":\\"constrained\\",\\"contentSize\\":\\"\\"}} -->\\n<div class=\\"wp-block-group alignfull has-base-color has-contrast-background-color has-text-color has-background\\" style=\\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--60);padding-right:var(--wp--preset--spacing--60);padding-bottom:var(--wp--preset--spacing--60);padding-left:var(--wp--preset--spacing--60)\\"><\u0021-- wp:group {\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group\\"><\u0021-- wp:paragraph {\\"align\\":\\"center\\",\\"style\\":{\\"typography\\":{\\"lineHeight\\":\\"1.2\\"}},\\"textColor\\":\\"base\\",\\"fontSize\\":\\"x-large\\",\\"fontFamily\\":\\"heading\\"} -->\\n<p class=\\"has-text-align-center has-base-color has-text-color has-heading-font-family has-x-large-font-size\\" style=\\"line-height:1.2\\">\\n\\t\\t\\t<em>“Études has saved us thousands of hours of work and has unlocked insights we never thought possible.”</em>\\n\\t\\t</p>\\n<\u0021-- /wp:paragraph -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|10\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--10)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:group {\\"metadata\\":{\\"name\\":\\"Testimonial source\\"},\\"style\\":{\\"spacing\\":{\\"blockGap\\":\\"0\\"}},\\"layout\\":{\\"type\\":\\"flex\\",\\"orientation\\":\\"vertical\\",\\"justifyContent\\":\\"center\\",\\"flexWrap\\":\\"nowrap\\"}} -->\\n<div class=\\"wp-block-group\\"><\u0021-- wp:image {\\"width\\":\\"60px\\",\\"aspectRatio\\":\\"1\\",\\"scale\\":\\"cover\\",\\"sizeSlug\\":\\"thumbnail\\",\\"linkDestination\\":\\"none\\",\\"align\\":\\"center\\",\\"style\\":{\\"border\\":{\\"radius\\":\\"100px\\"}}} -->\\n<figure class=\\"wp-block-image aligncenter size-thumbnail is-resized has-custom-border\\"><img alt=\\"\\" style=\\"border-radius:100px;aspect-ratio:1;object-fit:cover;width:60px\\"/></figure>\\n<\u0021-- /wp:image -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"center\\",\\"style\\":{\\"spacing\\":{\\"margin\\":{\\"top\\":\\"var:preset|spacing|10\\",\\"bottom\\":\\"0\\"}}}} -->\\n<p class=\\"has-text-align-center\\" style=\\"margin-top:var(--wp--preset--spacing--10);margin-bottom:0\\">Annie Steiner</p>\\n<\u0021-- /wp:paragraph -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"center\\",\\"style\\":{\\"typography\\":{\\"fontStyle\\":\\"normal\\",\\"fontWeight\\":\\"300\\"}},\\"textColor\\":\\"contrast-3\\",\\"fontSize\\":\\"small\\"} -->\\n<p class=\\"has-text-align-center has-contrast-3-color has-text-color has-small-font-size\\" style=\\"font-style:normal;font-weight:300\\">CEO, Greenprint</p>\\n<\u0021-- /wp:paragraph --></div>\\n<\u0021-- /wp:group --></div>\\n<\u0021-- /wp:group --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:group {\\"align\\":\\"full\\",\\"style\\":{\\"spacing\\":{\\"padding\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"bottom\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|50\\",\\"right\\":\\"var:preset|spacing|50\\"},\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"0\\"}}},\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignfull\\" style=\\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\\"><\u0021-- wp:heading {\\"align\\":\\"wide\\",\\"style\\":{\\"typography\\":{\\"lineHeight\\":\\"1\\"},\\"spacing\\":{\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"var:preset|spacing|40\\"}}},\\"fontSize\\":\\"x-large\\"} -->\\n<h2 class=\\"wp-block-heading alignwide has-x-large-font-size\\" style=\\"margin-top:0;margin-bottom:var(--wp--preset--spacing--40);line-height:1\\">Watch, Read, Listen</h2>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:group {\\"align\\":\\"wide\\",\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignwide\\"><\u0021-- wp:query {\\"queryId\\":0,\\"query\\":{\\"perPage\\":10,\\"pages\\":0,\\"offset\\":0,\\"postType\\":\\"post\\",\\"order\\":\\"desc\\",\\"orderBy\\":\\"date\\",\\"author\\":\\"\\",\\"search\\":\\"\\",\\"exclude\\":[],\\"sticky\\":\\"\\",\\"inherit\\":true},\\"align\\":\\"wide\\",\\"layout\\":{\\"type\\":\\"default\\"}} -->\\n<div class=\\"wp-block-query alignwide\\"><\u0021-- wp:post-template -->\\n<\u0021-- wp:separator {\\"backgroundColor\\":\\"contrast-3\\",\\"className\\":\\"alignwide is-style-wide\\"} -->\\n<hr class=\\"wp-block-separator has-text-color has-contrast-3-color has-alpha-channel-opacity has-contrast-3-background-color has-background alignwide is-style-wide\\"/>\\n<\u0021-- /wp:separator -->\\n\\n<\u0021-- wp:columns {\\"verticalAlignment\\":\\"center\\",\\"align\\":\\"wide\\",\\"style\\":{\\"spacing\\":{\\"margin\\":{\\"top\\":\\"var:preset|spacing|20\\",\\"bottom\\":\\"var:preset|spacing|20\\"}}}} -->\\n<div class=\\"wp-block-columns alignwide are-vertically-aligned-center\\" style=\\"margin-top:var(--wp--preset--spacing--20);margin-bottom:var(--wp--preset--spacing--20)\\"><\u0021-- wp:column {\\"verticalAlignment\\":\\"center\\",\\"width\\":\\"72%\\"} -->\\n<div class=\\"wp-block-column is-vertically-aligned-center\\" style=\\"flex-basis:72%\\"><\u0021-- wp:post-title {\\"isLink\\":true,\\"style\\":{\\"typography\\":{\\"lineHeight\\":\\"1.1\\",\\"fontSize\\":\\"1.5rem\\"}}} /--></div>\\n<\u0021-- /wp:column -->\\n\\n<\u0021-- wp:column {\\"verticalAlignment\\":\\"center\\",\\"width\\":\\"28%\\"} -->\\n<div class=\\"wp-block-column is-vertically-aligned-center\\" style=\\"flex-basis:28%\\"><\u0021-- wp:template-part {\\"slug\\":\\"post-meta\\",\\"theme\\":\\"twentytwentyfour\\"} /--></div>\\n<\u0021-- /wp:column --></div>\\n<\u0021-- /wp:columns -->\\n<\u0021-- /wp:post-template -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|30\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--30)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:query-pagination {\\"paginationArrow\\":\\"arrow\\",\\"layout\\":{\\"type\\":\\"flex\\",\\"justifyContent\\":\\"space-between\\"}} -->\\n<\u0021-- wp:query-pagination-previous /-->\\n\\n<\u0021-- wp:query-pagination-numbers /-->\\n\\n<\u0021-- wp:query-pagination-next /-->\\n<\u0021-- /wp:query-pagination -->\\n\\n<\u0021-- wp:query-no-results -->\\n<\u0021-- wp:paragraph -->\\n<p>No posts were found.</p>\\n<\u0021-- /wp:paragraph -->\\n<\u0021-- /wp:query-no-results --></div>\\n<\u0021-- /wp:query --></div>\\n<\u0021-- /wp:group --></div>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:group {\\"align\\":\\"full\\",\\"style\\":{\\"spacing\\":{\\"padding\\":{\\"top\\":\\"var:preset|spacing|50\\",\\"bottom\\":\\"var:preset|spacing|50\\",\\"left\\":\\"var:preset|spacing|50\\",\\"right\\":\\"var:preset|spacing|50\\"},\\"margin\\":{\\"top\\":\\"0\\",\\"bottom\\":\\"0\\"}}},\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignfull\\" style=\\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--50);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--50);padding-left:var(--wp--preset--spacing--50)\\"><\u0021-- wp:group {\\"align\\":\\"wide\\",\\"style\\":{\\"border\\":{\\"radius\\":\\"16px\\"},\\"spacing\\":{\\"padding\\":{\\"top\\":\\"var:preset|spacing|40\\",\\"bottom\\":\\"var:preset|spacing|40\\",\\"left\\":\\"var:preset|spacing|50\\",\\"right\\":\\"var:preset|spacing|50\\"}}},\\"backgroundColor\\":\\"base-2\\",\\"layout\\":{\\"type\\":\\"constrained\\"}} -->\\n<div class=\\"wp-block-group alignwide has-base-2-background-color has-background\\" style=\\"border-radius:16px;padding-top:var(--wp--preset--spacing--40);padding-right:var(--wp--preset--spacing--50);padding-bottom:var(--wp--preset--spacing--40);padding-left:var(--wp--preset--spacing--50)\\"><\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|10\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--10)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer -->\\n\\n<\u0021-- wp:heading {\\"textAlign\\":\\"center\\",\\"fontSize\\":\\"x-large\\"} -->\\n<h2 class=\\"wp-block-heading has-text-align-center has-x-large-font-size\\">Join 900+ subscribers</h2>\\n<\u0021-- /wp:heading -->\\n\\n<\u0021-- wp:paragraph {\\"align\\":\\"center\\"} -->\\n<p class=\\"has-text-align-center\\">Stay in the loop with everything you need to know.</p>\\n<\u0021-- /wp:paragraph -->\\n\\n<\u0021-- wp:buttons {\\"layout\\":{\\"type\\":\\"flex\\",\\"justifyContent\\":\\"center\\"}} -->\\n<div class=\\"wp-block-buttons\\"><\u0021-- wp:button -->\\n<div class=\\"wp-block-button\\"><a class=\\"wp-block-button__link wp-element-button\\">Sign up</a></div>\\n<\u0021-- /wp:button --></div>\\n<\u0021-- /wp:buttons -->\\n\\n<\u0021-- wp:spacer {\\"height\\":\\"var:preset|spacing|10\\"} -->\\n<div style=\\"height:var(--wp--preset--spacing--10)\\" aria-hidden=\\"true\\" class=\\"wp-block-spacer\\"></div>\\n<\u0021-- /wp:spacer --></div>\\n<\u0021-- /wp:group --></div>\\n<\u0021-- /wp:group --></main>\\n<\u0021-- /wp:group -->\\n\\n<\u0021-- wp:template-part {\\"slug\\":\\"footer\\",\\"theme\\":\\"twentytwentyfour\\",\\"tagName\\":\\"footer\\",\\"area\\":\\"footer\\"} /-->"}'

Sandbox

This payload has been tested against the OWASP ModSecurity Core Rule Set 
web application firewall. The test was executed using the apache engine and CRS version nightly.

The payload is being detected by triggering the following rules:

920450 PL1 HTTP header is restricted by policy (/x-http-method-override/)
941100 PL1 XSS Attack Detected via libinjection
941160 PL1 NoScript XSS InjectionChecker: HTML Injection
941180 PL1 Node-Validator Deny List Keywords
949110 PL1 Inbound Anomaly Score Exceeded (Total Score: 20)
980170 PL1 Anomaly Scores: (Inbound Scores: blocking=20, detection=20, per_pl=20-0-0-0, threshold=5) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=4) - (SQLI=0, XSS=15, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=20)


CRS therefore detects this payload starting with paranoia level 1.

Error Logs

user crs.example.com [Thu Apr 04 09:28:53.202849 2024] [-:error] [pid 48740:tid 36095432704] [client IP:53984] [client IP] ModSecurity: Warning. String match within "/content-encoding/ /proxy/ /lock-token/ /content-range/ /if/ /x-http-method-override/ /x-http-method/ /x-method-override/" at TX:header_name_920450_x-http-method-override. [file "/etc/mod_security/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1193"] [id "920450"] [msg "HTTP header is restricted by policy (/x-http-method-override/)"] [data "Restricted header detected: /x-http-method-override/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/12.1"] [hostname "crs.example.com"] [uri "/wp-json/wp/v2/templates/twentytwentyfour//home"] [unique_id "Zg5WtX4evJSgF5JfG9U9YwAAAy4"], referer https://crs.example.com/wp-admin/site-editor.php?return=https%3A%2F%2Fcrs.example.com%2Fwp-admin%2Fthemes.php&canvas=edit
user crs.example.com [Thu Apr 04 09:28:53.418560 2024] [-:error] [pid 48740:tid 36095432704] [client IP:53984] [client IP] ModSecurity: Rule 860ee4cb8 [id "941140"][file "/etc/mod_security/crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"][line "186"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "crs.example.com"] [uri "/wp-json/wp/v2/templates/twentytwentyfour/home"] [unique_id "Zg5WtX4evJSgF5JfG9U9YwAAAy4"], referer https://crs.example.com/wp-admin/site-editor.php?return=https%3A%2F%2Fcrs.example.com%2Fwp-admin%2Fthemes.php&canvas=edit
user crs.example.com [Thu Apr 04 09:28:53.446832 2024] [-:error] [pid 48740:tid 36095432704] [client IP:53984] [client IP] ModSecurity: Warning. Matched phrase "<!--" at ARGS:content. [file "/etc/mod_security/crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "271"] [id "941180"] [msg "Node-Validator Deny List Keywords"] [data "Matched Data: <!-- found within ARGS:content: <!-- wp:template-part {\\x22slug\\x22:\\x22header\\x22,\\x22theme\\x22:\\x22twentytwentyfour\\x22,\\x22tagName\\x22:\\x22header\\x22,\\x22area\\x22:\\x22header\\x22} /-->\\x0a\\x0a<!-- wp:group {\\x22tagName\\x22:\\x22main\\x22,\\x22style\\x22:{\\x22spacing\\x22:{\\x22blockGap\\x22:\\x220\\x22,\\x22margin\\x22:{\\x22top\\x22:\\x220\\x22}}},\\x22layout\\x22:{\\x22type\\x22:\\x22default\\x22}} -->\\x0a<main class=\\x22wp-block-group\\x22 style=\\x22margin-top:0\\x22><!-- wp:group {\\x22align\\x22:\\x22full\\x22..."] [severity "CRITICAL"] [ver "OWASP_CRS/4.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "xss-perf-disable"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "crs.example.com"] [uri "/wp-json/wp/v2/templates/twentytwentyfour/home"] [unique_id "Zg5WtX4evJSgF5JfG9U9YwAAAy4"], referer https://crs.example.com/wp-admin/site-editor.php?return=https%3A%2F%2Fcrs.example.com%2Fwp-admin%2Fthemes.php&canvas=edit
user crs.example.com [Thu Apr 04 09:28:53.843670 2024] [-:error] [pid 48740:tid 36095432704] [client IP:53984] [client IP] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 7 at TX:blocking_inbound_anomaly_score. [file "/etc/mod_security/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [ver "OWASP_CRS/4.1.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "crs.example.com"] [uri "/wp-json/wp/v2/templates/twentytwentyfour/home"] [unique_id "Zg5WtX4evJSgF5JfG9U9YwAAAy4"], referer https://crs.example.com/wp-admin/site-editor.php?return=https%3A%2F%2Fcrs.example.com%2Fwp-admin%2Fthemes.php&canvas=edit
user crs.example.com [Thu Apr 04 09:28:53.844526 2024] [-:error] [pid 48740:tid 36909733120] [client IP:53984] [client IP] ModSecurity: Warning. Unconditional match in SecAction. [file "/etc/mod_security/crs/rules/RESPONSE-980-CORRELATION.conf"] [line "98"] [id "980170"] [msg "Anomaly Scores: (Inbound Scores: blocking=10, detection=10, per_pl=10-0-0-0, threshold=7) - (Outbound Scores: blocking=0, detection=0, per_pl=0-0-0-0, threshold=7) - (SQLI=0, XSS=5, RFI=0, LFI=0, RCE=0, PHPI=0, HTTP=0, SESS=0, COMBINED_SCORE=10)"] [ver "OWASP_CRS/4.1.0"] [tag "reporting"] [tag "OWASP_CRS"] [hostname "crs.example.com"] [uri "/wp-json/wp/v2/templates/twentytwentyfour/home"] [unique_id "Zg5WtX4evJSgF5JfG9U9YwAAAy4"], referer https://crs.example.com/wp-admin/site-editor.php?return=https%3A%2F%2Fcrs.example.com%2Fwp-admin%2Fthemes.php&canvas=edit

Triggered Rules:

920450: Restricted header detected
941140: XSS Filter - Category 4: Javascript URI Vector (PCRE limits exceeded (-8)) - Even if high Limit is set. Maybe my fault?
941180: Node-Validator Deny List Keywords

Expected Result

Using the Site Editor in a default environment should not be blocked

False positive on WordPress Plugin WP Mail SMTP

Description

I have installed a Nginx WAF with Modsecurity CRS. This WAF protects a backend WordPress.

One request from one of the plugins (wp-mail-smtp) stimulated a false positive on the Modsecurity with the rule id 933120.

How to reproduce the misbehavior

1 - login on the WordPress Admin console, install and configure WP Mail SMTP. (I configured it with a Personal Gmail account)
2 - Access the WP Mail SMTP configuration page > tools > Send test email
3 - See the 403 message on the browser and find it on the logs

The same error can also be obtained on the page WP Mail SMTP configuration page > Settings > Miscellaneous
Just change anything and try to save it.

Logs

This is the meaningful part of the audit log:

{"message":"PHP Injection Attack: Configuration Directive Found","details":{"match":"Matched \"Operator `Pm' with parameter `=' against variable `MATCHED_VARS:ARGS:_wp_http_referer' (Value: `/wp-admin/admin.php?page=wp-mail-smtp' )","reference":"---stripped here---","ruleId":"933120","file":"/etc/modsecurity.d/owasp-crs-wordpress/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf","lineNumber":"112","data":"Matched Data: smtp found within MATCHED_VARS:ARGS:_wp_http_referer: /wp-admin/admin.php?page=wp-mail-smtp","severity":"2","ver":"OWASP_CRS/4.2.0","rev":"","tags":["application-multi","language-php","platform-multi","attack-injection-php","paranoia-level/1","OWASP_CRS","capec/1000/152/242"],"maturity":"0","accuracy":"0"}},{"message":"Inbound Anomaly Score Exceeded (Total Score: 5)","details":{"match":"Matched \"Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' )","reference":"","ruleId":"949110","file":"/etc/modsecurity.d/owasp-crs-wordpress/rules/REQUEST-949-BLOCKING-EVALUATION.conf","lineNumber":"222","data":"","severity":"0","ver":"OWASP_CRS/4.2.0","rev":"","tags":["anomaly-evaluation","OWASP_CRS"],"maturity":"0","accuracy":"0"}}

And here from Nginx error log

2024/06/19 04:36:06 [error] 1071#1071: *553 [client x.x.x.x] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:BLOCKING_INBOUND_ANOMALY_SCORE' (Value: `5' ) [file "/etc/modsecurity.d/owasp-crs-wordpress/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "222"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "0"] [ver "OWASP_CRS/4.2.0"] [maturity "0"] [accuracy "0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "x.x.x.x"] [uri "/wp-admin/admin.php"] [unique_id "171878256689.980974"] [ref ""], client: x.x.x.x, server: mydomain.com, request: "POST /wp-admin/admin.php?page=wp-mail-smtp-tools&tab=test HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/wp-admin/admin.php?page=wp-mail-smtp-tools"

Your Environment

CRS version (e.g., v3.3.4): 4.2.0
Paranoia level setting (e.g. PL1) : PL1
ModSecurity version (e.g., 2.9.6): v3.0.12
Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): Nginx 1.26
Operating System and version: Docker image owasp/modsecurity-crs:4.2.0-nginx-202405220605 running on a Ubuntu 22.04

Confirmation

[x ] I have removed any personal data (email addresses, IP addresses,
passwords, domain names) from any logs posted.

Possible solution

I fixed the problem with the following exclusion:

SecRule REQUEST_URI "@beginsWith /wp-admin/admin.php?page=wp-mail-smtp" \
    "id:1001,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveTargetById=933120;ARGS:_wp_http_referer"

coreruleset / wordpress-rule-exclusions-plugin Goto Github PK

wordpress-rule-exclusions-plugin's Introduction

OWASP CRS - WordPress Rule Exclusions Plugin

Description

Installation

Testing

License

wordpress-rule-exclusions-plugin's People

Contributors

Stargazers

Watchers

Forkers

wordpress-rule-exclusions-plugin's Issues

Description

How to reproduce the misbehavior

Logs

Your Environment

Confirmation

Possible solution

Summary

Description

Audit Logs / Triggered Rule Numbers

Confirmation

Summary

Full log

HTTP Payload

Copy as cURL

Config

Context

Error

System

Trigger

Screenshot

Logs

Request

Sandbox

Error Logs

Triggered Rules:

Expected Result

Description

How to reproduce the misbehavior

Logs

Your Environment

Confirmation

Possible solution

Recommend Projects

Recommend Topics

Recommend Org