I’ve defined a custom form which I’m using on the backend of my wordpress site in a plugin options page via acf_form()
The form has a couple of relationship fields filtered to show products with 2 different category taxonomies, these relationship fields have search fields for users to quickly filter the products to find what they are looking for.
All works fine, except that when type a double quote mark into the search field, the response is a 403 error. Every other character seems fine. The weird thing is that this only occurs on my webserver, not on my local development site.
So my initial thought is that this is some kind of security thing on the server, maybe SQL injection protection going on?
Here’s a screenshot of the request from Firefox dev console:
Just answering my own question here… it was hitting a ModSec rule on the server that is in place to protect from a XSS vulnerability in a plugin called Modern Events Calendar Lite plugin 4.2.1 for WordPress – which I don’t use so server guys have disabled rule and it works now!