diff -Nru modsecurity-crs-4.1.0.240423/crs/plugins-available/wordpress-rule-exclusions-plugin/plugins/wordpress-rule-exclusions-before.conf modsecurity-crs-4.2.0.240430/crs/plugins-available/wordpress-rule-exclusions-plugin/plugins/wordpress-rule-exclusions-before.conf
--- modsecurity-crs-4.1.0.240423/crs/plugins-available/wordpress-rule-exclusions-plugin/plugins/wordpress-rule-exclusions-before.conf	2024-04-08 22:16:37.000000000 +0000
+++ modsecurity-crs-4.2.0.240430/crs/plugins-available/wordpress-rule-exclusions-plugin/plugins/wordpress-rule-exclusions-before.conf	2024-04-29 22:15:33.000000000 +0000
@@ -70,7 +70,7 @@
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2"
 
 # User Login
-SecRule REQUEST_FILENAME "@streq /wp-admin/admin-ajax.php" \
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
     "id:9507121,\
     phase:1,\
     pass,\
@@ -97,8 +97,8 @@
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/comment.php" \
-    "id:9507170,\
-    phase:2,\
+    "id:9507131,\
+    phase:1,\
     pass,\
     t:none,\
     nolog,\
@@ -108,6 +108,22 @@
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:newcomment_author,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
+# Replying to a comment
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
+    "id:9507132,\
+    phase:2,\
+    pass,\
+    t:none,\
+    nolog,\
+    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
+    chain"
+    SecRule ARGS:action "@streq replyto-comment" \
+        "t:none,\
+        chain"
+        SecRule &ARGS:action "@eq 1" \
+            "t:none,\
+            ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content"
+
 
 #
 # [ Gutenberg Editor ]
@@ -128,17 +144,17 @@
 # Gutenberg via rest_route for sites without pretty permalinks
 SecRule REQUEST_FILENAME "@endsWith /index.php" \
     "id:9507141,\
-    phase:1,\
+    phase:2,\
     pass,\
     t:none,\
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule &ARGS_GET:rest_route "@eq 1" \
+    SecRule &ARGS:rest_route "@eq 1" \
         "t:none,\
         nolog,\
         chain"
-        SecRule ARGS_GET:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages|widget-types|tags|templates|users)" \
+        SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages|widget-types|tags|templates|users)" \
             "t:none,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.content,\
@@ -165,17 +181,17 @@
 # Gutenberg upload image/media via rest_route for sites without pretty permalinks
 SecRule REQUEST_FILENAME "@endsWith /index.php" \
     "id:9507143,\
-    phase:1,\
+    phase:2,\
     pass,\
     t:none,\
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule &ARGS_GET:rest_route "@eq 1" \
+    SecRule &ARGS:rest_route "@eq 1" \
         "t:none,\
         nolog,\
         chain"
-        SecRule ARGS_GET:rest_route "@rx ^/wp/v[0-9]+/media" \
+        SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/media" \
             "t:none,\
             ctl:ruleRemoveById=200002,\
             ctl:ruleRemoveById=200004"
@@ -307,7 +323,7 @@
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule ARGS:action "@rx ^(?:|customize_save|update-widget)$" \
+    SecRule ARGS:action "@rx ^(?:customize_save|update-widget)$" \
         "t:none,\
         chain"
         SecRule &ARGS:action "@eq 1" \
@@ -900,21 +916,6 @@
     ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:s,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
-# Wordpress Site Health
-# The wordpress site health page makes use of embedded SQL/PHP
-# which triggers PHP/SQL leak rules.
-SecRule REQUEST_FILENAME "@rx /wp-admin/site-health\.php$" \
-    "id:9507840,\
-    phase:2,\
-    pass,\
-    t:none,\
-    nolog,\
-    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
-    chain"
-    SecRule REQUEST_METHOD "@streq GET" \
-        "t:none,\
-        ctl:ruleRemoveById=951220,\
-        ctl:ruleRemoveById=953110"
 
 #
 # [ Helpers ]
@@ -967,15 +968,21 @@
     ctl:ruleRemoveTargetById=920100;REQUEST_LINE,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1'"
 
-# Site health output can trigger database error rule.
+# Wordpress Site Health
+# The wordpress site health page makes use of embedded SQL/PHP
+# which triggers PHP/SQL leak rules.
 SecRule REQUEST_FILENAME "@endsWith /wp-admin/site-health.php" \
     "id:9507910,\
     phase:1,\
     pass,\
     t:none,\
     nolog,\
-    ctl:ruleRemoveById=951220,\
-    ver:'wordpress-rule-exclusions-plugin/1.0.1'"
+    ver:'wordpress-rule-exclusions-plugin/1.0.1',\
+    chain"
+    SecRule REQUEST_METHOD "@streq GET" \
+        "t:none,\
+        ctl:ruleRemoveById=951220,\
+        ctl:ruleRemoveById=953110"
 
 
 #
diff -Nru modsecurity-crs-4.1.0.240423/debian/changelog modsecurity-crs-4.2.0.240430/debian/changelog
--- modsecurity-crs-4.1.0.240423/debian/changelog	2024-04-22 22:16:01.000000000 +0000
+++ modsecurity-crs-4.2.0.240430/debian/changelog	2024-04-29 22:15:27.000000000 +0000
@@ -1,6 +1,6 @@
-modsecurity-crs (4.1.0.240423-3myguard1~jammy) jammy; urgency=medium
+modsecurity-crs (4.2.0.240430-3myguard1~jammy) jammy; urgency=medium
 
   * Automatically rebuild with latest changes from git
 
- -- Thijs Eilander <eilander@myguard.nl>  Tue, 23 Apr 2024 00:16:01 +0200
+ -- Thijs Eilander <eilander@myguard.nl>  Tue, 30 Apr 2024 00:15:27 +0200