I’m not able to add a dropdown anywhere in my form.
Once I drag the field to my form, it freezes all other actions. To solve this I need to save the form and then it resets itself so I can continue (without any dropdowns that I need)
Ask your web host to check the site logs. A security rule on the server hosting the site will be configured incorrectly, resulting in the field contents triggering a forbidden error, which will be preventing the ajax request that handles adding the field from completing.
Our webhost provider has indeed found some errors – see bellow – what would be the next step?
[Tue Oct 12 11:00:03.682294 2021] [error] [pid 38205] apache2_util.c(273): [client 82.143.88.34:0] [client 82.143.88.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:(?:\\sexec\\s+xp_cmdshell)|(?:[\”’\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?!\\\\s*?[\\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*?\\([^\\)]*?)|(?:[\"’`\xc2\xb4\xe2 …" at ARGS:field. [file “/usr/local/httpd/conf/modsecurity-crs/activated-rules/modsecurity_crs_41_sql_injection_attacks.conf”] [line “227”] [id “981255”] [msg “Detects MSSQL code execution and information gathering attempts”] [data "Matched Data: \x22select\x22 found within ARGS:field: {\x22id\x22:44,\x22formId\x22:2,\x22label\x22:\x22Untitled\x22,\x22adminLabel\x22:\x22\x22,\x22type\x22:\x22select\x22,\x22isRequired\x22:false,\x22size\x22:\x22large\x22,\x22errorMessage\x22:\x22\x22,\x22visibility\x22:\x22visible\x22,\x22inputs\x22:null,\x22choices\x22:[{\x22text\x22:\x22First Choice\x22,\x22value\x22:\x22First Choice\x22,\x22isSelected\x22:false,\x22price\x22:\x22\x22},{\x22text\x22:\x22Second Choice\x22 [hostname “ardena.com”] [uri “/wp-admin/admin-ajax.php”] [unique_id “YWVOk3naW5yQ@rGvhyVBQQAAAAo”]
[Tue Oct 12 11:01:55.660616 2021] [error] [pid 41203] apache2_util.c(273): [client 82.143.88.34:0] [client 82.143.88.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match “(?i:(?:\\sexec\\s+xp_cmdshell)|(?:[\”’\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?!\\\\s*?[\\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*?\\([^\\)]*?)|(?:[\"’`\xc2\xb4\xe2 …" at ARGS:field. [file “/usr/local/httpd/conf/modsecurity-crs/activated-rules/modsecurity_crs_41_sql_injection_attacks.conf”] [line “227”] [id “981255”] [msg “Detects MSSQL code execution and information gathering attempts”] [data "Matched Data: \x22select\x22 found within ARGS:field: {\x22id\x22:45,\x22formId\x22:2,\x22label\x22:\x22Untitled\x22,\x22adminLabel\x22:\x22\x22,\x22type\x22:\x22select\x22,\x22isRequired\x22:false,\x22size\x22:\x22large\x22,\x22errorMessage\x22:\x22\x22,\x22visibility\x22:\x22visible\x22,\x22inputs\x22:null,\x22choices\x22:[{\x22text\x22:\x22First Choice\x22,\x22value\x22:\x22First Choice\x22,\x22isSelected\x22:false,\x22price\x22:\x22\x22},{\x22text\x22:\x22Second Choice\x22 [hostname “ardena.com”] [uri “/wp-admin/admin-ajax.php”] [unique_id “YWVPA2c@xLWNniHBCpNeGwAAAFg”]
“select” is expected there, it’s the value of the field “type” property. They’ll need to adjust their regex.