Security is security, but too much security makes life very hard. Some users of Newsletter plugin reported that, after some work on the administration side, they were locked out of the blog. With the collaboration of one of them, I discovered that his installation (or better his server) returned back an error as soon as the cookie ui-tabs-1=1 was set.
That cookie is set by jQuery UI Tabs used inside Newsletter administration panel.
The problem is the 1=1 recognized by mod_security as a SQL injection. Oh my God! This is where I found the description of this problem: http://bugs.jqueryui.com/ticket/8027.
Now, how to proceed?
For those who are affected by this problem, they can ask the provider to relax the rules of mod_security in the meanwhile I’ll check if renaming all the Newsletter tabs can be a solution.
May be adding that few lines on your .htaccess file (at the beginning) can be of help (they disable the mod_security):
<IfModule mod_security.c> SecFilterEngine Off SecFilterScanPOST Off </IfModule>