If you are a server manager, you can knock this out for everyone with an exclusion in your mod_security config.
Make an exception for only the offending script(s) in the /usr/local/apache/conf/modsec.user.conf (cPanel server) mod_security config file before any of the rules include files as such:
These two files are the default locations of the WordPress flash upload and the NextGEN gallery plugin flash upload scripts. For any other scripts, change the LocationMatch to suit. Hope this help someone.