{"id":110,"date":"2026-01-19T00:00:00","date_gmt":"2026-01-18T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/cs\/kriticka-eskalace-opravneni-acf-extended-wordpress\/"},"modified":"2026-01-19T00:00:00","modified_gmt":"2026-01-18T23:00:00","slug":"kriticka-eskalace-opravneni-acf-extended-wordpress","status":"publish","type":"post","link":"https:\/\/helloblog.io\/cs\/kriticka-eskalace-opravneni-acf-extended-wordpress\/","title":{"rendered":"Kritick\u00e1 eskalace opr\u00e1vn\u011bn\u00ed v ACF Extended: kdy hroz\u00ed p\u0159evzet\u00ed WordPressu bez p\u0159ihl\u00e1\u0161en\u00ed a co s t\u00edm"},"content":{"rendered":"\n<p>WordPress ekosyst\u00e9m znovu uk\u00e1zal klasick\u00fd bezpe\u010dnostn\u00ed pattern: <em>privilege escalation<\/em> (eskalace opr\u00e1vn\u011bn\u00ed), tedy situace, kdy se n\u011bkdo dostane k vy\u0161\u0161\u00edm pr\u00e1v\u016fm, ne\u017e by m\u011bl. Tentokr\u00e1t se to t\u00fdk\u00e1 pluginu <strong>Advanced Custom Fields: Extended<\/strong> (ACF Extended), kter\u00fd roz\u0161i\u0159uje popul\u00e1rn\u00ed Advanced Custom Fields o dal\u0161\u00ed pole, spr\u00e1vu formul\u00e1\u0159\u016f a dal\u0161\u00ed funkce.<\/p>\n\n\n\n<p>Podle zve\u0159ejn\u011bn\u00fdch informac\u00ed od Wordfence se zranitelnost dot\u00fdkala verz\u00ed <strong>do 0.9.2.1 v\u010detn\u011b<\/strong>, oprava je ve verzi <strong>0.9.2.2<\/strong>. Probl\u00e9m m\u00e1 p\u0159id\u011blen\u00e9 <strong>CVE-2025-14533<\/strong> a hodnocen\u00ed <strong>CVSS 9.8 (Critical)<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Koho se to re\u00e1ln\u011b t\u00fdk\u00e1 (a pro\u010d to nen\u00ed \u201eplo\u0161n\u00fd\u201c bug ka\u017ed\u00e9 instalace)<\/h2>\n\n\n\n<p>D\u016fle\u017eit\u00fd detail: zranitelnost je kritick\u00e1 hlavn\u011b pro weby, kter\u00e9 maj\u00ed v ACF Extended nakonfigurovanou akci formul\u00e1\u0159e typu <strong>Create user<\/strong> nebo <strong>Update user<\/strong> a z\u00e1rove\u0148 do mapov\u00e1n\u00ed pol\u00ed zahrnou i pole pro roli u\u017eivatele (typicky <code>role<\/code>). Wordfence p\u0159\u00edmo zmi\u0148uje, \u017ee exploit je mo\u017en\u00fd jen tehdy, kdy\u017e je <strong><code>role<\/code> namapovan\u00e9 na vlastn\u00ed (custom) pole<\/strong>.<\/p>\n\n\n\n<p>To znamen\u00e1, \u017ee samotn\u00e1 p\u0159\u00edtomnost pluginu na webu je\u0161t\u011b automaticky neznamen\u00e1, \u017ee jde okam\u017eit\u011b zneu\u017e\u00edt. Pokud ale pou\u017e\u00edv\u00e1\u0161 ACF Extended jako \u201eform builder\u201c pro registrace, onboarding nebo spr\u00e1vu u\u017eivatel\u016f p\u0159es frontend, je pot\u0159eba to br\u00e1t v\u00e1\u017en\u011b.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Co p\u0159esn\u011b bylo \u0161patn\u011b: role \u0161la podstr\u010dit i p\u0159es omezen\u00ed ve field group<\/h2>\n\n\n\n<p>ACF Extended umo\u017e\u0148uje ve <strong>field group<\/strong> (skupin\u011b pol\u00ed) definovat u\u017eivatelsk\u00e1 pole, nap\u0159\u00edklad e-mail, login, heslo a tak\u00e9 roli. U role existuje nastaven\u00ed typu \u201eAllow User Role\u201c, kter\u00e9 m\u00e1 ur\u010dovat, jak\u00e9 role sm\u00ed b\u00fdt pou\u017eit\u00e9.<\/p>\n\n\n\n<p>O\u010dek\u00e1v\u00e1n\u00ed je jasn\u00e9: kdy\u017e omez\u00ed\u0161 roli ve field group, stejn\u00e9 omezen\u00ed se bude respektovat i p\u0159i odesl\u00e1n\u00ed formul\u00e1\u0159e. V posti\u017een\u00fdch verz\u00edch se ale p\u0159i zpracov\u00e1n\u00ed akce formul\u00e1\u0159e role <strong>nevalidovala\/neo\u0159ez\u00e1vala<\/strong> podle t\u011bchto omezen\u00ed. \u00dato\u010dn\u00edk pak mohl p\u0159i registraci poslat roli <code>administrator<\/code> a z\u00edskat administr\u00e1torsk\u00fd \u00fa\u010det \u2013 bez autentizace.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Kde to v k\u00f3du vznikalo<\/h3>\n\n\n\n<p>Wordfence popisuje, \u017ee zpracov\u00e1n\u00ed prob\u00edhalo p\u0159es metodu <code>insert_user()<\/code> v t\u0159\u00edd\u011b <code>acfe_module_form_action_user<\/code>, kde se sestav\u00ed <code>$args<\/code> a n\u00e1sledn\u011b se vol\u00e1 <code>wp_insert_user($args)<\/code>. Kl\u00ed\u010dov\u00e9 je, \u017ee se do <code>$args<\/code> propisovala i role, pokud p\u0159i\u0161la z formul\u00e1\u0159e, ani\u017e by se vynutilo whitelistov\u00e1n\u00ed rol\u00ed pro registraci.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>\/\/ Sestaven\u00ed argument\u016f pro u\u017eivatele a n\u00e1sledn\u00e9 vytvo\u0159en\u00ed\n\/\/ Probl\u00e9m v posti\u017een\u00fdch verz\u00edch: role z formul\u00e1\u0159e se mohla propsat bez dostate\u010dn\u00e9ho omezen\u00ed.\n$args = [];\n...\n$user_id = wp_insert_user($args);\n\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\">\/\/ Sestaven\u00ed argument\u016f pro u\u017eivatele a n\u00e1sledn\u00e9 vytvo\u0159en\u00ed<\/span><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\">\/\/ Probl\u00e9m v posti\u017een\u00fdch verz\u00edch: role z formul\u00e1\u0159e se mohla propsat bez dostate\u010dn\u00e9ho omezen\u00ed.<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$args <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#E1E4E8\"> [];<\/span><\/span>\n<span class=\"line\"><span style=\"color:#F97583\">...<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$user_id <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#B392F0\"> wp_insert_user<\/span><span style=\"color:#E1E4E8\">($args);<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Pro\u010d je to tak nebezpe\u010dn\u00e9<\/h4>\n\n\n<p>Jakmile m\u00e1 \u00fato\u010dn\u00edk administr\u00e1tora, m\u016f\u017ee v praxi p\u0159evz\u00edt cel\u00fd web: instalovat pluginy\/t\u00e9mata (t\u0159eba se zadn\u00edmi vr\u00e1tky), upravovat obsah, p\u0159id\u00e1vat p\u0159esm\u011brov\u00e1n\u00ed, vkl\u00e1dat spam nebo m\u011bnit nastaven\u00ed.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Obr\u00e1zky z anal\u00fdzy: konfigurace, kter\u00e1 k probl\u00e9mu vede<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"2560\" height=\"1600\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1.png\" alt=\"Nastaven\u00ed pole role ve field group v ACF Extended (Allow User Role)\" class=\"wp-image-108\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1.png 2560w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1-300x188.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1-1024x640.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1-768x480.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1-1536x960.png 1536w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1-2048x1280.png 2048w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-1-scaled-1-400x250.png 400w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><figcaption class=\"wp-element-caption\">Role ve field group lze omezit, ale v posti\u017een\u00fdch verz\u00edch se omezen\u00ed nep\u0159en\u00e1\u0161elo na zpracov\u00e1n\u00ed formul\u00e1\u0159e. \u2014 <em>Forr\u00e1s: Wordfence.com<\/em><\/figcaption><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"2560\" height=\"1599\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1.png\" alt=\"Nastaven\u00ed formul\u00e1\u0159e v ACF Extended s akc\u00ed Create user a mapov\u00e1n\u00edm pol\u00ed\" class=\"wp-image-109\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1.png 2560w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1-300x187.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1-1024x640.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1-768x480.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1-1536x959.png 1536w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1-2048x1279.png 2048w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/01\/acfe-2-scaled-1-400x250.png 400w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><figcaption class=\"wp-element-caption\">Probl\u00e9m nast\u00e1val typicky u akc\u00ed Create user \/ Update user, pokud bylo do mapov\u00e1n\u00ed zahrnuto i pole role. \u2014 <em>Forr\u00e1s: Wordfence.com<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Kter\u00e9 verze jsou zasa\u017een\u00e9 a jak\u00e1 je oprava<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>CVE: <strong>CVE-2025-14533<\/strong><\/li>\n\n\n<li>Zasa\u017een\u00e9 verze: <strong>Advanced Custom Fields: Extended <= 0.9.2.1<\/strong><\/li>\n\n\n<li>Opraven\u00e1 verze: <strong>0.9.2.2<\/strong><\/li>\n\n\n<li>Z\u00e1va\u017enost: <strong>CVSS 9.8 (Critical)<\/strong><\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Wordfence mitigace: kdy p\u0159i\u0161la ochrana ve firewallu<\/h2>\n\n\n\n<p>Wordfence nasadilo firewall pravidlo, kter\u00e9 m\u011blo blokovat pokusy o zneu\u017eit\u00ed, <strong>11. prosince 2025<\/strong> pro placen\u00e9 varianty (<strong>Wordfence Premium<\/strong>, <strong>Care<\/strong>, <strong>Response<\/strong>). U bezplatn\u00e9 verze Wordfence se stejn\u00e1 ochrana dostala k u\u017eivatel\u016fm <strong>10. ledna 2026<\/strong> (po 30 dnech).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Co zkontrolovat na vlastn\u00edch webech (praktick\u00fd checklist)<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Zjisti, jestli pou\u017e\u00edv\u00e1\u0161 plugin <strong>Advanced Custom Fields: Extended<\/strong> (slug <code>acf-extended<\/code>).<\/li>\n\n\n<li>Ov\u011b\u0159 verzi pluginu: pokud je <strong>0.9.2.1 nebo ni\u017e\u0161\u00ed<\/strong>, je to zasa\u017een\u00e9.<\/li>\n\n\n<li>Projdi konfiguraci ACF Extended formul\u00e1\u0159\u016f: hledej akce <strong>Create user<\/strong> nebo <strong>Update user<\/strong>.<\/li>\n\n\n<li>Zkontroluj mapov\u00e1n\u00ed pol\u00ed u t\u011bchto akc\u00ed: pokud je namapovan\u00e9 pole <code>role<\/code> (nebo ekvivalentn\u00ed), je to rizikov\u00e1 konfigurace.<\/li>\n\n\n<li>Aktualizuj plugin na <strong>0.9.2.2<\/strong> (nebo nov\u011bj\u0161\u00ed, pokud u\u017e existuje).<\/li>\n\n\n<li>Po aktualizaci zva\u017e revizi u\u017eivatelsk\u00fdch \u00fa\u010dt\u016f: zda v obdob\u00ed p\u0159ed opravou nevznikl neo\u010dek\u00e1van\u00fd administr\u00e1tor (nap\u0159. nezn\u00e1m\u00fd e-mail\/login).<\/li>\n\n<\/ol>\n\n\n\n<div class=\"wp-block-group callout callout-info is-style-info is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Rychl\u00e9 sn\u00ed\u017een\u00ed rizika (kdy\u017e nem\u016f\u017ee\u0161 hned aktualizovat)<\/h4>\n\n\n<p>Pokud ACF Extended pou\u017e\u00edv\u00e1\u0161 pro registrace, do\u010dasn\u011b z formul\u00e1\u0159e odstra\u0148 mapov\u00e1n\u00ed role (pole <code>role<\/code>) nebo vypni akci Create\/Update user, dokud neprob\u011bhne update. Nen\u00ed to n\u00e1hrada opravy, ale um\u00ed to odst\u0159ihnout nejkriti\u010dt\u011bj\u0161\u00ed cestu zneu\u017eit\u00ed.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">\u010casov\u00e1 osa zve\u0159ejn\u011bn\u00ed a opravy (podle Wordfence)<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>10. 12. 2025 \u2013 nahl\u00e1\u0161en\u00ed p\u0159es Wordfence Bug Bounty Program<\/li>\n\n\n<li>11. 12. 2025 \u2013 potvrzen\u00ed a validace v\u010detn\u011b proof-of-conceptu<\/li>\n\n\n<li>11. 12. 2025 \u2013 firewall pravidlo pro Wordfence Premium\/Care\/Response<\/li>\n\n\n<li>11. 12. 2025 \u2013 p\u0159ed\u00e1n\u00ed detail\u016f vendorovi p\u0159es Wordfence Vulnerability Management Portal<\/li>\n\n\n<li>14. 12. 2025 \u2013 vyd\u00e1n\u00ed opraven\u00e9 verze <strong>0.9.2.2<\/strong><\/li>\n\n\n<li>10. 1. 2026 \u2013 firewall pravidlo i pro Wordfence Free<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Shrnut\u00ed pro v\u00fdvoj\u00e1\u0159e a spr\u00e1vce WordPressu<\/h2>\n\n\n\n<p>Tahle zranitelnost je dobr\u00e1 p\u0159ipom\u00ednka, \u017ee jakmile nech\u00e1\u0161 frontendov\u00fd formul\u00e1\u0159 s\u00e1hnout na u\u017eivatelsk\u00e9 \u00fa\u010dty, mus\u00ed\u0161 validovat v\u0161echno, co se t\u00fdk\u00e1 opr\u00e1vn\u011bn\u00ed, dvojn\u00e1sob. V ACF Extended \u0161lo v ur\u010dit\u00fdch nastaven\u00edch podstr\u010dit roli administr\u00e1tora i tam, kde UI nab\u00edzelo restrikce.<\/p>\n\n\n\n<p>Ak\u010dn\u00ed kroky jsou jednoduch\u00e9: <strong>aktualizovat na 0.9.2.2<\/strong>, zkontrolovat, jestli n\u011bkde nem\u00e1\u0161 formul\u00e1\u0159 Create\/Update user s mapovanou rol\u00ed, a proj\u00edt u\u017eivatelsk\u00e9 \u00fa\u010dty kv\u016fli podez\u0159el\u00fdm admin\u016fm.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>Reference \/ Zdroje<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/www.wordfence.com\/blog\/2026\/01\/100000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-advanced-custom-fields-extended-wordpress-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">100,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Advanced Custom Fields: Extended WordPress Plugin<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/acf-extended\/advanced-custom-fields-extended-0921-unauthenticated-privilege-escalation-via-insert-user-form-action\" target=\"_blank\" rel=\"noopener noreferrer\">Advanced Custom Fields: Extended &lt;= 0.9.2.1 &#8212; Unauthenticated Privilege Escalation via Insert User Form Action<\/a><\/li><li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-14533\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2025-14533<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/plugins\/acf-extended\/\" target=\"_blank\" rel=\"noopener noreferrer\">Advanced Custom Fields: Extended (WordPress.org plugin page)<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Bug Bounty Program<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vendor\/vulnerability-management-portal\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Vulnerability Management Portal<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>Pou\u017e\u00edv\u00e1\u0161 ACF Extended a m\u00e1\u0161 na webu formul\u00e1\u0159, kter\u00fd um\u00ed vytv\u00e1\u0159et nebo upravovat u\u017eivatele? V takov\u00e9m p\u0159\u00edpad\u011b je pot\u0159eba zkontrolovat verzi pluginu \u2013 v ur\u010dit\u00fdch konfigurac\u00edch \u0161lo \u00fato\u010dn\u00edkovi bez p\u0159ihl\u00e1\u0161en\u00ed \u201evysko\u010dit\u201c rovnou na administr\u00e1tora.<\/p>\n","protected":false},"author":33,"featured_media":107,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[80,82,14,10,81],"class_list":["post-110","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-acf-extended","tag-cve","tag-wordfence","tag-wordpress","tag-zranitelnost"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/comments?post=110"}],"version-history":[{"count":0,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/110\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/media\/107"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/media?parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/categories?post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/tags?post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}