{"id":175,"date":"2026-02-11T16:39:41","date_gmt":"2026-02-11T15:39:41","guid":{"rendered":"https:\/\/helloblog.io\/cs\/kriticka-chyba-wpvivid-backup-neautentizovany-upload-souboru-cve-2026-1357\/"},"modified":"2026-02-11T16:39:41","modified_gmt":"2026-02-11T15:39:41","slug":"kriticka-chyba-wpvivid-backup-neautentizovany-upload-souboru-cve-2026-1357","status":"publish","type":"post","link":"https:\/\/helloblog.io\/cs\/kriticka-chyba-wpvivid-backup-neautentizovany-upload-souboru-cve-2026-1357\/","title":{"rendered":"Kritick\u00e1 chyba ve WPvivid Backup: neautentizovan\u00fd upload soubor\u016f m\u016f\u017ee v\u00e9st k p\u0159evzet\u00ed webu (CVE-2026-1357)"},"content":{"rendered":"\n<p>Wordfence zve\u0159ejnil detaily kritick\u00e9 zranitelnosti v pluginu <a href=\"https:\/\/wordpress.org\/plugins\/wpvivid-backuprestore\/\">WPvivid Backup<\/a> (na WordPress.org veden\u00fd jako \u201eMigration, Backup, Staging \u2013 WPvivid Backup &#038; Migration\u201c). Jde o <strong>Unauthenticated Arbitrary File Upload<\/strong> \u2013 tedy mo\u017enost nahr\u00e1t soubor na server bez p\u0159ihl\u00e1\u0161en\u00ed \u2013 s potenci\u00e1lem <strong>Remote Code Execution (RCE)<\/strong>, co\u017e je typicky cesta k \u00fapln\u00e9mu p\u0159evzet\u00ed webu.<\/p>\n\n\n\n<p>D\u016fle\u017eit\u00fd kontext: podle zve\u0159ejn\u011bn\u00fdch informac\u00ed je zranitelnost <strong>kriticky relevantn\u00ed hlavn\u011b pro weby, kter\u00e9 maj\u00ed v nastaven\u00ed pluginu vygenerovan\u00fd kl\u00ed\u010d pro p\u0159\u00edjem z\u00e1lohy z jin\u00e9ho webu<\/strong>. Tato funkce je <strong>ve v\u00fdchoz\u00edm stavu vypnut\u00e1<\/strong> a expiraci kl\u00ed\u010de lze nastavit maxim\u00e1ln\u011b na <strong>24 hodin<\/strong>. To sice omezuje okno \u00fatoku, ale pokud je kl\u00ed\u010d aktivn\u00ed, probl\u00e9m je v\u00e1\u017en\u00fd.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1504\" height=\"784\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/02\/FeaturedImage_Wordfence_303.01.png\" alt=\"Ilustra\u010dn\u00ed obr\u00e1zek k advisory Wordfence o zranitelnosti ve WPvivid Backup\" class=\"wp-image-174\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/02\/FeaturedImage_Wordfence_303.01.png 1504w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/02\/FeaturedImage_Wordfence_303.01-300x156.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/02\/FeaturedImage_Wordfence_303.01-1024x534.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/02\/FeaturedImage_Wordfence_303.01-768x400.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/11\/2026\/02\/FeaturedImage_Wordfence_303.01-400x209.png 400w\" sizes=\"auto, (max-width: 1504px) 100vw, 1504px\" \/><figcaption class=\"wp-element-caption\">\/ Wordfence advisory: 800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin \u2014 <em>Forr\u00e1s: Wordfence.com<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Shrnut\u00ed zranitelnosti (Wordfence Intelligence)<\/h2>\n\n\n\n<p>Wordfence ji eviduje jako: <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/wpvivid-backuprestore\/migration-backup-staging-09123-unauthenticated-arbitrary-file-upload\">Migration, Backup, Staging <= 0.9.123 -- Unauthenticated Arbitrary File Upload<\/a>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>CVE: <strong><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-1357\">CVE-2026-1357<\/a><\/strong><\/li>\n\n\n<li>Z\u00e1va\u017enost: <strong>CVSS 9.8 (Critical)<\/strong><\/li>\n\n\n<li>Dot\u010den\u00e9 verze: <strong><= 0.9.123<\/strong><\/li>\n\n\n<li>Opraven\u00e1 verze: <strong>0.9.124<\/strong><\/li>\n\n\n<li>Plugin\/slug: <strong><a href=\"https:\/\/wordpress.org\/plugins\/wpvivid-backuprestore\/\">wpvivid-backuprestore<\/a><\/strong><\/li>\n\n\n<li>N\u00e1lezce: <strong><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/researchers\/lucas-montes\">Lucas Montes (NiRoX)<\/a><\/strong> (nahl\u00e1\u0161eno p\u0159es <a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\">Bug Bounty Program<\/a>)<\/li>\n\n\n<li>Bounty: <strong>$2,145.00<\/strong><\/li>\n\n<\/ul>\n\n\n\n<p>Podle Wordfence umo\u017e\u0148uje kombinace n\u011bkolika chyb \u00fato\u010dn\u00edkovi bez p\u0159ihl\u00e1\u0161en\u00ed nahr\u00e1t na server libovoln\u00fd soubor (v\u010detn\u011b PHP) a n\u00e1sledn\u011b spustit k\u00f3d. V advisory je jako parametr zmi\u0148ov\u00e1no spu\u0161t\u011bn\u00ed p\u0159es po\u017eadavek s <code>wpvivid_action=send_to_site<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Koho se to t\u00fdk\u00e1 v praxi (a pro\u010d \u201ejen n\u011bkdy\u201c)<\/h2>\n\n\n\n<p>WPvivid um\u00ed nejen z\u00e1lohovat a obnovovat, ale tak\u00e9 <strong>p\u0159ijmout z\u00e1lohu z jin\u00e9ho webu<\/strong>. Tohle \u201ereceive backup\u201c chov\u00e1n\u00ed je nav\u00e1zan\u00e9 na <strong>kr\u00e1tkodob\u00fd vygenerovan\u00fd kl\u00ed\u010d<\/strong> v nastaven\u00ed pluginu.<\/p>\n\n\n\n<p>Z pohledu rizika je z\u00e1sadn\u00ed, \u017ee Wordfence explicitn\u011b uv\u00e1d\u00ed: <strong>kritick\u00fd dopad m\u00e1 prim\u00e1rn\u011b konfigurace, kdy m\u00e1\u0161 vygenerovan\u00fd kl\u00ed\u010d povolen\u00fd pro p\u0159\u00edjem z\u00e1loh<\/strong>. Funkce je standardn\u011b vypnut\u00e1 a kl\u00ed\u010d m\u016f\u017ee m\u00edt expiraci maxim\u00e1ln\u011b 24 hodin \u2013 tak\u017ee nejde o trval\u00e9 otev\u0159en\u00ed endpointu, ale i tak je to dost dlouh\u00e9 okno na automatizovan\u00e9 skeny a c\u00edlen\u00e9 \u00fatoky.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Technick\u00e9 pozad\u00ed: co se pokazilo v kryptografii a z\u00e1pisu souboru<\/h2>\n\n\n\n<p>Wordfence popisuje zranitelnost jako kombinaci dvou probl\u00e9m\u016f:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>Nespr\u00e1vn\u00e9 o\u0161et\u0159en\u00ed chyby p\u0159i RSA de\u0161ifrov\u00e1n\u00ed<\/strong> (v\u010detn\u011b chov\u00e1n\u00ed p\u0159i selh\u00e1n\u00ed <code>openssl_private_decrypt()<\/code> \/ RSA decrypt kroku)<\/li>\n\n\n<li><strong>Chyb\u011bj\u00edc\u00ed sanitizace cesty\/n\u00e1zvu souboru<\/strong> p\u0159i z\u00e1pisu nahran\u00fdch dat (umo\u017e\u0148uj\u00edc\u00ed directory traversal a \u00fanik z \u201echr\u00e1n\u011bn\u00e9ho\u201c backup adres\u00e1\u0159e)<\/li>\n\n<\/ul>\n\n\n\n<p>Tok zpracov\u00e1n\u00ed je podle anal\u00fdzy nav\u00e1zan\u00fd na metodu <code>send_to_site()<\/code> ve t\u0159\u00edd\u011b <code>WPvivid_Send_to_site<\/code>, kter\u00e1 obsluhuje p\u0159\u00edjem souboru z\u00e1lohy v\u010detn\u011b pr\u00e1ce s obsahem z <code>$_POST['wpvivid_content']<\/code> a tokenem ulo\u017een\u00fdm v nastaven\u00ed (<code>wpvivid_api_token<\/code>). Pokud token chyb\u00ed nebo je expirovan\u00fd, plugin ukon\u010d\u00ed vykon\u00e1v\u00e1n\u00ed (<code>die()<\/code>), ale v p\u0159\u00edpad\u011b aktivn\u00edho tokenu pokra\u010duje p\u0159es de\u0161ifrov\u00e1n\u00ed zpr\u00e1vy.<\/p>\n\n\n\n<p>Kl\u00ed\u010dov\u00fd detail: p\u0159i de\u0161ifrov\u00e1n\u00ed zpr\u00e1vy se m\u00e1 nejd\u0159\u00edv RSA \u010d\u00e1st\u00ed z\u00edskat session key a t\u00edm pak symetricky de\u0161ifrovat payload (v advisory je zmi\u0148ovan\u00fd Rijndael\/AES p\u0159es phpseclib). Pokud ale RSA decrypt sel\u017ee a vr\u00e1t\u00ed <code>false<\/code>, plugin podle Wordfence <strong>neukon\u010d\u00ed prov\u00e1d\u011bn\u00ed<\/strong> a p\u0159ed\u00e1 <code>false<\/code> do inicializace symetrick\u00e9 \u0161ifry. Knihovna pak tuto hodnotu interpretuje jako \u0159et\u011bzec nulov\u00fdch byt\u016f, \u010d\u00edm\u017e vznikne <strong>predikovateln\u00fd \u201enull-byte key\u201c<\/strong>. \u00dato\u010dn\u00edk si n\u00e1sledn\u011b m\u016f\u017ee payload za\u0161ifrovat p\u0159esn\u011b t\u00edmto p\u0159edv\u00eddateln\u00fdm kl\u00ed\u010dem.<\/p>\n\n\n\n<p>Druh\u00fd probl\u00e9m: plugin z de\u0161ifrovan\u00e9ho payloadu p\u0159ijme n\u00e1zev souboru bez dostate\u010dn\u00e9 sanitizace, tak\u017ee lze zneu\u017e\u00edt <strong>directory traversal<\/strong> a zapsat soubor mimo vyhrazen\u00fd adres\u00e1\u0159 z\u00e1loh. V kombinaci s absenc\u00ed kontroly typu\/roz\u0161\u00ed\u0159en\u00ed souboru (v p\u016fvodn\u00edm stavu) to otev\u00edr\u00e1 mo\u017enost nahr\u00e1t t\u0159eba <strong>PHP webshell<\/strong> do ve\u0159ejn\u011b dostupn\u00e9ho um\u00edst\u011bn\u00ed a n\u00e1sledn\u011b ho p\u0159\u00edmo zavolat \u2013 to je p\u0159esn\u011b ten sc\u00e9n\u00e1\u0159, kter\u00fd kon\u010d\u00ed <strong>Remote Code Execution<\/strong> a \u010dasto i kompletn\u00ed kompromitac\u00ed webu.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Pro\u010d je \u201earbitrary file upload\u201c prakticky v\u017edy pr\u016f\u0161vih<\/h4>\n\n\n<p>Jakmile \u00fato\u010dn\u00edk dok\u00e1\u017ee bez p\u0159ihl\u00e1\u0161en\u00ed nahr\u00e1t soubor do webrootu (nebo jin\u00e9ho ve\u0159ejn\u011b dostupn\u00e9ho adres\u00e1\u0159e) a neexistuje kontrola typu souboru, je b\u011b\u017en\u00fdm dal\u0161\u00edm krokem upload PHP webshellu a spu\u0161t\u011bn\u00ed k\u00f3du. To obvykle znamen\u00e1 pln\u00fd p\u0159\u00edstup k WordPressu i serveru v r\u00e1mci pr\u00e1v webov\u00e9ho procesu.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Jak vypad\u00e1 oprava ve verzi 0.9.124<\/h2>\n\n\n\n<p>Podle Wordfence v\u00fdvoj\u00e1\u0159i opravili probl\u00e9m dv\u011bma konkr\u00e9tn\u00edmi z\u00e1sahy:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Do <code>decrypt_message()<\/code> p\u0159idali kontrolu, \u017ee de\u0161ifrovan\u00fd <code>$key<\/code> nesm\u00ed b\u00fdt <code>false<\/code> ani pr\u00e1zdn\u00fd. Pokud je, funkce vr\u00e1t\u00ed <code>false<\/code> a d\u00e1l se nepokra\u010duje \u2013 t\u00edm se zamez\u00ed pou\u017eit\u00ed \u201enulov\u00e9ho\u201c kl\u00ed\u010de pro symetrickou \u0161ifru.<\/li>\n\n\n<li>V <code>send_to_site()<\/code> p\u0159idali kontrolu p\u0159\u00edpony souboru a povolili jen typick\u00e9 backup form\u00e1ty. V patchi je uveden allowlist: <code>zip<\/code>, <code>gz<\/code>, <code>tar<\/code>, <code>sql<\/code>. Sou\u010dasn\u011b se n\u00e1zev bezpe\u010dn\u011bji zpracuje p\u0159es <code>basename()<\/code> a <code>preg_replace('\/[^a-zA-Z0-9._-]\/', '', $safe_name)<\/code>; pokud p\u0159\u00edpona neprojde, vr\u00e1t\u00ed se chyba \u201eInvalid file type &#8211; only backup files allowed.\u201c a skript se ukon\u010d\u00ed (<code>die()<\/code>).<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Doporu\u010den\u00fd postup pro spr\u00e1vce a v\u00fdvoj\u00e1\u0159e (co ud\u011blat hned te\u010f)<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Zjisti, jestli na webu b\u011b\u017e\u00ed WPvivid Backup \/ Migration, Backup, Staging (slug <code>wpvivid-backuprestore<\/code>).<\/li>\n\n\n<li>Ov\u011b\u0159 verzi pluginu. Pokud je <strong>0.9.123 nebo star\u0161\u00ed<\/strong>, je pot\u0159eba aktualizace.<\/li>\n\n\n<li>Aktualizuj na <strong>WPvivid Backup 0.9.124<\/strong> (Wordfence ji uv\u00e1d\u00ed jako opravenou verzi) co nejd\u0159\u00edv.<\/li>\n\n\n<li>Pokud pou\u017e\u00edv\u00e1\u0161 funkci pro p\u0159\u00edjem z\u00e1loh \u201ez jin\u00e9ho webu\u201c (generated key \/ API token), zva\u017e, jestli ji opravdu pot\u0159ebuje\u0161. Kdy\u017e je kl\u00ed\u010d vygenerovan\u00fd, je to p\u0159esn\u011b konfigurace, kterou Wordfence ozna\u010duje jako kriticky dot\u010denou.<\/li>\n\n\n<li>Pokud m\u00e1\u0161 Wordfence, zkontroluj \u00farove\u0148 ochrany: firewall rule byla podle ozn\u00e1men\u00ed nasazena d\u0159\u00edve pro Premium\/Care\/Response a pozd\u011bji pro Free (viz \u010dasov\u00e1 osa n\u00ed\u017ee).<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">\u010casov\u00e1 osa zve\u0159ejn\u011bn\u00ed a mitigace (Disclosure Timeline)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>January 12, 2026<\/strong> \u2013 Wordfence obdr\u017eel hl\u00e1\u0161en\u00ed zranitelnosti p\u0159es Bug Bounty Program.<\/li>\n\n\n<li><strong>January 22, 2026<\/strong> \u2013 Wordfence report ov\u011b\u0159il, potvrdil proof-of-concept exploit a kontaktoval vendor (pozv\u00e1nka do <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vendor\/vulnerability-management-portal\/\">Wordfence Vulnerability Management Portal<\/a>).<\/li>\n\n\n<li><strong>January 22, 2026<\/strong> \u2013 U\u017eivatel\u00e9 <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-premium\/\">Wordfence Premium<\/a>, <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-care\/\">Wordfence Care<\/a> a <a href=\"https:\/\/www.wordfence.com\/products\/wordfence-response\/\">Wordfence Response<\/a> dostali firewall rule proti exploit\u016fm t\u00e9to chyby.<\/li>\n\n\n<li><strong>January 23, 2026<\/strong> \u2013 Vendor odpov\u011bd\u011bl, zvolil komunikaci e-mailem.<\/li>\n\n\n<li><strong>January 23, 2026<\/strong> \u2013 Wordfence poslal vendorovi pln\u00e9 detaily, vendor potvrdil a za\u010dal p\u0159ipravovat fix.<\/li>\n\n\n<li><strong>January 28, 2026<\/strong> \u2013 Vy\u0161la opraven\u00e1 verze pluginu <strong>0.9.124<\/strong>.<\/li>\n\n\n<li><strong>February 21, 2026<\/strong> \u2013 U\u017eivatel\u00e9 Wordfence Free maj\u00ed podle ozn\u00e1men\u00ed obdr\u017eet stejnou firewall ochranu.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Pozn\u00e1mka k n\u00e1lezu a Bug Bounty<\/h2>\n\n\n\n<p>Zranitelnost objevil a zodpov\u011bdn\u011b nahl\u00e1sil Lucas Montes (NiRoX) p\u0159es <a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\">Wordfence Bug Bounty Program<\/a>. Wordfence uv\u00e1d\u00ed, \u017ee report p\u0159i\u0161el <strong>p\u011bt dn\u00ed po zaveden\u00ed chyby<\/strong> a odm\u011bna byla <strong>$2,145.00<\/strong>. V r\u00e1mci programu Wordfence zmi\u0148uje, \u017ee v\u00fdzkumn\u00edci mohou z\u00edskat a\u017e <strong>$31,200 per vulnerability<\/strong> (pro zranitelnosti v rozsahu programu).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>CVE-2026-1357 je uk\u00e1zkov\u00fd p\u0159\u00edpad toho, jak ne\u0161\u0165astn\u00e1 kombinace kryptografick\u00e9ho edge-case (pokra\u010dov\u00e1n\u00ed po selh\u00e1n\u00ed RSA decrypt) a slab\u00e9 pr\u00e1ce s cestou\/n\u00e1zvem souboru m\u016f\u017ee skon\u010dit nejhor\u0161\u00edm mo\u017en\u00fdm sc\u00e9n\u00e1\u0159em: <strong>neautentizovan\u00fdm nahr\u00e1n\u00edm PHP souboru a RCE<\/strong>. Oprava je k dispozici ve verzi <strong>0.9.124<\/strong> a pokud WPvivid pou\u017e\u00edv\u00e1\u0161 \u2013 obzvl\u00e1\u0161\u0165 pokud m\u00e1\u0161 aktivn\u00ed kl\u00ed\u010d pro p\u0159\u00edjem z\u00e1loh \u2013 je aktualizace naprost\u00e1 priorita.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>Reference \/ Zdroje<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/www.wordfence.com\/blog\/2026\/02\/800000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-wpvivid-backup-wordpress-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/wpvivid-backuprestore\/migration-backup-staging-09123-unauthenticated-arbitrary-file-upload\" target=\"_blank\" rel=\"noopener noreferrer\">Migration, Backup, Staging &lt;= 0.9.123 &#8212; Unauthenticated Arbitrary File Upload<\/a><\/li><li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-1357\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2026-1357<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/plugins\/wpvivid-backuprestore\/\" target=\"_blank\" rel=\"noopener noreferrer\">WPvivid Backup \u2013 WordPress plugin (wpvivid-backuprestore)<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Bug Bounty Program<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/researchers\/lucas-montes\" target=\"_blank\" rel=\"noopener noreferrer\">Lucas Montes (NiRoX) \u2013 researcher profile<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vendor\/vulnerability-management-portal\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Vulnerability Management Portal<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>WPvivid Backup (p\u0159es 800\u202f000 instalac\u00ed) \u0159e\u0161\u00ed kritickou zranitelnost, kter\u00e1 v ur\u010dit\u00fdch konfigurac\u00edch umo\u017e\u0148uje \u00fato\u010dn\u00edk\u016fm bez p\u0159ihl\u00e1\u0161en\u00ed nahr\u00e1t libovoln\u00fd soubor a spustit k\u00f3d na serveru. Pokud plugin pou\u017e\u00edv\u00e1\u0161 pro p\u0159\u00edjem z\u00e1loh \u201ez jin\u00e9ho webu\u201c, je \u010das okam\u017eit\u011b aktualizovat na 0.9.124.<\/p>\n","protected":false},"author":34,"featured_media":173,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[37,62,14,10],"class_list":["post-175","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost","tag-bezpecnost","tag-pluginy","tag-wordfence","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/175","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/comments?post=175"}],"version-history":[{"count":0,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/posts\/175\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/media\/173"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/media?parent=175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/categories?post=175"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/cs\/wp-json\/wp\/v2\/tags?post=175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}