{"id":4681,"date":"2019-05-25T13:24:42","date_gmt":"2019-05-25T13:24:42","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4681"},"modified":"2020-05-25T13:36:24","modified_gmt":"2020-05-25T13:36:24","slug":"wordpress-exploits-and-solutions","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions","title":{"rendered":"WordPress Exploits and Solutions"},"content":{"rendered":"<h3>Issue Description 1<\/h3><p>In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad <br \/>force attacks against Word Press login page to guess passwords.<\/p><h3>Solution 1<\/h3><p>Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect all requests made to <br \/>&#8216;twp-json\/wp\/v2\/users\/&#8217; and to &#8216;author&#8217; parameter (via GET and POST requests).<\/p><p>Install WordPress Plugin &#8220;Disable REST API&#8221; and disable twp-json\/wp\/v2\/users\/https:\/\/codex.wordpress.org\/htaccess <br \/>http:\/\/cwe.mitre.org\/data\/defin1tions\/200.html<\/p><h3>Issue Description 2<\/h3><p>A public facing Word Press XML-RPC interface has been detected. <br \/>An attacker may be able to launch attacks against the web server Via XML-RPC including:<br \/>&#8211; Login into Word Press backend Administrative interface <br \/>&#8211; Brute force user credentials<br \/>&#8211; Use pingbacks (for scanning or fingerprinting for example)<\/p><h3>Solution 2<\/h3><p>BLock requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect all requests made to<br \/>&#8216;xmlrpc.php&#8217; (via GET and POST requests).<\/p><p>Install WordPress Plugin &#8220;Disable XML-RPC&#8221;<\/p><p>https:\/\/codex.wordpress.org\/htaccess<br \/>https:\/\/codex.wordpress.org\/XML-RPC_Support<\/p><h3>Issue Description 3<\/h3><p>According to its self-reported version number, jQuery is prior to 3.4.0. Therefore, it may be affected by a prototype pollution vulnerability due to <br \/>&#8216;extend&#8217; function that can be tricked into modifying the prototype of &#8216;Object&#8217;. Note that the scanner has not tested for these issues but has instead<br \/>relied only on the application&#8217;s self-reported version number. <\/p><h3>Solution 3<\/h3><p>Upgrade to jQuery version 3.4.0 or later.<\/p><p>Install WordPress Plugin &#8220;jQuery Updater&#8221;<\/p><p>https:\/\/snyk.io\/vuln\/SNYK-JS-JQUERY-174006 <br \/>https:\/\/snyk.io\/blog\/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again\/<br \/>https:\/\/github.com\/jquery\/jquery\/pull\/4333<\/p><h3>Issue Description 4<\/h3><p>According to its self-reported version number, jQuery is at least 1.4.0 and prior to 1.12.0 or at least 1.12.4 and prior to 3.0.0-beta1. Therefore, it may<br \/>be affected by a cross-site scripting vulnerability due to cross-domain ajax request performed without the data Type. <br \/>Note that the scanner has not tested for these issues but has instead relied on y on the application&#8217;s self-reported version number. <\/p><h3>Solution 4<\/h3><p>Upgrade to jQuery version 3.0.0 or later.<\/p><p>Install WordPress Plugin &#8220;jQuery Updater&#8221;<br \/><br \/>https:\/\/github.com\/jquery\/jquery\/issues\/2432<br \/>https:\/\/github.com\/jquery\/jquery\/pull\/2588\/commits\/c254d308a7d3f1 eac4d0b42837804cfffcba4bb2<\/p><h3>Issue Description 5<\/h3><p>The HTIP protocol by itself is clear text, meaning that any data that is transmitted via HTIP can be captured and the contents viewed. To keep data<br \/>private and prevent it from being intercepted, HTIP is often tunnelled through either Secure Sockets Layer (SSL) or Transport Layer Security (TLS). <br \/>When either of these encryption standards are used, it is referred to as HTIPS. <br \/>HTIP Strict Transport Security (HSTS) is an optional response header that can be configured on the server to instruct the browser to only<br \/>communicate via HTIPS. This will be enforced by the browser even if the user requests a HTIP resource on the same server. <br \/>Cyber-criminals will often attempt to compromise sensitive information passed from the client to the server using HTIP. This can be conducted via<br \/>various Man-in-The-Middle (MiTM) attacks or through network packet captures. <br \/>Scanner discovered that the affected application is using HTIPS however does not use the HSTS header. <\/p><h3>Solution 5<\/h3><p>Depending on the framework being used the implementation methods will vary. however it is advised that the \u2022 Strict-Transport-Security&#8217; header be<br \/>configured on the server. <br \/>One of the options for th s header is &#8216;rnax-age &#8216;. which is a representation (in milliseconds) determining the time in which the client&#8217;s browser will<br \/>adhere to the header policy. <br \/>Depending on the environment and the application this time period could be from as low as minutes to as long as days.<\/p><p><br \/>Add below to your functions.php<\/p><p>[pastacode lang=&#8221;php&#8221; manual=&#8221;%2F%2F%20HSTS%20Headers%0Aadd_action(%20&#8217;send_headers&#8217;%2C%20&#8217;mo_strict_transport_security&#8217;%20)%3B%0Afunction%20mo_strict_transport_security()%20%7B%0Aheader(%20&#8217;Strict-Transport-Security%3A%20max-age%3D15552001%3B%20includeSubDomains%3B%20preload&#8217;%20)%3B%0A%7D%0A%0Ahttps%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6797%0Ahttps%3A%2Flwww.owasp.org%2Findex.php%2FHTIP%20_Strict_Transport_Security_Cheat_Sheet%0Ahttps%3A%2Flwww.chromium.org%2Fhsts%0Ahttps%3A%2F%2Fhstspreload.org%2F&#8221; message=&#8221;&#8221; highlight=&#8221;&#8221; provider=&#8221;manual&#8221;\/]<\/p>","protected":false},"excerpt":{"rendered":"<p>Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1130],"class_list":["post-4681","post","type-post","status-publish","format-standard","hentry","category-research","tag-wordpress"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"paris\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Welcome to Pariswells.com |\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"WordPress Exploits and Solutions | Welcome to Pariswells.com\" \/>\n\t\t<meta property=\"og:description\" content=\"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2019-05-25T13:24:42+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2020-05-25T13:36:24+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary\" \/>\n\t\t<meta name=\"twitter:title\" content=\"WordPress Exploits and Solutions | Welcome to Pariswells.com\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#article\",\"name\":\"WordPress Exploits and Solutions | Welcome to Pariswells.com\",\"headline\":\"WordPress Exploits and Solutions\",\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"},\"datePublished\":\"2019-05-25T13:24:42+00:00\",\"dateModified\":\"2020-05-25T13:36:24+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#webpage\"},\"articleSection\":\"Research, wordpress\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#listItem\",\"name\":\"WordPress Exploits and Solutions\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#listItem\",\"position\":3,\"name\":\"WordPress Exploits and Solutions\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/category\\\/research#listItem\",\"name\":\"Research\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\",\"name\":\"Welcome to Pariswells.com\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris\",\"name\":\"paris\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"paris\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#webpage\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions\",\"name\":\"WordPress Exploits and Solutions | Welcome to Pariswells.com\",\"description\":\"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/research\\\/wordpress-exploits-and-solutions#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/author\\\/paris#author\"},\"datePublished\":\"2019-05-25T13:24:42+00:00\",\"dateModified\":\"2020-05-25T13:36:24+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/\",\"name\":\"Welcome to Pariswells.com\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/pariswells.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"WordPress Exploits and Solutions | Welcome to Pariswells.com","description":"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect","canonical_url":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#article","name":"WordPress Exploits and Solutions | Welcome to Pariswells.com","headline":"WordPress Exploits and Solutions","author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"},"datePublished":"2019-05-25T13:24:42+00:00","dateModified":"2020-05-25T13:36:24+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#webpage"},"isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#webpage"},"articleSection":"Research, wordpress"},{"@type":"BreadcrumbList","@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/pariswells.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","position":2,"name":"Research","item":"https:\/\/pariswells.com\/blog\/category\/research","nextItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#listItem","name":"WordPress Exploits and Solutions"},"previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#listItem","position":3,"name":"WordPress Exploits and Solutions","previousItem":{"@type":"ListItem","@id":"https:\/\/pariswells.com\/blog\/category\/research#listItem","name":"Research"}}]},{"@type":"Organization","@id":"https:\/\/pariswells.com\/blog\/#organization","name":"Welcome to Pariswells.com","url":"https:\/\/pariswells.com\/blog\/"},{"@type":"Person","@id":"https:\/\/pariswells.com\/blog\/author\/paris#author","url":"https:\/\/pariswells.com\/blog\/author\/paris","name":"paris","image":{"@type":"ImageObject","@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/93b8ee3f592ac401167f870452bd82d43de80152cd3524e2853403658ada9984?s=96&d=mm&r=g","width":96,"height":96,"caption":"paris"}},{"@type":"WebPage","@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#webpage","url":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions","name":"WordPress Exploits and Solutions | Welcome to Pariswells.com","description":"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/pariswells.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions#breadcrumblist"},"author":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"creator":{"@id":"https:\/\/pariswells.com\/blog\/author\/paris#author"},"datePublished":"2019-05-25T13:24:42+00:00","dateModified":"2020-05-25T13:36:24+00:00"},{"@type":"WebSite","@id":"https:\/\/pariswells.com\/blog\/#website","url":"https:\/\/pariswells.com\/blog\/","name":"Welcome to Pariswells.com","inLanguage":"en-US","publisher":{"@id":"https:\/\/pariswells.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"Welcome to Pariswells.com |","og:type":"article","og:title":"WordPress Exploits and Solutions | Welcome to Pariswells.com","og:description":"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect","og:url":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions","article:published_time":"2019-05-25T13:24:42+00:00","article:modified_time":"2020-05-25T13:36:24+00:00","twitter:card":"summary","twitter:title":"WordPress Exploits and Solutions | Welcome to Pariswells.com","twitter:description":"Issue Description 1In default WordPress installation there are several methods to enumerate authors username. These Word Press users can then be used in brute\u00ad force attacks against Word Press login page to guess passwords.Solution 1Block requests to sensitive user information at the server using .htaccess file or WAF for example. You should block or redirect"},"aioseo_meta_data":{"post_id":"4681","title":null,"description":null,"keywords":null,"keyphrases":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":null,"schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"location":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2020-12-21 05:27:06","updated":"2022-09-15 10:36:39","primary_term":null,"seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/pariswells.com\/blog\/category\/research\" title=\"Research\">Research<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tWordPress Exploits and Solutions\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/pariswells.com\/blog"},{"label":"Research","link":"https:\/\/pariswells.com\/blog\/category\/research"},{"label":"WordPress Exploits and Solutions","link":"https:\/\/pariswells.com\/blog\/research\/wordpress-exploits-and-solutions"}],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4681"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4681\/revisions"}],"predecessor-version":[{"id":4682,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4681\/revisions\/4682"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}