{"id":1278,"date":"2021-01-20T14:49:33","date_gmt":"2021-01-20T17:49:33","guid":{"rendered":"https:\/\/www.xlabs.com.br\/blog\/?p=1278"},"modified":"2021-08-25T19:05:17","modified_gmt":"2021-08-25T22:05:17","slug":"wordpress-multi-dos-vuln-ddos","status":"publish","type":"post","link":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/","title":{"rendered":"WordPress multi DoS vuln (DDoS)"},"content":{"rendered":"\n<p>Em torno das 20h do dia 17 de agosto de 2020, o centro de opera\u00e7\u00f5es de seguran\u00e7a da <a href=\"https:\/\/www.xlabs.com.br\/\" target=\"_blank\" rel=\"noreferrer noopener\">XLabs Security<\/a> que monitora nossos sistemas de <a href=\"https:\/\/www.xlabs.com.br\/waf\/\" target=\"_blank\" rel=\"noreferrer noopener\">CDN e WAF<\/a>, identificou uma anormalidade no tr\u00e1fego na aplica\u00e7\u00e3o de um cliente. <\/p>\n\n\n\n<p>O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do WordPress, provindo de diferentes origens, caracterizando um ataque de nega\u00e7\u00e3o de servi\u00e7o distribu\u00eddo ou DDoS na camada de aplica\u00e7\u00e3o. <\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"is-layout-flex wp-block-gallery-1 wp-block-gallery columns-1 is-cropped\"><ul class=\"blocks-gallery-grid\"><li class=\"blocks-gallery-item\"><figure><img decoding=\"async\" src=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/09\/WhatsApp-Image-2020-09-17-at-16.14.58.jpeg\" alt=\"\" data-id=\"1284\" data-link=\"https:\/\/www.xlabs.com.br\/blog\/?attachment_id=1284\" class=\"wp-image-1284\"\/><\/figure><\/li><\/ul><\/figure>\n\n\n\n<p class=\"has-text-align-center\"><em><span style=\"color:#2cc84d\" class=\"has-inline-color\">Figura 1 \u2013 Comportamento incomum identificado no monitoramento.<\/span><\/em><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>O evento foi ent\u00e3o direcionado ao setor de Red Team para uma an\u00e1lise mais aprofundada da amea\u00e7a. Na explora\u00e7\u00e3o efetuada em laborat\u00f3rio, pelo especialista em seguran\u00e7a cibern\u00e9tica Guilherme Rubert da XLabs Security, notamos que se tratava de uma vulnerabilidade de nega\u00e7\u00e3o de servi\u00e7o, ocasionada pelo consumo excessivo de CPU do servidor, levando a indisponibilidade da aplica\u00e7\u00e3o. <\/p>\n\n\n\n<p>Para confirmar a vulnerabilidade, foram realizados tamb\u00e9m testes em produ\u00e7\u00e3o, que ocasionaram em um consumo de 26,5 PB de dados entre o servidor da aplica\u00e7\u00e3o e o banco de dados, em um per\u00edodo de 2 minutos. <\/p>\n\n\n\n<p>Percebemos tamb\u00e9m que o consumo de CPU foi elevado aos 100%, contribuindo para a indisponibilidade.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/09\/poc100.jpeg\" alt=\"\" class=\"wp-image-1285\" width=\"838\" height=\"413\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-center\"><em><span style=\"color:#2cc84d\" class=\"has-inline-color\">Figura 2 \u2013 Consumo excessivo de CPU durante a explora\u00e7\u00e3o em laborat\u00f3rio.<\/span><\/em><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/09\/poc11.jpeg\" alt=\"\" class=\"wp-image-1286\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-center\"><em><span style=\"color:#2cc84d\" class=\"has-inline-color\">Figura 3 \u2013 Comportamento do servidor durante os testes em laborat\u00f3rio.<\/span><\/em><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img decoding=\"async\" width=\"576\" height=\"1024\" src=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/09\/poc-1.png\" alt=\"\" class=\"wp-image-1291\"\/><\/figure><\/div>\n\n\n\n<p class=\"has-text-align-center\"><em><span style=\"color:#2cc84d\" class=\"has-inline-color\">Figura 4 \u2013 Consumo de processador e de banda em ambiente de produ\u00e7\u00e3o controlado.<\/span><\/em><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>Al\u00e9m do teste realizado no arquivo install.php, foram efetuados testes no arquivo install-helper.php que apresentou o mesmo tipo de comportamento, levando a indisponibilidade da aplica\u00e7\u00e3o. <\/p>\n\n\n\n<p>As vulnerabilidades foram testadas nas vers\u00f5es 4.9.8 e 5.5 do WordPress, e reportadas ao banco de dados de vulnerabilidades do mitre, onde receberam os c\u00f3digos <strong>CVE-2020-25518<\/strong>  e <strong>CVE-2020-25519<\/strong>.<\/p>\n\n\n\n<p>Clientes que utilizam o <a href=\"https:\/\/www.xlabs.com.br\/waf\/\" target=\"_blank\" rel=\"noreferrer noopener\">WAF\/CDN<\/a> da XLabs Security j\u00e1 est\u00e3o protegidos contra poss\u00edveis ataques a estes vetores. Entre em contato agora mesmo com <a href=\"https:\/\/www.xlabs.com.br\/especialistas\/\" target=\"_blank\" rel=\"noreferrer noopener\">nossos especialistas<\/a> e saiba mais!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Em torno das 20h do dia 17 de agosto de 2020, o centro de opera\u00e7\u00f5es de seguran\u00e7a da XLabs Security que monitora nossos sistemas de CDN e WAF, identificou uma anormalidade no tr\u00e1fego na aplica\u00e7\u00e3o de um cliente. O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do WordPress, provindo de diferentes origens, caracterizando um [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":1672,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[61],"tags":[152,226,227,175,228,99,225],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog<\/title>\n<meta name=\"description\" content=\"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog\" \/>\n<meta property=\"og:description\" content=\"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\" \/>\n<meta property=\"og:site_name\" content=\"XLabs Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xlabs\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-20T17:49:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-25T22:05:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2021\/01\/wordpress-multi-dos-vuln-ddos-blog-post-xlabs.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"488\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Guilherme Rubert\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog\" \/>\n<meta name=\"twitter:description\" content=\"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2021\/01\/wordpress-multi-dos-vuln-ddos-blog-post-xlabs.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guilherme Rubert\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\"},\"author\":{\"name\":\"Guilherme Rubert\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/e6b2c442b98ac678a619dd4f80de8426\"},\"headline\":\"WordPress multi DoS vuln (DDoS)\",\"datePublished\":\"2021-01-20T17:49:33+00:00\",\"dateModified\":\"2021-08-25T22:05:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\"},\"wordCount\":330,\"publisher\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#organization\"},\"keywords\":[\"CDN\",\"CVE-2020-25518\",\"CVE-2020-25519\",\"DDoS\",\"DoS\",\"WAF\",\"wordpress\"],\"articleSection\":[\"Falhas de Seguran\u00e7a\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\",\"name\":\"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#website\"},\"datePublished\":\"2021-01-20T17:49:33+00:00\",\"dateModified\":\"2021-08-25T22:05:17+00:00\",\"description\":\"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS\",\"breadcrumb\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"In\u00edcio\",\"item\":\"https:\/\/www.xlabs.com.br\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress multi DoS vuln (DDoS)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#website\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/\",\"name\":\"XLabs Security Blog\",\"description\":\"Seguran\u00e7a da Informa\u00e7\u00e3o\",\"publisher\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.xlabs.com.br\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#organization\",\"name\":\"XLabs Security\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png\",\"contentUrl\":\"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png\",\"width\":478,\"height\":168,\"caption\":\"XLabs Security\"},\"image\":{\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.instagram.com\/xlabs.security\",\"https:\/\/www.linkedin.com\/company\/xlabs-security\/\",\"https:\/\/www.youtube.com\/channel\/UCPbGDmCQI7_UcAPmvVLi58g?view_as=subscriber\",\"https:\/\/www.facebook.com\/xlabs\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/e6b2c442b98ac678a619dd4f80de8426\",\"name\":\"Guilherme Rubert\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6697e64d6dc2f6842701ff7751a0065b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6697e64d6dc2f6842701ff7751a0065b?s=96&d=mm&r=g\",\"caption\":\"Guilherme Rubert\"},\"sameAs\":[\"https:\/\/www.xlabs.com.br\/\"],\"url\":\"https:\/\/www.xlabs.com.br\/blog\/author\/guilherme-rubert\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog","description":"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/","og_locale":"pt_BR","og_type":"article","og_title":"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog","og_description":"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS","og_url":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/","og_site_name":"XLabs Security Blog","article_publisher":"https:\/\/www.facebook.com\/xlabs","article_published_time":"2021-01-20T17:49:33+00:00","article_modified_time":"2021-08-25T22:05:17+00:00","og_image":[{"width":1000,"height":488,"url":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2021\/01\/wordpress-multi-dos-vuln-ddos-blog-post-xlabs.png","type":"image\/png"}],"author":"Guilherme Rubert","twitter_card":"summary_large_image","twitter_title":"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog","twitter_description":"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS","twitter_image":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2021\/01\/wordpress-multi-dos-vuln-ddos-blog-post-xlabs.png","twitter_misc":{"Escrito por":"Guilherme Rubert","Est. tempo de leitura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/#article","isPartOf":{"@id":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/"},"author":{"name":"Guilherme Rubert","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/e6b2c442b98ac678a619dd4f80de8426"},"headline":"WordPress multi DoS vuln (DDoS)","datePublished":"2021-01-20T17:49:33+00:00","dateModified":"2021-08-25T22:05:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/"},"wordCount":330,"publisher":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#organization"},"keywords":["CDN","CVE-2020-25518","CVE-2020-25519","DDoS","DoS","WAF","wordpress"],"articleSection":["Falhas de Seguran\u00e7a"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/","url":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/","name":"WordPress multi DoS vuln (DDoS) (DDoS) &ndash; XLabs Security Blog","isPartOf":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#website"},"datePublished":"2021-01-20T17:49:33+00:00","dateModified":"2021-08-25T22:05:17+00:00","description":"O tr\u00e1fego incomum estava sendo direcionado ao arquivo install.php do wordpress, provindo de diferentes origens, caracterizando um ataque DDoS","breadcrumb":{"@id":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.xlabs.com.br\/blog\/wordpress-multi-dos-vuln-ddos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"In\u00edcio","item":"https:\/\/www.xlabs.com.br\/blog\/"},{"@type":"ListItem","position":2,"name":"WordPress multi DoS vuln (DDoS)"}]},{"@type":"WebSite","@id":"https:\/\/www.xlabs.com.br\/blog\/#website","url":"https:\/\/www.xlabs.com.br\/blog\/","name":"XLabs Security Blog","description":"Seguran\u00e7a da Informa\u00e7\u00e3o","publisher":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.xlabs.com.br\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.xlabs.com.br\/blog\/#organization","name":"XLabs Security","url":"https:\/\/www.xlabs.com.br\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png","contentUrl":"https:\/\/www.xlabs.com.br\/blog\/wp-content\/uploads\/2020\/11\/Logotipo.png","width":478,"height":168,"caption":"XLabs Security"},"image":{"@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.instagram.com\/xlabs.security","https:\/\/www.linkedin.com\/company\/xlabs-security\/","https:\/\/www.youtube.com\/channel\/UCPbGDmCQI7_UcAPmvVLi58g?view_as=subscriber","https:\/\/www.facebook.com\/xlabs"]},{"@type":"Person","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/e6b2c442b98ac678a619dd4f80de8426","name":"Guilherme Rubert","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.xlabs.com.br\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6697e64d6dc2f6842701ff7751a0065b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6697e64d6dc2f6842701ff7751a0065b?s=96&d=mm&r=g","caption":"Guilherme Rubert"},"sameAs":["https:\/\/www.xlabs.com.br\/"],"url":"https:\/\/www.xlabs.com.br\/blog\/author\/guilherme-rubert\/"}]}},"_links":{"self":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts\/1278"}],"collection":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/comments?post=1278"}],"version-history":[{"count":11,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts\/1278\/revisions"}],"predecessor-version":[{"id":1674,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/posts\/1278\/revisions\/1674"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/media\/1672"}],"wp:attachment":[{"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/media?parent=1278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/categories?post=1278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xlabs.com.br\/blog\/wp-json\/wp\/v2\/tags?post=1278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}