{"id":22166,"date":"2026-07-15T14:56:38","date_gmt":"2026-07-15T14:56:38","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/07\/15\/two-joomla-upload-vulnerabilities-added-to-cisa-kev\/"},"modified":"2026-07-15T14:56:38","modified_gmt":"2026-07-15T14:56:38","slug":"two-joomla-upload-vulnerabilities-added-to-cisa-kev","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2026\/07\/15\/two-joomla-upload-vulnerabilities-added-to-cisa-kev\/","title":{"rendered":"Two Joomla Upload Vulnerabilities Added to CISA KEV"},"content":{"rendered":"<p style=\"color:#69d8ed;font-weight:700;font-size:0.9em;letter-spacing:0.04em;margin:0 0 16px 0;\">8 Min. Reading time<\/p>\n<p><strong>CISA added on July 10, 2026 two unauthenticated file-upload vulnerabilities from Joomla extensions to the Known Exploited Vulnerabilities Catalog: CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms). Both lead to remote code execution. For operators, asset discovery comes before a pure patch ticket.<\/strong><\/p>\n<div style=\"background:#003340;color:#fff;padding:32px 36px;margin:32px 0;border-radius:8px;\">\n<p style=\"margin:0 0 18px 0;font-size:0.95em;font-weight:800;text-transform:uppercase;letter-spacing:0.2em;color:#69d8ed;border-bottom:2px solid rgba(105,216,237,0.25);padding-bottom:12px;\">Key Takeaways<\/p>\n<ul style=\"margin:0;padding-left:22px;color:rgba(255,255,255,0.92);line-height:1.6;\">\n<li style=\"margin-bottom:12px;\"><strong style=\"color:#69d8ed;\">KEV since 10.07.2026.<\/strong> iCagenda and Balbooa Forms with confirmed active exploitation.<\/li>\n<li style=\"margin-bottom:12px;\"><strong style=\"color:#69d8ed;\">Patch level firm.<\/strong> iCagenda 4.0.8 \/ 3.9.15; Balbooa Forms 2.4.1 or newer.<\/li>\n<li style=\"margin-bottom:12px;\"><strong style=\"color:#69d8ed;\">IoCs in upload folders.<\/strong> PHP under images\/icagenda and images\/baforms is a red flag.<\/li>\n<li><strong style=\"color:#69d8ed;\">Inventory first.<\/strong> Which sites run which extension version? Without a list, the patch is random.<\/li>\n<\/ul>\n<\/div>\n<p style=\"font-size:0.88em;color:#a8a59c;margin:20px 0 32px 0;border-top:1px solid rgba(105,216,237,0.18);border-bottom:1px solid rgba(105,216,237,0.18);padding:10px 0;\"><span style=\"font-family:monospace;color:#69d8ed;font-weight:700;text-transform:uppercase;font-size:0.72em;letter-spacing:0.14em;margin-right:14px;\">Related:<\/span><a href=\"https:\/\/www.securitytoday.de\/2026\/07\/10\/vier-luecken-im-kev-eine-zieht-cloud-schluessel-ab\/\" style=\"color:#e6e3da;text-decoration:underline;\">Four Vulnerabilities in KEV<\/a>&nbsp;&nbsp;<span style=\"color:#555;\">\/<\/span>&nbsp;&nbsp;<a href=\"https:\/\/www.securitytoday.de\/2026\/04\/24\/squidex-ssrf-cve-2026-41172-72h-operations-egress-waf-news-april\/\" style=\"color:#e6e3da;text-decoration:underline;\">Squidex Upload Vulnerability<\/a><\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">What CISA Added to KEV on July 10<\/h2>\n<p><strong>What is the Joomla Known Exploited Vulnerabilities (KEV) Upload?<\/strong> A third\u2011party extension with unauthenticated upload of dangerous file types. CVE-2026-48939 affects iCagenda (com_icagenda) via public event submission. CVE-2026-56291 affects Balbooa Forms (com_baforms): frontend upload without login, without CSRF check, and without extension whitelist through version 2.4.0.<\/p>\n<div data-element=\"definition_box\" style=\"background:#23261f;border:1px solid rgba(105,216,237,0.22);border-radius:10px;padding:20px 24px;margin:32px 0;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 2px 10px rgba(0,0,0,0.22);\">\n<p style=\"margin:0 0 8px;font-family:'IBM Plex Mono',ui-monospace,SFMono-Regular,monospace;font-size:0.72em;letter-spacing:0.12em;text-transform:uppercase;color:#69d8ed;\">Definition \u00b7 KEV Upload RCE<\/p>\n<p style=\"margin:0;color:#e6e3da;line-height:1.6;\">A publicly reachable upload interface accepts executable files without authentication. The attacker uploads PHP and gains remote code execution on the web server.<\/p>\n<\/div>\n<p>Both vulnerabilities are, according to disclosure sources, zero\u2011days actively exploited. CISA lists them as Unrestricted Upload of File with Dangerous Type. For U.S. federal agencies, BOD 26-04 applies with priority remediation. For DACH operators, KEV is not a legal requirement but a strong priority signal.<\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Patch Level and Affected Versions<\/h2>\n<p>iCagenda: according to mySites.guru affected versions 3.2.1 through 3.9.14 and 4.0.0 through 4.0.7. Fix in <strong>4.0.8<\/strong> (June 15, 2026) and Legacy <strong>3.9.15<\/strong> (June 16, 2026). The severity is in the critical range (Finder matrix often 9.8, in parts of the discussion up to 10.0).<\/p>\n<p>Balbooa Forms: affected up to and including 2.4.0. Fix in <strong>2.4.1<\/strong> (July 9, 2026), Finder designation CVSS 4.0 score 10.0. The changelog initially listed the measures under \u201cFixed\u201d without a clear security banner. Those who only filter by the word \u201csecurity\u201d will miss the fix.<\/p>\n<h2 style=\"margin-top:64px;margin-bottom:20px;padding-top:16px;\">Inventory, Indicators of Compromise (IoCs) and Checklist<\/h2>\n<p>CMS campaigns rarely hit the core first. They target the extension with a public upload. Agencies with many Joomla sites need an inventory list: site, extension, version, publicly reachable yes\/no. Parallel to patching: check the upload folder. Balbooa Forms typically places attachments under images\/baforms\/uploads\/. iCagenda uses paths under images\/icagenda. Any unexpected .php file there is a compromise indicator.<\/p>\n<div data-element=\"checklist\" style=\"background:#23261f;border:1px solid rgba(105,216,237,0.22);border-radius:10px;padding:22px 24px;margin:32px 0;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 2px 10px rgba(0,0,0,0.22);\">\n<p style=\"margin:0 0 12px;font-family:'IBM Plex Mono',ui-monospace,SFMono-Regular,monospace;font-size:0.72em;letter-spacing:0.12em;text-transform:uppercase;color:#69d8ed;\">Joomla Upload KEV now<\/p>\n<ul style=\"margin:0;padding-left:0;list-style:none;\">\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Scan all sites on iCagenda and Balbooa Forms and export versions<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Update to the minimum version immediately, not waiting for the maintenance window<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Check the upload folder for PHP and unknown shells; sift through the super\u2011user list<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>Inspect logs for POSTs to baforms-\/icagenda upload tasks before the patch deadline<\/li>\n<li style=\"margin:0 0 10px;padding-left:26px;position:relative;color:#e6e3da;line-height:1.5;\"><span style=\"position:absolute;left:0;color:#69d8ed;\">&#10003;<\/span>WAF: block anonymous uploads with executable extensions until the inventory is green<\/li>\n<\/ul>\n<\/div>\n<p>Earlier this week, CISA also added related Joomla builder vulnerabilities to the KEV context (according to a Finder roundup on Page Builder CK and SP Page Builder). The pattern is stable: anonymous form and AJAX endpoints without a strict allowlist. Form builders and event plugins are the attack surface, not just content tools. Primary sources: CISA Alert 10.07.2026, vendor changelogs, technical analyses by mySites.guru.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<p class=\"st-faq-hint\">Every question is locked. A tap unlocks the answer.<\/p>\n<details>\n<summary><strong>Is a core update from Joomla sufficient?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">No. The gaps are in third-party extensions. Core patches do not replace extension updates.<\/p>\n<\/details>\n<details>\n<summary><strong>Are only US authorities affected?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Known Exploited Vulnerabilities (KEV) primarily target the US Federal Civilian Executive Branch (FCEB). Active exploitation applies globally. Every publicly accessible Joomla site with the extensions is in scope.<\/p>\n<\/details>\n<details>\n<summary><strong>What to do if an immediate update isn&#8217;t possible?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Disable public forms with file upload or take the extension offline. Then conduct a forensic review, then apply patches.<\/p>\n<\/details>\n<details>\n<summary><strong>Which IoCs are practical?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">Unexpected PHP files were found in the images\/baforms and images\/icagenda directories, along with new super\u2011user accounts, an altered configuration.php, and unknown webshell paths.<\/p>\n<\/details>\n<details>\n<summary><strong>Where is the primary source?<\/strong><\/summary>\n<p style=\"margin:8px 0 4px 24px;color:#555;line-height:1.6;\">CISA Known Exploited Vulnerabilities Alert on 10.07.2026 for CVE-2026-48939 and CVE-2026-56291; Changelogs iCagenda 4.0.8\/3.9.15 and Balbooa 2.4.1; Analysis, among others, mySites.guru.<\/p>\n<\/details>\n<p><!--ST-LOWER-CARDS lang=de--><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">Lesetipps der Redaktion<\/h3>\n<p><a href=\"https:\/\/www.securitytoday.de\/2026\/07\/15\/sharepoint-jwt-bypass-cve-2026-55040\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/sharepoint-jwt-bypass-cve-2026-55040-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Lesetipp<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">SharePoint-JWT-Bypass \u00f6ffnet On-Prem-Sites<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/2026\/07\/15\/bitlocker-bypass-cve-2026-50661\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/bitlocker-bypass-cve-2026-50661-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Lesetipp<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">BitLocker-Bypass bei physischem Zugriff<\/span><\/span><\/a><a href=\"https:\/\/www.securitytoday.de\/2026\/07\/10\/vier-luecken-im-kev-eine-zieht-cloud-schluessel-ab\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/vier-luecken-im-kev-eine-zieht-cloud-schluessel-ab-cover-hero-250x143.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#69d8ed;margin-bottom:5px;\">Lesetipp<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Vier L\u00fccken im KEV &#8211; eine zieht Cloud-Schl\u00fcssel ab<\/span><\/span><\/a><\/p>\n<h3 style=\"margin:48px 0 18px;padding-left:12px;font-size:1.05em;font-weight:800;color:#e6e3da;border-left:3px solid #69d8ed;line-height:1.2;\">Mehr aus dem MBF Media Netzwerk<\/h3>\n<p><a href=\"https:\/\/www.cloudmagazin.com\/2026\/07\/15\/aws-sovereign-cloud-was-wirklich-getrennt-ist\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-aws-sovereign-cloud-was-wirklich-getrenn-12030184.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#0bb7fd;margin-bottom:5px;\">cloudmagazin<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">AWS Sovereign Cloud: was wirklich getrennt ist<\/span><\/span><\/a><a href=\"https:\/\/mybusinessfuture.com\/digitaler-produktpass-hersteller-pflichten\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-digitaler-produktpass-hersteller-pflicht-48690623-250x141.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#aa8ac2;margin-bottom:5px;\">MyBusinessFuture<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Digitaler Produktpass: Was Hersteller tun m\u00fcssen<\/span><\/span><\/a><a href=\"https:\/\/www.digital-chiefs.de\/token-opex-inference-steuert-nicht-das-seat-budget\/\" style=\"display:flex;align-items:center;gap:14px;padding:12px 14px;margin:0 0 10px;background:#23261f;border:1px solid rgba(105,216,237,0.18);border-radius:12px;box-shadow:inset 0 1px 0 rgba(230,227,218,0.06),0 6px 18px rgba(0,0,0,0.22);text-decoration:none;color:#e6e3da;box-sizing:border-box;width:100%;\"><span style=\"flex:0 0 116px;aspect-ratio:16\/9;overflow:hidden;border-radius:8px;background:#111210;border:1px solid rgba(230,227,218,0.08);display:block;\"><img decoding=\"async\" src=\"https:\/\/www.securitytoday.de\/wp-content\/uploads\/2026\/07\/net-token-opex-inference-steuert-nicht-das-s-43794747-250x141.jpg\" alt=\"\" loading=\"lazy\" width=\"116\" height=\"65\" style=\"width:100%;height:100%;object-fit:cover;display:block;\"><\/span><span style=\"display:block;min-width:0;\"><span style=\"display:block;font-size:0.68em;font-weight:700;letter-spacing:0.1em;text-transform:uppercase;color:#e8828d;margin-bottom:5px;\">Digital Chiefs<\/span><span style=\"display:block;font-size:1.0em;font-weight:650;line-height:1.35;color:#e6e3da;overflow-wrap:anywhere;\">Token-OPEX: Inference steuert, nicht das Seat-Budget<\/span><\/span><\/a><\/p>\n<p style=\"font-style:italic;text-align:right;font-size:0.85em;color:#888;margin-top:8px;\">Bildquelle: KI-generiert (Juli 2026)<\/p>\n<p><!--\/ST-LOWER-CARDS--><\/p>\n","protected":false},"excerpt":{"rendered":"CISA adds CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms) to KEV. CVSS up to 10.0, active exploitation, patch levels, and IoC checks.","protected":false},"author":10,"featured_media":22152,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"Joomla vulnerabilities CISA KEV iCagenda Balbooa","_yoast_wpseo_title":"Two Joomla Upload Vulnerabilities Added to CISA KEV","_yoast_wpseo_metadesc":"CISA includes CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms) in KEV. Patch levels, IoCs, and inventory checklist.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"evm_cvss":0,"evm_risk":0,"evm_casefile":"","evm_primary_cve":"","evm_external_preview_token":"","evm_external_preview_expires":"","_evm_translation_lang":"en","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[255],"tags":[],"class_list":["post-22166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-praxis-umsetzung-en"],"evm_reading_time_minutes":4,"wpml_language":"en","wpml_translation_of":22137,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/22166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=22166"}],"version-history":[{"count":0,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/22166\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/22152"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=22166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=22166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=22166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}