{"id":166230,"date":"2025-11-21T14:59:26","date_gmt":"2025-11-21T19:59:26","guid":{"rendered":"https:\/\/www.boldgrid.com\/support\/?p=166230"},"modified":"2025-11-21T17:33:36","modified_gmt":"2025-11-21T22:33:36","slug":"w3-total-cache-security-update-page-fragment-caching-vulnerability-resolved-in-version-2-8-13","status":"publish","type":"post","link":"https:\/\/www.boldgrid.com\/support\/w3-total-cache\/w3-total-cache-security-update-page-fragment-caching-vulnerability-resolved-in-version-2-8-13\/","title":{"rendered":"W3 Total Cache Security Update: Page Fragment Caching Vulnerability Resolved in Version 2.8.13"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<?xml encoding=\"utf-8\" ?><html><body><div class=\"boldgrid-section\">\n<div class=\"container\">\n<div class=\"row\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<h2 class=\"\" data-start=\"666\" data-end=\"738\" id=\"overview-important-security-information-for-w3-total-cache-users\"><strong data-start=\"669\" data-end=\"738\">Overview: Important Security Information for W3 Total Cache Users<\/strong><\/h2>\n<p class=\"\" data-start=\"740\" data-end=\"1049\">A security vulnerability related to the <strong data-start=\"780\" data-end=\"805\">Page Fragment Caching<\/strong> feature in W3 Total Cache has been fully resolved in <strong data-start=\"859\" data-end=\"877\">version 2.8.13<\/strong>, released on October 9. This post explains what the issue involved, who may have been affected, and why the correct response is to <strong data-start=\"1009\" data-end=\"1030\">update the plugin<\/strong>, not uninstall it.<\/p>\n<p class=\"\" data-start=\"1051\" data-end=\"1286\">This vulnerability <strong data-start=\"1070\" data-end=\"1154\">only affects sites that have explicitly enabled and implemented fragment caching<\/strong> using <code data-start=\"1161\" data-end=\"1168\">mfunc<\/code> or <code data-start=\"1172\" data-end=\"1180\">mclude<\/code> tags. Most W3 Total Cache installations <strong data-start=\"1221\" data-end=\"1231\">do not<\/strong> use this advanced feature and were <strong data-start=\"1267\" data-end=\"1285\">not vulnerable<\/strong>.<\/p>\n<p class=\"\" data-start=\"1288\" data-end=\"1357\">If you use W3 Total Cache, the correct protective action is simple:<\/p>\n<h3 data-start=\"1358\" data-end=\"1437\" id=\"update-to-the-latest-version-uninstalling-the-plugin-is-not-necessary\"><strong data-start=\"1362\" data-end=\"1437\">Update to the latest version. Uninstalling the plugin is not necessary.<\/strong><\/h3>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<hr data-start=\"1439\" data-end=\"1442\">\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"1444\" data-end=\"1499\" id=\"what-is-page-fragment-caching-in-w3-total-cache\"><strong data-start=\"1447\" data-end=\"1499\">What Is Page Fragment Caching in W3 Total Cache?<\/strong><\/h2>\n<p class=\"\" data-start=\"1501\" data-end=\"1675\">Page Fragment Caching allows specific parts of a page to bypass full-page caching, ensuring that dynamic content remains fresh.&nbsp; The feature is different from the Fragment Cache extension, which is a Pro feature.&nbsp; <a href=\"https:\/\/www.boldgrid.com\/support\/w3-total-cache\/what-is-fragment-caching-and-why-do-i-need-it\/\">Learn more<\/a><br>\nIt is implemented using special tags, such as:<\/p>\n<div class=\"contain-inline-size rounded-2xl relative bg-token-sidebar-surface-primary\">\n<div class=\"sticky top-9\">\n<div class=\"absolute end-0 bottom-0 flex h-9 items-center pe-2\">\n<div class=\"bg-token-bg-elevated-secondary text-token-text-secondary flex items-center gap-4 rounded-sm px-2 font-sans text-xs\"><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"whitespace-pre!\"><span class=\"language-xml\"><span class=\"hljs-comment\">&lt;!-- mfunc some_php_function --&gt;<br>\n<\/span><\/span><\/code><code class=\"whitespace-pre!\"><span class=\"hljs-comment\">&lt;!-- \/mfunc some_php_function --&gt;<\/span><br>\n<\/code><\/div>\n<\/div>\n<p class=\"\" data-start=\"1753\" data-end=\"1778\">These tags may appear in:<\/p>\n<ul class=\"\" data-start=\"1780\" data-end=\"1898\">\n<li data-start=\"1780\" data-end=\"1826\">\n<p data-start=\"1782\" data-end=\"1826\">Child-theme or parent-theme template files<\/p>\n<\/li>\n<li data-start=\"1827\" data-end=\"1845\">\n<p data-start=\"1829\" data-end=\"1845\">Custom plugins<\/p>\n<\/li>\n<li data-start=\"1846\" data-end=\"1898\">\n<p data-start=\"1848\" data-end=\"1898\">Post or page content (when intentionally inserted)<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"1900\" data-end=\"1916\">This feature is:<\/p>\n<ul class=\"\" data-start=\"1918\" data-end=\"2191\">\n<li data-start=\"1918\" data-end=\"1945\">\n<p data-start=\"1920\" data-end=\"1945\"><strong data-start=\"1920\" data-end=\"1943\">Disabled by default<\/strong><\/p>\n<\/li>\n<li data-start=\"1946\" data-end=\"2012\">\n<p data-start=\"1948\" data-end=\"2012\">Used only in <strong data-start=\"1961\" data-end=\"2010\">advanced or developer-focused implementations<\/strong><\/p>\n<\/li>\n<li data-start=\"2013\" data-end=\"2191\">\n<p data-start=\"2015\" data-end=\"2191\">Documented here for users implementing it intentionally:<br data-start=\"2071\" data-end=\"2074\"><a class=\"decorated-link\" href=\"https:\/\/www.boldgrid.com\/support\/w3-total-cache\/how-to-implement-page-fragment-caching-exception-in-w3-total-cache\/\" target=\"_new\" rel=\"noopener\" data-start=\"2076\" data-end=\"2191\">How to Implement Page Fragment Caching Exception in W3 Total Cache<svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/a><\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"2193\" data-end=\"2305\">Because fragment caching must be explicitly configured, most sites have never used <code data-start=\"2276\" data-end=\"2283\">mfunc<\/code>\/<code data-start=\"2284\" data-end=\"2292\">mclude<\/code> tags at all.<\/p>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<div>\n<hr data-start=\"2307\" data-end=\"2310\">\n<\/div>\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"2312\" data-end=\"2359\" id=\"about-the-fragment-caching-vulnerability\"><strong data-start=\"2315\" data-end=\"2359\">About the Fragment Caching Vulnerability<\/strong><\/h2>\n<p class=\"\" data-start=\"2361\" data-end=\"2617\">A vulnerability was identified in how W3 Total Cache processed <code data-start=\"2424\" data-end=\"2431\">mfunc<\/code>\/<code data-start=\"2432\" data-end=\"2440\">mclude<\/code> tags when fragment caching was enabled. Under specific, custom configurations, it was possible for an attacker to submit content intended to trigger unauthorized PHP execution.<\/p>\n<p class=\"\" data-start=\"2361\" data-end=\"2617\">Wordfence, in an <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/w3-total-cache\/w3-total-cache-2812-unauthenticated-command-injection#:~:text=Please%20note%20we,to%20a%20password\" target=\"_blank\" rel=\"noopener\">article<\/a>, rejected the original report, citing:<\/p>\n<blockquote class=\"\">\n<p data-start=\"2361\" data-end=\"2617\">Please note we consider this to be a theoretical issue, and as such we rejected the original report from the researcher who then submitted this to WPScan. WPScan assigned a CVE ID, but we do not agree that this is a true security vulnerability.<\/p>\n<\/blockquote>\n<p class=\"\" data-start=\"2619\" data-end=\"2701\">For this behavior to occur, <strong data-start=\"2647\" data-end=\"2654\">all<\/strong> of the following conditions had to be present:<\/p>\n<ol class=\"\" data-start=\"2703\" data-end=\"3006\">\n<li data-start=\"2703\" data-end=\"2740\">\n<p data-start=\"2706\" data-end=\"2740\"><strong data-start=\"2706\" data-end=\"2738\">Page Fragment caching was enabled<\/strong><\/p>\n<\/li>\n<li data-start=\"2741\" data-end=\"2829\">\n<p data-start=\"2744\" data-end=\"2829\">Actual <code data-start=\"2751\" data-end=\"2758\">mfunc<\/code> or <code data-start=\"2762\" data-end=\"2770\">mclude<\/code> tags existed in theme templates, plugin code, or content<\/p>\n<\/li>\n<li data-start=\"2830\" data-end=\"2915\">\n<p data-start=\"2833\" data-end=\"2915\">The Page Fragment Caching security token (W3TC_DYNAMIC_SECURITY) was accessible via certain content REST endpoints<\/p>\n<\/li>\n<li data-start=\"2916\" data-end=\"3006\">\n<p data-start=\"2919\" data-end=\"3006\">User-submitted content passed through a cached response containing mfunc placeholders<\/p>\n<\/li>\n<\/ol>\n<p class=\"\" data-start=\"3008\" data-end=\"3090\">If any of these criteria were <em data-start=\"3038\" data-end=\"3043\">not<\/em> met, the vulnerability could not be exploited.<\/p>\n<h3 data-start=\"3092\" data-end=\"3155\" id=\"default-w3-total-cache-installations-were-not-affected\"><strong data-start=\"3096\" data-end=\"3155\">Default W3 Total Cache installations were not affected.<\/strong><\/h3>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<hr data-start=\"3157\" data-end=\"3160\">\n<\/div>\n<\/div>\n<h2 data-start=\"3162\" data-end=\"3217\" id=\"why-uninstalling-w3-total-cache-is-not-necessary\"><strong data-start=\"3165\" data-end=\"3217\">Why Uninstalling W3 Total Cache Is Not Necessary<\/strong><\/h2>\n<p class=\"\" data-start=\"3219\" data-end=\"3317\">Some sites have advised users to uninstall W3 Total Cache entirely.<br data-start=\"3286\" data-end=\"3289\">However, this vulnerability:<\/p>\n<ul class=\"\" data-start=\"3319\" data-end=\"3540\">\n<li data-start=\"3319\" data-end=\"3367\">\n<p data-start=\"3321\" data-end=\"3367\"><strong data-start=\"3321\" data-end=\"3365\">Does not exist in default configurations<\/strong><\/p>\n<\/li>\n<li data-start=\"3368\" data-end=\"3433\">\n<p data-start=\"3370\" data-end=\"3433\"><strong data-start=\"3370\" data-end=\"3431\">Only affects sites that manually enabled Page Fragment Caching<\/strong><\/p>\n<\/li>\n<li data-start=\"3434\" data-end=\"3497\">\n<p data-start=\"3436\" data-end=\"3497\"><strong data-start=\"3436\" data-end=\"3495\">Only triggers when custom mfunc\/mclude tags are present<\/strong><\/p>\n<\/li>\n<li data-start=\"3498\" data-end=\"3540\">\n<p data-start=\"3500\" data-end=\"3540\"><strong data-start=\"3500\" data-end=\"3540\">Was fully resolved in version 2.8.13<\/strong><\/p>\n<\/li>\n<\/ul>\n<p data-start=\"3542\" data-end=\"3623\">Because of these factors, uninstalling the plugin is not required or recommended.<\/p>\n<h3 class=\"\" data-start=\"3625\" data-end=\"3712\" id=\"the-correct-action-is-simply-to-update-to-the-latest-version-of-w3-total-cache\">The correct action is simply to <strong data-start=\"3661\" data-end=\"3693\">update to the latest version<\/strong> of W3 Total Cache.<\/h3>\n<p class=\"\" data-start=\"3714\" data-end=\"3884\">The plugin remains safe to use on millions of WordPress sites, and all users benefit from continuing to receive performance improvements, bug fixes, and security updates.<\/p>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<hr data-start=\"3886\" data-end=\"3889\">\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"3891\" data-end=\"3939\" id=\"resolved-in-w3-total-cache-version-2813\"><strong data-start=\"3894\" data-end=\"3939\">Resolved in W3 Total Cache Version 2.8.13<\/strong><\/h2>\n<p class=\"\" data-start=\"3941\" data-end=\"4016\">We addressed the issue quickly and thoroughly. Version <strong data-start=\"3996\" data-end=\"4006\">2.8.13<\/strong> includes:<\/p>\n<ul class=\"\" data-start=\"4018\" data-end=\"4181\">\n<li data-start=\"4018\" data-end=\"4066\">\n<p data-start=\"4020\" data-end=\"4066\">Hardened processing of mfunc and mclude tags<\/p>\n<\/li>\n<li data-start=\"4067\" data-end=\"4099\">\n<p data-start=\"4069\" data-end=\"4099\">Stronger security validation<\/p>\n<\/li>\n<li data-start=\"4100\" data-end=\"4181\">\n<p data-start=\"4102\" data-end=\"4181\">Additional safeguards to protect against the misuse of the Page Fragment Caching token W3TC_DYNAMIC_SECURITY<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"4183\" data-end=\"4300\">These changes ensure that Page Fragment Caching continues to function securely for the advanced use cases that rely on it.<\/p>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<hr data-start=\"4302\" data-end=\"4305\">\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"4307\" data-end=\"4341\" id=\"who-may-have-been-affected\"><strong data-start=\"4310\" data-end=\"4341\">Who May Have Been Affected?<\/strong><\/h2>\n<p data-start=\"4343\" data-end=\"4359\">Only sites that:<\/p>\n<ul class=\"\" data-start=\"4361\" data-end=\"4533\">\n<li data-start=\"4361\" data-end=\"4389\">\n<p data-start=\"4363\" data-end=\"4389\">Enabled Page Fragment Caching<\/p>\n<\/li>\n<li data-start=\"4390\" data-end=\"4426\">\n<p data-start=\"4392\" data-end=\"4426\">Implemented mfunc or mclude tags<\/p>\n<\/li>\n<li data-start=\"4427\" data-end=\"4465\">\n<p data-start=\"4429\" data-end=\"4465\">Exposed the Page Fragment Caching token W3TC_DYNAMIC_SECURITY<\/p>\n<\/li>\n<li data-start=\"4466\" data-end=\"4533\">\n<p data-start=\"4468\" data-end=\"4533\">Allowed untrusted content to be processed through cached output<\/p>\n<\/li>\n<\/ul>\n<p class=\"\" data-start=\"4535\" data-end=\"4658\">If you do not intentionally use Page Fragment Caching&mdash;or do not know what it is&mdash;your site was almost certainly <strong data-start=\"4641\" data-end=\"4657\">not affected<\/strong>.<\/p>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<hr data-start=\"4660\" data-end=\"4663\">\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"4665\" data-end=\"4690\" id=\"what-you-should-do\"><strong data-start=\"4668\" data-end=\"4690\">What You Should Do<\/strong><\/h2>\n<p data-start=\"4692\" data-end=\"4739\">To keep your site secure and running optimally:<\/p>\n<ol class=\"\" data-start=\"4741\" data-end=\"5154\">\n<li data-start=\"4741\" data-end=\"4798\">\n<p class=\"\" data-start=\"4744\" data-end=\"4798\"><strong data-start=\"4744\" data-end=\"4796\">Update to W3 Total Cache version 2.8.13 or later<\/strong><\/p>\n<\/li>\n<li data-start=\"4799\" data-end=\"4883\">\n<p class=\"\" data-start=\"4802\" data-end=\"4883\">If you use Page Fragment Caching, audit your implementation of <code data-start=\"4860\" data-end=\"4867\">mfunc<\/code>\/<code data-start=\"4868\" data-end=\"4876\">mclude<\/code> tags<\/p>\n<\/li>\n<li data-start=\"4799\" data-end=\"4883\">Change the unique value defined for W3TC_DYNAMIC_SECURITY<\/li>\n<li data-start=\"4884\" data-end=\"4970\">\n<p data-start=\"4887\" data-end=\"4970\">Remove unused Page Fragment Caching tags in themes, child themes, plugins, and content<\/p>\n<\/li>\n<li data-start=\"4971\" data-end=\"5154\">\n<p data-start=\"4974\" data-end=\"5154\">Review our documentation for safe implementation practices:<br data-start=\"5033\" data-end=\"5036\"><a class=\"decorated-link\" href=\"https:\/\/www.boldgrid.com\/support\/w3-total-cache\/how-to-implement-page-fragment-caching-exception-in-w3-total-cache\/\" target=\"_new\" rel=\"noopener\" data-start=\"5039\" data-end=\"5154\">https:\/\/www.boldgrid.com\/support\/w3-total-cache\/how-to-implement-page-fragment-caching-exception-in-w3-total-cache\/<svg width=\"20\" height=\"20\" viewbox=\"0 0 20 20\" fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" data-rtl-flip=\"\" class=\"block h-[0.75em] w-[0.75em] stroke-current stroke-[0.75]\"><path d=\"M14.3349 13.3301V6.60645L5.47065 15.4707C5.21095 15.7304 4.78895 15.7304 4.52925 15.4707C4.26955 15.211 4.26955 14.789 4.52925 14.5293L13.3935 5.66504H6.66011C6.29284 5.66504 5.99507 5.36727 5.99507 5C5.99507 4.63273 6.29284 4.33496 6.66011 4.33496H14.9999L15.1337 4.34863C15.4369 4.41057 15.665 4.67857 15.665 5V13.3301C15.6649 13.6973 15.3672 13.9951 14.9999 13.9951C14.6327 13.9951 14.335 13.6973 14.3349 13.3301Z\"><\/path><\/svg><\/a><\/p>\n<\/li>\n<\/ol>\n<p class=\"\" data-start=\"5156\" data-end=\"5258\">If you do not use Page Fragment Caching, simply updating is sufficient&mdash;no configuration changes are needed.<\/p>\n<div class=\"row bg-editor-hr-wrap\">\n<div class=\"col-lg-12 col-md-12 col-xs-12 col-sm-12\">\n<hr data-start=\"5260\" data-end=\"5263\">\n<\/div>\n<\/div>\n<h2 class=\"\" data-start=\"5265\" data-end=\"5324\" id=\"our-commitment-to-wordpress-performance-and-security\"><strong data-start=\"5268\" data-end=\"5324\">Our Commitment to WordPress Performance and Security<\/strong><\/h2>\n<p class=\"\" data-start=\"5326\" data-end=\"5554\">W3 Total Cache powers performance optimization for more than a million WordPress sites, and security is a core part of our development process. We respond quickly, communicate clearly, and provide updates to keep your site safe.<\/p>\n<p class=\"\" data-start=\"5556\" data-end=\"5707\">If you need help determining whether your site uses Page Fragment Caching or want assistance reviewing your configuration, our support team is here to help.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>Overview: Important Security Information for W3 Total Cache Users A security vulnerability related to the Page Fragment Caching feature in W3 Total Cache has been fully resolved in version 2.8.13, released on October 9. This post explains what the issue involved, who may have been affected, and why the correct response is to update the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"bgseo_title":"W3 Total Cache Security Fix: Update to Version 2.8.13","bgseo_description":"A Page Fragment Caching vulnerability in W3 Total Cache is fixed in version 2.8.13. Only sites using mfunc\/mclude were affected. Update now to stay secure.","bgseo_robots_index":"index","bgseo_robots_follow":"follow","footnotes":""},"categories":[692],"tags":[],"class_list":["post-166230","post","type-post","status-publish","format-standard","hentry","category-w3-total-cache"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts\/166230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/comments?post=166230"}],"version-history":[{"count":3,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts\/166230\/revisions"}],"predecessor-version":[{"id":166233,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/posts\/166230\/revisions\/166233"}],"wp:attachment":[{"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/media?parent=166230"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/categories?post=166230"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.boldgrid.com\/support\/wp-json\/wp\/v2\/tags?post=166230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}