HEX
Server: Apache/2.4.62 (Debian)
System: Linux plxsite 6.8.0-47-generic #47-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 21:40:26 UTC 2024 x86_64
User: root (0)
PHP: 8.1.30
Disabled: NONE
$ pwd: /var/www/html/wp-content/plugins/ajax-search-lite/
Upload Files
File: /var/www/html/wp-content/plugins/ajax-search-lite/ajax_search.php
<?php
define('DOING_AJAX', true);

if ( !isset( $_POST['action']) ) {  // phpcs:ignore
	die('-1');
}

// make sure you update this line
// to the relative location of the wp-load.php
require_once '../../../wp-load.php';

// Typical headers
header('Content-Type: text/html');
send_nosniff_header();

// Disable caching
header('Cache-Control: no-cache');
header('Pragma: no-cache');

$action = esc_attr(trim($_POST['action'])); // phpcs:ignore

// A bit of security
$allowed_actions = WD_ASL_Ajax::getAll();
WD_ASL_Ajax::registerAll(true);


if ( in_array($action, $allowed_actions, true) ) {
	if ( is_user_logged_in() ) {
		do_action('ASL_' . $action);  // phpcs:ignore
	} else {
		do_action('ASL_nopriv_' . $action);  // phpcs:ignore
	}
} else {
	die('-1');
}
@ Telegram