Key Information 1. Enhanced Security Measures - Removed actions that could be triggered by unauthenticated users, to prevent security risks caused by unauthorized access. 2. Improved Deserialization Handling - Enhanced the security of the deserialization function to ensure that only controlled data (such as database data, not user input) is deserialized. - Added PHP version checking, using different deserialization methods for different PHP versions to avoid PHP object injection. 3. Strengthened Permission Verification - Ensured that only administrators (users with "manage_options" capability) can perform specific actions. - Added user login and admin permission checks for each operation. 4. Updated Comments - Added detailed security comments explaining the purpose of security measures, such as preventing PHP object injection and unauthorized access. php -add_action('wp_ajax_nopriv_nxt_replace_url','nxt_replace_url'); -add_action('wp_ajax_nopriv_nxt_replace_confirm_url','nxt_replace_confirm_url'); php if ( version_compare( PHP_VERSION, '7.0.0', '>=' ) ) { $unserialized = @unserialize( $serialized_string, array( 'allowed_classes' => false ) ); } else { if ( preg_match( '/O:\d+:"[^\/', $serialized_string ) ) { return $data; } $unserialized = @unserialize( $serialized_string ); } ```