This is a simple PHP web shell backdoor.
aaad39e328e8da519232f1d7feb60cfd3c991f2aa486739cdba8df7d746a8994
WordPress Booking System plugin suffers from a cross site scripting vulnerability.
4fff5a84b69ffa63d9d34f6a3b3e38e4fd000b19a842185f1a32e98d6baadf1f