Or maybe even better, pages often include a validation function that lists all possible action parameters in a single array declaration. For example, on wp-login.php, the actions are validated on line 391 (v4.8.1). I’m not sure such validation occurs on all such pages, but if you can find it it’s your easiest option. Overall, searching for “case” is more reliable but more tedious. I’ve not seen any action selection code that does not involve switch/case, but the possibility exists.

Maybe the biggest challenge is determining all the files that take action parameters. Try grepping the WP folders for “switch”. You’ll get some false positives, but at least it narrows down the possibilities.

If you do manage to compile all of these, perhaps you should post your findings online somewhere ??

Im only aware of a few of these Urls from seeing them (/?action=) surfing WordPress pages. I’m referring to default WordPress Urls, not specific to some Theme or Framework.

/wp-login.php?action=register
/wp-login.php?action=login
/?action=category
/?action=author

And Im not completely sure I have the syntax correct.

Thanks

It’s all PHP code, but it won’t bite ?? You don’t need to know PHP coding, only what to look for. Just don’t change anything! Hard to find, but all action info is in a line that’s something like this. It’s basically saying “If the action parameter is not one of these in an array, assume it’s ?action=login“. Thus you get all possible parameters for this file in one spot.

It may be such a line does not exist or cannot be found. Then search for all occurrences of “case”. You’ll find lines like this. This very likely means a valid action parameter is “logout”. Keep collecting all such data through out the file. You will find other non-applicable occurrences of “case” (maybe like “lowercase”), only ones that start the line (maybe after some whitespace) and end in a colon are valid for action parameters. It may be there are other switch/case structures that do not apply to actions. Verify by searching backwards from “case” for “switch”, you’ll find something like this. The switch argument $action should be a good indication of what all the cases are for.

Try searching /wp-admin/edit.php for action parameters. It’s not exactly like wp-login.php, but it’s the same concept. You need to be prepared for minor variations. See if you can find the validation line ?? Don’t feel bad if you cannot, finding occurrences of “case” is the most reliable approach.

I hope the example references helps this all make more sense, I don’t know how to make this any simpler. I realize it sounds hopelessly complicated, but I think once you work through a couple examples you’ll find it really isn’t so complicated, just tedious.