What is CVE-2024-13362?

CVE-2024-13362 is a reflected cross-site scripting (XSS) vulnerability found in the Freemius SDK used by WordPress plugins and themes. It allows unauthenticated attackers to inject arbitrary JavaScript into web pages through insufficient input sanitization of the ‘url’ parameter.

How does the vulnerability work?

The vulnerability occurs when user-supplied input via the ‘url’ parameter is rendered directly into the page without proper sanitization. An attacker can craft a malicious URL that, when clicked by a user, executes JavaScript in the context of their browser session.

Who is affected by this vulnerability?

WordPress installations using the Freemius SDK version 2.10.1 or earlier are affected. This includes multiple plugins and themes that rely on Freemius for licensing and analytics.

How can I check if my site is vulnerable?

To check if your site is vulnerable, verify the version of the Freemius SDK in use. If it is 2.10.1 or earlier, you are at risk. Additionally, review your installed plugins and themes for any that utilize the Freemius framework.

How can I fix or mitigate this issue?

The vulnerability is patched in version 2.10.2 of the Freemius SDK. Update to the latest version of the SDK and any affected plugins or themes to mitigate the risk. Regularly check for updates to ensure ongoing security.

What does the severity level mean?

The vulnerability has a medium severity rating with a CVSS score of 6.1. This indicates that while it is not the most critical vulnerability, it poses a significant risk that could lead to serious consequences if exploited.

What are the potential risks of exploitation?

If exploited, an attacker could execute arbitrary JavaScript in the browser of an authenticated user, potentially leading to session hijacking, unauthorized actions, or redirection to malicious sites. This could compromise the entire WordPress installation.

What is a proof of concept for this vulnerability?

A proof of concept for CVE-2024-13362 involves crafting a URL that includes a malicious payload in the ‘url’ parameter. When an administrator clicks this link, the server processes it and reflects the payload back into the page, executing the JavaScript.

What changes were made in the patch?

The patch for CVE-2024-13362 includes improved sanitization of user inputs, specifically using functions like ‘esc_url’ and ‘sanitize_text_field’. It also strengthens nonce verification to ensure requests are legitimate.

How can I stay informed about future vulnerabilities?

To stay informed, subscribe to security mailing lists, follow relevant security blogs, and regularly check the National Vulnerability Database (NVD) or similar resources for updates on vulnerabilities related to WordPress and its plugins.

What should I do if I cannot update immediately?

If immediate updates are not possible, consider disabling the affected plugins or themes until a patch can be applied. Additionally, review user permissions and limit access to the admin area to trusted users only.

Where can I find more information about this vulnerability?

More information can be found in the official CVE database, security advisories from plugin developers, and detailed analysis reports from security firms that cover CVE-2024-13362.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : May 10, 2026

CVE-2024-13362: Freemius <= 2.10.1 – Reflected DOM-Based Cross-Site Scripting via url Parameter (product-layouts)

CVE ID CVE-2024-13362

Plugin product-layouts

Severity Medium (CVSS 6.1)

CWE 79

Vulnerable Version 1.3.1

Patched Version 1.3.5

Disclosed April 29, 2026

Analysis Overview

Atomic Edge analysis of CVE-2024-13362:

This vulnerability is a reflected cross-site scripting (XSS) flaw in the Freemius SDK, affecting versions up to and including 2.10.1. The vulnerability exists within multiple plugins and themes that utilize the Freemius framework for licensing and analytics. The issue arises when user-supplied input through the ‘url’ parameter is rendered directly into the page without proper sanitization or output escaping. An unauthenticated attacker can inject arbitrary JavaScript into a page, which then executes within the victim’s browser session.

The root cause lies in the inadequate handling of the ‘url’ parameter within the Freemius SDK code. The patch shows changes across multiple files, primarily within the admin Ajax handler and the menu registration. The vulnerable code path involves the ‘url_conveter’ function in ‘product-layouts/Includes/Admin/Ajax.php’ (line 40-44), which constructs a URL using raw input from the ‘$args’ array, which itself originates from user-controlled parameters like ‘style_name’ or ‘rawdata’. The output of this function is returned via ‘wp_send_json_success’ and then rendered into the DOM as part of the admin interface. The ‘AdminTopMenu’ trait, referenced in ‘product-layouts/Includes/Admin/Menu.php’, contains the logic that processes the ‘url’ parameter and injects it into the HTML without proper escaping. The patched version introduces more consistent use of esc_url, sanitize_text_field, and other sanitization functions across the affected code paths.

To exploit this vulnerability, an attacker crafts a URL that triggers the vulnerable Freemius or plugin endpoint. The attacker convinces a logged-in administrator or user to click a specially crafted link. The link includes a malicious payload in the ‘url’ parameter. When the victim clicks the link, the server-side code processes the request and reflects the payload back into the page. For example, the link might target the admin area of the plugin, such as /wp-admin/admin.php?page=product-layouts&url=javascript:alert(‘XSS’), or a Freemius API endpoint. The injected JavaScript then executes in the context of the vulnerable page, allowing the attacker to perform actions on behalf of the victim.

The patch addresses the vulnerability by adding or reinforcing security checks and sanitization. The primary changes in the diff show the addition of explicit sanitization functions on incoming data, such as ‘sanitize_text_field’ on ‘style_name’ and the use of ‘esc_url’ or similar output escaping when generating URLs. The ‘url_conveter’ function no longer blindly concatenates user input; instead, it now sanitizes the components before constructing the URL. Additionally, nonce verification is strengthened to ensure the requests originate from legitimate admin users. The patch also removes the direct use of ‘print_r’ without escaping (as seen in the old ‘wpte_clone_layout’ function) and replaces it with JSON encoding and proper output handling.

A successful exploitation allows an unauthenticated attacker to execute arbitrary JavaScript in the browser of an authenticated administrator. This can lead to session hijacking, theft of session cookies, privilege escalation (if the attacker can perform actions as the admin), defacement of the admin interface, or redirection to malicious websites. Since the attack affects the admin dashboard, the consequences are severe, potentially giving the attacker full control over the WordPress installation.

Differential between vulnerable and patched code

Below is a differential between the unpatched vulnerable code and the patched update, for reference.

Code Diff

--- a/product-layouts/Includes/Admin.php
+++ b/product-layouts/Includes/Admin.php
@@ -1,21 +1,21 @@
-<?php
-
-namespace WPTE_PRODUCT_LAYOUTIncludes;
-
-/**
- * Admin Handler Class
- *
- * @since 1.0.0
- */
-class Admin {
-
-	/**
-	 * Admin class constructor
-	 *
-	 * @since 1.0.0
-	 */
-	public function __construct() {
-		new AdminMenu();
-		new AdminNotice();
-	}
-}
+<?php
+
+namespace WPTE_PRODUCT_LAYOUTIncludes;
+
+/**
+ * Admin Handler Class
+ *
+ * @since 1.0.0
+ */
+class Admin {
+
+	/**
+	 * Admin class constructor
+	 *
+	 * @since 1.0.0
+	 */
+	public function __construct() {
+		new AdminMenu();
+		new AdminNotice();
+	}
+}
--- a/product-layouts/Includes/Admin/Ajax.php
+++ b/product-layouts/Includes/Admin/Ajax.php
@@ -1,391 +1,419 @@
-<?php
-
-namespace WPTE_PRODUCT_LAYOUTIncludesAdmin;
-
-/**
- * Ajax Handler Class
- */
-class Ajax {
-
-	/**
-	 * Method __construct
-	 *
-	 * @return void
-	 */
-	public function __construct() {
-
-		add_action( 'wp_ajax_wpte_create_new_layout', [ $this, 'wpte_create_new_layout' ] );
-		add_action( 'wp_ajax_wpte_editor_update_form', [ $this, 'wpte_editor_update_form' ] );
-		add_action( 'wp_ajax_wpte_get_productc', [ $this, 'wpte_w_get_productc' ] );
-		add_action( 'wp_ajax_wpte_delete_shortcode', [ $this, 'wpte_delete_shortcodes' ] );
-		add_action( 'wp_ajax_wpte_shortcode_update_name', [ $this, 'wpte_shortcode_update_name' ] );
-		add_action( 'wp_ajax_wpte_shortcode_import_layout', [ $this, 'wpte_shortcode_import_layout' ] );
-		add_action( 'wp_ajax_wpte_clone_layout', [ $this, 'wpte_clone_layout' ] );
-		add_action( 'wp_ajax_wpte_settings_form', [ $this, 'wpte_settings_form' ] );
-	}
-
-	/**
-	 * Method url_conveter
-	 *
-	 * @param array $args .
-	 * @return string.
-	 */
-	public function url_conveter( $args = [] ) {
-		$layoutName = explode( '-', $args[0] );
-		return admin_url( 'admin.php?page=product-layouts&layouts=' . $layoutName[0] . '&styleid=' . $args[1] );
-	}
-
-	/**
-	 * Method wpte_create_new_layout
-	 *
-	 * @return mixed
-	 */
-	public function wpte_create_new_layout() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-new-create-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		$name        = isset($_POST['name']) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';
-		$style_name  = isset($_POST['style_name']) ? sanitize_text_field( wp_unslash( $_POST['style_name'] ) ) : '';
-		$rawdata     = isset($_POST['rawdata']) ? stripslashes( sanitize_text_field( wp_unslash( $_POST['rawdata'] ) )) : '';
-		$stylesheet  = isset($_POST['stylesheet']) ? sanitize_text_field( wp_unslash( $_POST['stylesheet'] ) ) : '';
-		$font_family = sanitize_text_field( '' );
-
-		$insert_id = wpte_layout_insert( [
-			'name'        => $name,
-			'style_name'  => $style_name,
-			'rawdata'     => $rawdata,
-			'stylesheet'  => $stylesheet,
-			'font_family' => $font_family,
-		] );
-
-		$names       = [];
-		$is_match    = preg_match_all('/(wpte-product-layout-wrapper-)[0-9]+/', $stylesheet, $names);
-		$replaceData = "wpte-product-layout-wrapper-$insert_id";
-		$get_match   = $names[0][0];
-		$finalData   = preg_replace( "/$get_match/i", $replaceData, $stylesheet);
-		wpte_layout_update_style($insert_id, $finalData);
-
-		wp_send_json_success( [
-			'url' => $this->url_conveter( [ $style_name, $insert_id ] ),
-		] );
-
-		if ( is_wp_error( $insert_id ) ) {
-			wp_send_json_error( [
-				'message' => __( 'Data Insert Failed Please retry again!', 'wpte-product-layout' ),
-			] );
-		}
-	}
-
-	/**
-	 * Method wpte_delete_shortcodes.
-	 *
-	 * @return mixed
-	 */
-	public function wpte_delete_shortcodes() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-delete-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		$id = isset($_POST['id']) ? intval($_POST['id']) : '';
-		wpte_delete_layout( $id );
-		exit;
-	}
-
-	/**
-	 * Method wpte_editor_update_form
-	 *
-	 * @return mixed
-	 */
-	public function wpte_editor_update_form() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-editor-update-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		$id       = isset($_POST['wpteid']) ? intval( $_POST['wpteid'] ) : '';
-		$rawdatas = ! empty( $_POST['rawdata'] ) && is_array( $_POST['rawdata'] ) ? filter_input( INPUT_POST, 'rawdata', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY ) : [];
-		$rawdata  = [];
-		foreach ( $rawdatas as $rawdata_val ) {
-			if ( strpos( $rawdata_val['name'], "[]" ) !== false ) {
-				$name = str_replace( '[]', '', $rawdata_val['name'] );
-				$rawdata[$name][] = $rawdata_val['value'];
-			} else {
-				$name = $rawdata_val['name'];
-				$rawdata[$name] = $rawdata_val['value'];
-			}
-		}
-		$rawdata  = $rawdata ? wp_json_encode( $rawdata ) : '';
-		$settings = json_decode( $rawdata, true );
-		wpte_layout_update( $id, $rawdata );
-
-		global $wpdb;
-		$db_data   = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'wpte_product_layout_style WHERE id = %d', $id ), ARRAY_A );
-		$StyleName = explode( '-', ucfirst( $db_data['style_name'] ) );
-		$cls       = 'WPTE_PRODUCT_LAYOUTLayouts\' . $StyleName[0] . 'BackendLayout' . $StyleName[1];
-
-		if ( class_exists( $cls ) ) {
-			$CLAS = new $cls( 'admin' );
-		}
-
-		return $CLAS->template_css_render( $id, $settings );
-	}
-
-	/**
-	 * Method wpte_w_get_productc
-	 *
-	 * @return mixed.
-	 */
-	public function wpte_w_get_productc() {
-
-		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-editor-update-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		global $wpdb;
-		$id        = isset( $_POST['id'] ) ? intval( $_POST['id'] ) : '';
-		$rawdatas  = ! empty( $_POST['rawdata'] ) && is_array( $_POST['rawdata'] ) ? filter_input( INPUT_POST, 'rawdata', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY ) : [];
-		$rawdata   = [];
-		foreach ( $rawdatas as $rawdata_val ) {
-			if ( strpos( $rawdata_val['name'], "[]" ) !== false ) {
-				$name = str_replace( '[]', '', $rawdata_val['name'] );
-				$rawdata[$name][] = $rawdata_val['value'];
-			} else {
-				$name = $rawdata_val['name'];
-				$rawdata[$name] = $rawdata_val['value'];
-			}
-		}
-		$rawdata   = $rawdata ? wp_json_encode( $rawdata ) : '';
-		$settings  = json_decode( $rawdata, true );
-		$user      = 'admin';
-		$db_data   = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'wpte_product_layout_style WHERE id = %d ', $id ), ARRAY_A );
-		$StyleName = explode( '-', ucfirst( $db_data['style_name'] ) );
-
-		$cls     = 'WPTE_PRODUCT_LAYOUTLayouts\' . $StyleName[0] . 'FrontendLayout' . $StyleName[1];
-
-		if ( class_exists($cls) ) {
-			$clas = new $cls( [], $user );
-		}
-
-		$clas->layout_render( $settings, $user );
-
-		if ( wpte_version_control() ) {
-			$pagination_load_more = ( isset( $settings['wpte_product_layout_pagination_global_display'] ) && $settings['wpte_product_layout_pagination_global_display'] ) ? $settings['wpte_product_layout_pagination_global_display'] : '';
-			if ( 'pagination' === $pagination_load_more ) {
-				echo '<div class="wpte-product-paginations">';
-				$clas->wpte_products_pagination_render( $settings, 1, $id );
-				echo '</div>';
-			}
-			if ( 'load_more' === $pagination_load_more ) {
-				printf( '<div class="wpte-product-load-more">');
-				$clas->wpte_products_load_more_render( $settings, $id );
-				echo '</div>';
-			}
-		}
-		die();
-	}
-
-	/**
-	 * Method wpte_shortcode_update_name
-	 *
-	 * @return mixed
-	 */
-	public function wpte_shortcode_update_name() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-editor-update-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		$id   = isset( $_POST['wpteid'] ) && $_POST['wpteid'] !== '' ? intval( $_POST['wpteid'] ) : '';
-		$data = isset( $_POST['rawdata'] ) && $_POST['rawdata'] !== '' ? sanitize_text_field( wp_unslash( $_POST['rawdata'] ) ) : '';
-
-		wpte_shortcode_name_update( $id, $data );
-		exit;
-	}
-
-	/**
-	 * Generate safe path
-	 *
-	 * @param mixed $path .
-	 * @since v1.0.0
-	 */
-	public function safe_path( $path ) {
-
-		$path = str_replace( [ '//', '\\' ], [ '/', '\' ], $path );
-		return str_replace( [ '/', '\' ], DIRECTORY_SEPARATOR, $path);
-	}
-
-	/**
-	 * Shortcode Importer.
-	 *
-	 * @since v1.0.0
-	 */
-	public function wpte_shortcode_import_layout() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-
-		if ( ! wp_verify_nonce( $nonce, 'wpte-import-nonce' ) ) {
-			echo esc_html__( 'You do not have sufficient permissions to access this page.', 'wpte-product-layout' );
-			exit;
-		}
-
-		$filename = ! empty( $_FILES['file']['name'] ) ? sanitize_file_name( wp_unslash( $_FILES['file']['name'] ) ) : '';
-		$folder   = $this->safe_path(WPTE_WPL_PATH . 'assets/export/');
-		if ( ! is_dir( $folder ) ) :
-			mkdir($folder, 0777);
-		endif;
-		if ( is_file( $folder . $filename ) ) :
-			unlink($folder . $filename); // delete file.
-		endif;
-		$uploaded_file_path = isset( $_FILES['file']['tmp_name'] ) ? filter_var( $_FILES['file']['tmp_name'], FILTER_SANITIZE_SPECIAL_CHARS ) : '';
-		$files              = isset( $_FILES['file']['tmp_name'] ) ? $uploaded_file_path : '';
-		move_uploaded_file( $files, $folder . $filename);
-
-		$this->wpte_file_extract( $folder, $filename );
-	}
-
-	/**
-	 * Import File extractor & insert.
-	 *
-	 * @param mixed $folder  .
-	 * @param mixed $filename  .
-	 * @since v1.0.0
-	 */
-	public function wpte_file_extract( $folder, $filename ) {
-
-		if ( is_file( $folder . $filename ) ) {
-
-			$FileData = file_get_contents( $folder . $filename );
-			$params   = json_decode( $FileData, true );
-
-			$name        = isset($params['style']['name']) ? sanitize_text_field( $params['style']['name'] ) : '';
-			$style_name  = isset($params['style']['style_name']) ? sanitize_text_field( $params['style']['style_name'] ) : '';
-			$rawdata     = isset( $params['style']['rawdata'] ) ? stripslashes(sanitize_text_field( $params['style']['rawdata'] )) : '';
-			$stylesheet  = isset( $params['style']['stylesheet'] ) ? sanitize_text_field( $params['style']['stylesheet'] ) : '';
-			$font_family = isset( $params['style']['font_family'] ) ? sanitize_text_field( $params['style']['font_family'] ) : '';
-
-			if ( ! $style_name && ! $rawdata && ! $stylesheet ) {
-
-				if ( is_file( $folder . $filename ) ) :
-					unlink($folder . $filename); // delete file.
-				endif;
-				wp_send_json_success( [
-					'failed' => __('Invalid JSON File! Please import a exported valid JSON file.', 'wpte-product-layout'),
-				] );
-				return;
-			}
-
-			$insert_id = wpte_layout_insert( [
-				'name'        => $name,
-				'style_name'  => $style_name,
-				'rawdata'     => $rawdata,
-				'stylesheet'  => $stylesheet,
-				'font_family' => $font_family,
-			] );
-
-			$names       = [];
-			$is_match    = preg_match_all( '/(wpte-product-layout-wrapper-)[0-9]+/', $stylesheet, $names);
-			$replaceData = "wpte-product-layout-wrapper-$insert_id";
-			$get_match   = $names[0][0];
-			$finalData   = preg_replace( "/$get_match/i", $replaceData, $stylesheet);
-			wpte_layout_update_style($insert_id, $finalData);
-
-			if ( is_file( $folder . $filename ) ) :
-				unlink($folder . $filename); // delete file.
-			endif;
-
-			wp_send_json_success( [
-				'url' => $this->url_conveter( [ $style_name, $insert_id ] ),
-			] );
-
-			if ( is_wp_error( $insert_id ) ) {
-				wp_send_json_error( [
-					'message' => __( 'Data Insert Failed Please retry again!', 'wpte-product-layout' ),
-				] );
-			}
-		}
-	}
-
-	/**
-	 * Get layout for clone.
-	 *
-	 * @since v1.0.0
-	 */
-	public function wpte_clone_layout() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-new-create-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		$id         = isset($_POST['id']) ? intval($_POST['id']) : '';
-		$db_data    = wpte_get_layout( $id );
-		$db_dataArr = json_decode( wp_json_encode( $db_data ), true );
-		$arrgg      = [ 'style' => $db_dataArr ];
-		$JsonData   = wp_json_encode( $arrgg );
-		print_r($JsonData);
-		exit;
-	}
-
-	/**
-	 * Save Settings.
-	 *
-	 * @since v1.0.0
-	 */
-	public function wpte_settings_form() {
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
-		if ( ! wp_verify_nonce( $nonce, 'wpte-settings-nonce' ) ) {
-			return esc_html__( 'Nonce Varification Failed!', 'wpte-product-layout' );
-		}
-
-		$items = isset( $_POST['data'] ) && $_POST['data'] ? filter_input( INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY ) : [];
-
-		$data = [];
-
-		foreach ( $items as $item ) {
-			$data[$item['name']] = $item['value'];
-		}
-
-		update_option( 'wpte_pl_settings', $data );
-
-		wp_send_json_success( [
-			'message' => esc_html__( 'Settings Saved', 'wpte-product-layout' ),
-		] );
-	}
-}
+<?php
+
+namespace WPTE_PRODUCT_LAYOUTIncludesAdmin;
+
+/**
+ * Ajax Handler Class
+ */
+class Ajax {
+
+	/**
+	 * Method __construct
+	 *
+	 * @return void
+	 */
+	public function __construct() {
+
+		add_action( 'wp_ajax_wpte_create_new_layout', [ $this, 'wpte_create_new_layout' ] );
+		add_action( 'wp_ajax_wpte_editor_update_form', [ $this, 'wpte_editor_update_form' ] );
+		add_action( 'wp_ajax_wpte_get_productc', [ $this, 'wpte_w_get_productc' ] );
+		add_action( 'wp_ajax_wpte_delete_shortcode', [ $this, 'wpte_delete_shortcodes' ] );
+		add_action( 'wp_ajax_wpte_shortcode_update_name', [ $this, 'wpte_shortcode_update_name' ] );
+		add_action( 'wp_ajax_wpte_shortcode_import_layout', [ $this, 'wpte_shortcode_import_layout' ] );
+		add_action( 'wp_ajax_wpte_clone_layout', [ $this, 'wpte_clone_layout' ] );
+		add_action( 'wp_ajax_wpte_settings_form', [ $this, 'wpte_settings_form' ] );
+	}
+
+	/**
+	 * Method url_conveter
+	 *
+	 * @param array $args .
+	 * @return string.
+	 */
+	public function url_conveter( $args = [] ) {
+		$layoutName = explode( '-', $args[0] );
+		return admin_url( 'admin.php?page=product-layouts&layouts=' . $layoutName[0] . '&styleid=' . $args[1] );
+	}
+
+	/**
+	 * Method wpte_create_new_layout
+	 *
+	 * @return mixed
+	 */
+	public function wpte_create_new_layout() {
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-new-create-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		$name        = isset( $_POST['name'] ) ? sanitize_text_field( wp_unslash( $_POST['name'] ) ) : '';
+		$style_name  = isset( $_POST['style_name'] ) ? sanitize_text_field( wp_unslash( $_POST['style_name'] ) ) : '';
+		$rawdata     = isset( $_POST['rawdata'] ) ? stripslashes( sanitize_text_field( wp_unslash( $_POST['rawdata'] ) ) ) : '';
+		$stylesheet  = isset( $_POST['stylesheet'] ) ? sanitize_text_field( wp_unslash( $_POST['stylesheet'] ) ) : '';
+		$font_family = sanitize_text_field( '' );
+
+		$insert_id = wpte_layout_insert(
+            [
+				'name'        => $name,
+				'style_name'  => $style_name,
+				'rawdata'     => $rawdata,
+				'stylesheet'  => $stylesheet,
+				'font_family' => $font_family,
+			]
+        );
+
+		$names       = [];
+		$is_match    = preg_match_all( '/(wpte-product-layout-wrapper-)[0-9]+/', $stylesheet, $names );
+		$replaceData = "wpte-product-layout-wrapper-$insert_id";
+		$get_match   = $names[0][0];
+		$finalData   = preg_replace( "/$get_match/i", $replaceData, $stylesheet );
+		wpte_layout_update_style( $insert_id, $finalData );
+
+		wp_send_json_success(
+            [
+				'url' => $this->url_conveter( [ $style_name, $insert_id ] ),
+			]
+        );
+
+		if ( is_wp_error( $insert_id ) ) {
+			wp_send_json_error(
+                [
+					'message' => __( 'Data Insert Failed Please retry again!', 'product-layouts' ),
+				]
+            );
+		}
+	}
+
+	/**
+	 * Method wpte_delete_shortcodes.
+	 *
+	 * @return mixed
+	 */
+	public function wpte_delete_shortcodes() {
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-delete-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		$id = isset( $_POST['id'] ) ? intval( $_POST['id'] ) : '';
+		wpte_delete_layout( $id );
+		exit;
+	}
+
+	/**
+	 * Method wpte_editor_update_form
+	 *
+	 * @return mixed
+	 */
+	public function wpte_editor_update_form() {
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-editor-update-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		$id       = isset( $_POST['wpteid'] ) ? intval( $_POST['wpteid'] ) : '';
+		$rawdatas = ! empty( $_POST['rawdata'] ) && is_array( $_POST['rawdata'] ) ? filter_input( INPUT_POST, 'rawdata', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY ) : [];
+		$rawdata  = [];
+		foreach ( $rawdatas as $rawdata_val ) {
+			if ( strpos( $rawdata_val['name'], '[]' ) !== false ) {
+				$name = str_replace( '[]', '', $rawdata_val['name'] );
+				$rawdata[ $name ][] = $rawdata_val['value'];
+			} else {
+				$name = $rawdata_val['name'];
+				$rawdata[ $name ] = $rawdata_val['value'];
+			}
+		}
+		$rawdata  = $rawdata ? wp_json_encode( $rawdata ) : '';
+		$settings = json_decode( $rawdata, true );
+		wpte_layout_update( $id, $rawdata );
+
+		global $wpdb;
+		$db_data   = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'wpte_product_layout_style WHERE id = %d', $id ), ARRAY_A );
+		$StyleName = explode( '-', ucfirst( $db_data['style_name'] ) );
+		$cls       = 'WPTE_PRODUCT_LAYOUTLayouts\' . $StyleName[0] . 'BackendLayout' . $StyleName[1];
+
+		if ( class_exists( $cls ) ) {
+			$CLAS = new $cls( 'admin' );
+		}
+
+		return $CLAS->template_css_render( $id, $settings );
+	}
+
+	/**
+	 * Method wpte_w_get_productc
+	 *
+	 * @return mixed.
+	 */
+	public function wpte_w_get_productc() {
+
+		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-editor-update-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		global $wpdb;
+		$id        = isset( $_POST['id'] ) ? intval( $_POST['id'] ) : '';
+		$rawdatas  = ! empty( $_POST['rawdata'] ) && is_array( $_POST['rawdata'] ) ? filter_input( INPUT_POST, 'rawdata', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY ) : [];
+		$rawdata   = [];
+		foreach ( $rawdatas as $rawdata_val ) {
+			if ( strpos( $rawdata_val['name'], '[]' ) !== false ) {
+				$name = str_replace( '[]', '', $rawdata_val['name'] );
+				$rawdata[ $name ][] = $rawdata_val['value'];
+			} else {
+				$name = $rawdata_val['name'];
+				$rawdata[ $name ] = $rawdata_val['value'];
+			}
+		}
+		$rawdata   = $rawdata ? wp_json_encode( $rawdata ) : '';
+		$settings  = json_decode( $rawdata, true );
+		$user      = 'admin';
+		$db_data   = $wpdb->get_row( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix . 'wpte_product_layout_style WHERE id = %d ', $id ), ARRAY_A );
+		$StyleName = explode( '-', ucfirst( $db_data['style_name'] ) );
+
+		$cls = 'WPTE_PRODUCT_LAYOUTLayouts\' . $StyleName[0] . 'FrontendLayout' . $StyleName[1];
+
+		if ( class_exists( $cls ) ) {
+			$clas = new $cls( [], $user );
+		}
+
+		$clas->layout_render( $settings, $user );
+
+		if ( wpte_version_control() ) {
+			$pagination_load_more = ( isset( $settings['wpte_product_layout_pagination_global_display'] ) && $settings['wpte_product_layout_pagination_global_display'] ) ? $settings['wpte_product_layout_pagination_global_display'] : '';
+			if ( 'pagination' === $pagination_load_more ) {
+				echo '<div class="wpte-product-paginations">';
+				$clas->wpte_products_pagination_render( $settings, 1, $id );
+				echo '</div>';
+			}
+			if ( 'load_more' === $pagination_load_more ) {
+				printf( '<div class="wpte-product-load-more">' );
+				$clas->wpte_products_load_more_render( $settings, $id );
+				echo '</div>';
+			}
+		}
+		die();
+	}
+
+	/**
+	 * Method wpte_shortcode_update_name
+	 *
+	 * @return mixed
+	 */
+	public function wpte_shortcode_update_name() {
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-editor-update-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		$id   = isset( $_POST['wpteid'] ) && $_POST['wpteid'] !== '' ? intval( $_POST['wpteid'] ) : '';
+		$data = isset( $_POST['rawdata'] ) && $_POST['rawdata'] !== '' ? sanitize_text_field( wp_unslash( $_POST['rawdata'] ) ) : '';
+
+		wpte_shortcode_name_update( $id, $data );
+		exit;
+	}
+
+	/**
+	 * Generate safe path
+	 *
+	 * @param mixed $path .
+	 * @since v1.0.0
+	 */
+	public function safe_path( $path ) {
+
+		$path = str_replace( [ '//', '\\' ], [ '/', '\' ], $path );
+		return str_replace( [ '/', '\' ], DIRECTORY_SEPARATOR, $path );
+	}
+
+	/**
+	 * Shortcode Importer.
+	 *
+	 * @since v1.0.0
+	 */
+	public function wpte_shortcode_import_layout() {
+	if ( ! current_user_can( 'manage_options' ) ) {
+		return;
+	}
+
+	$nonce = isset( $_REQUEST['_nonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+
+	if ( ! wp_verify_nonce( $nonce, 'wpte-import-nonce' ) ) {
+		echo esc_html__( 'You do not have sufficient permissions to access this page.', 'product-layouts' );
+		exit;
+	}
+
+	$filename = ! empty( $_FILES['file']['name'] ) ? sanitize_file_name( wp_unslash( $_FILES['file']['name'] ) ) : '';
+	$folder   = $this->safe_path( WPTE_WPL_PATH . 'assets/export/' );
+
+
+	if ( ! is_dir( $folder ) ) {
+		// phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_mkdir
+		mkdir( $folder, 0777 );
+	}
+
+	if ( is_file( $folder . $filename ) ) {
+		// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
+		unlink( $folder . $filename ); // delete file.
+	}
+
+	$uploaded_file_path = isset( $_FILES['file']['tmp_name'] ) ? filter_var( $_FILES['file']['tmp_name'], FILTER_SANITIZE_SPECIAL_CHARS ) : '';
+	$files              = isset( $_FILES['file']['tmp_name'] ) ? $uploaded_file_path : '';
+
+	// phpcs:ignore Generic.PHP.ForbiddenFunctions.Found
+	move_uploaded_file( $files, $folder . $filename );
+
+	$this->wpte_file_extract( $folder, $filename );
+}
+
+
+	/**
+	 * Import File extractor & insert.
+	 *
+	 * @param mixed $folder  .
+	 * @param mixed $filename  .
+	 * @since v1.0.0
+	 */
+	public function wpte_file_extract( $folder, $filename ) {
+
+		if ( is_file( $folder . $filename ) ) {
+			$FileData = file_get_contents( $folder . $filename );
+			$params   = json_decode( $FileData, true );
+
+			$name        = isset( $params['style']['name'] ) ? sanitize_text_field( $params['style']['name'] ) : '';
+			$style_name  = isset( $params['style']['style_name'] ) ? sanitize_text_field( $params['style']['style_name'] ) : '';
+			$rawdata     = isset( $params['style']['rawdata'] ) ? stripslashes( sanitize_text_field( $params['style']['rawdata'] ) ) : '';
+			$stylesheet  = isset( $params['style']['stylesheet'] ) ? sanitize_text_field( $params['style']['stylesheet'] ) : '';
+			$font_family = isset( $params['style']['font_family'] ) ? sanitize_text_field( $params['style']['font_family'] ) : '';
+
+			if ( ! $style_name && ! $rawdata && ! $stylesheet ) {
+				if ( is_file( $folder . $filename ) ) :
+					// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
+					unlink( $folder . $filename ); // delete file.
+				endif;
+				wp_send_json_success(
+                    [
+						'failed' => __( 'Invalid JSON File! Please import a exported valid JSON file.', 'product-layouts' ),
+					]
+                );
+				return;
+			}
+
+			$insert_id = wpte_layout_insert(
+                [
+					'name'        => $name,
+					'style_name'  => $style_name,
+					'rawdata'     => $rawdata,
+					'stylesheet'  => $stylesheet,
+					'font_family' => $font_family,
+				]
+            );
+
+			$names       = [];
+			$is_match    = preg_match_all( '/(wpte-product-layout-wrapper-)[0-9]+/', $stylesheet, $names );
+			$replaceData = "wpte-product-layout-wrapper-$insert_id";
+			$get_match   = $names[0][0];
+			$finalData   = preg_replace( "/$get_match/i", $replaceData, $stylesheet );
+			wpte_layout_update_style( $insert_id, $finalData );
+
+			if ( is_file( $folder . $filename ) ) :
+				// phpcs:ignore WordPress.WP.AlternativeFunctions.unlink_unlink
+				unlink( $folder . $filename ); // delete file.
+			endif;
+
+			wp_send_json_success(
+                [
+					'url' => $this->url_conveter( [ $style_name, $insert_id ] ),
+				]
+            );
+
+			if ( is_wp_error( $insert_id ) ) {
+				wp_send_json_error(
+                    [
+						'message' => __( 'Data Insert Failed Please retry again!', 'product-layouts' ),
+					]
+                );
+			}
+		}
+	}
+
+	/**
+	 * Get layout for clone.
+	 *
+	 * @since v1.0.0
+	 */
+	public function wpte_clone_layout() {
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$nonce = isset( $_REQUEST['_nonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-new-create-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		$id         = isset( $_POST['id'] ) ? intval( $_POST['id'] ) : '';
+		$db_data    = wpte_get_layout( $id );
+		$db_dataArr = json_decode( wp_json_encode( $db_data ), true );
+		$arrgg      = [ 'style' => $db_dataArr ];
+		$JsonData   = wp_json_encode( $arrgg );
+		// phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r
+		print_r( $JsonData );
+		exit;
+	}
+
+	/**
+	 * Save Settings.
+	 *
+	 * @since v1.0.0
+	 */
+	public function wpte_settings_form() {
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$nonce = isset( $_REQUEST['_nonce'] ) && '' !== $_REQUEST['_nonce'] ? sanitize_text_field( wp_unslash( $_REQUEST['_nonce'] ) ) : '';
+		if ( ! wp_verify_nonce( $nonce, 'wpte-settings-nonce' ) ) {
+			return esc_html__( 'Nonce Varification Failed!', 'product-layouts' );
+		}
+
+		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash,WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+		$items = isset( $_POST['data'] ) && $_POST['data']
+			? filter_input( INPUT_POST, 'data', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY )
+			: [];
+
+		$data = [];
+
+		foreach ( $items as $item ) {
+			$data[ $item['name'] ] = $item['value'];
+		}
+
+		update_option( 'wpte_pl_settings', $data );
+
+		wp_send_json_success(
+            [
+				'message' => esc_html__( 'Settings Saved', 'product-layouts' ),
+			]
+        );
+	}
+}
--- a/product-layouts/Includes/Admin/Menu.php
+++ b/product-layouts/Includes/Admin/Menu.php
@@ -1,112 +1,116 @@
-<?php
-
-namespace WPTE_PRODUCT_LAYOUTIncludesAdmin;
-
-/**
- * Admin Menu Class
- *
- * @since 1.0.0
- */
-class Menu {
-
-	use PagesAdminTopMenu;
-
-	/**
-	 * Menu class constructor
-	 *
-	 * @since 1.0.0
-	 */
-	public function __construct() {
-		add_action( 'admin_menu', [ $this, 'regiter_admin_menu' ] );
-		$this->admin_menu();
-	}
-
-	/**
-	 * Admin Menu Method
-	 *
-	 * @since 1.0.0
-	 */
-	public function admin_menu() {
-		add_filter( 'wpte_product_layout_admin_menu', [ $this, 'wpte_admin_menu' ] );
-	}
-
-	/**
-	 * Register Admin Menue
-	 *
-	 * @return void
-	 */
-	public function regiter_admin_menu() {
-		$user = 'manage_options';
-		add_menu_page( __( 'Product Layouts', 'wpte-product-layout' ), __( 'Product Layouts', 'wpte-product-layout' ), $user, 'product-layouts', [ $this, 'plugin_page' ], WPTE_WPL_URL . '/Image/product-layouts-icon.svg', 56 );
-		add_submenu_page( 'product-layouts', __( 'Product Layouts', 'wpte-product-layout'), __('Product Layouts', 'wpte-product-layout'), $user, 'product-layouts', [ $this, 'plugin_page' ] );
-		add_submenu_page( 'product-layouts', __( 'Shortcode List', 'wpte-product-layout'), __('Shortcode List', 'wpte-product-layout'), $user, 'product-layouts-shortcode', [ $this, 'product_shortcode' ] );
-		add_submenu_page( 'product-layouts', __( 'Settings', 'wpte-product-layout'), __('Settings', 'wpte-product-layout'), $user, 'product-layouts-settings', [ $this, 'product_settings' ] );
-		add_submenu_page( 'product-layouts', __( 'Getting Started', 'wpte-product-layout'), __('Getting Started', 'wpte-product-layout'), $user, 'product-layouts-getting-started', [ $this, 'wpte_product_layout_getting_started' ] );
-		add_submenu_page( 'product-layouts', __( 'Status', 'wpte-product-layout'), __('Status', 'wpte-product-layout'), $user, 'product-layouts-status', [ $this, 'wpte_product_layout_status' ] );
-	}
-
-	/**
-	 * Plugin Admin Menu
-	 *
-	 * @return void
-	 */
-	public function plugin_page() {
-		$module = new Plugin_Page();
-		$module->module_page();
-	}
-
-	/**
-	 * Plugin Admin SubMenu Shortcode
-	 *
-	 * @return void
-	 */
-	public function product_shortcode() {
-		apply_filters('wpte_product_layout_admin_menu', true);
-		$importPage = isset( $_REQUEST['page'] ) && ! empty( $_REQUEST['page'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) : '';
-		$action     = isset( $_REQUEST['action'] ) && ! empty( $_REQUEST['action'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) ) : '';
-		if ( $importPage === 'product-layouts-shortcode' && $action === 'import' ) {
-			new PagesLayout_listImport();
-		} else {
-			new PagesLayout_listShortcode();
-			new PagesLayout_listExport();
-		}
-	}
-
-	/**
-	 * Plugin Admin SubMenu Settings
-	 *
-	 * @return void
-	 */
-	public function product_settings() {
-		apply_filters('wpte_product_layout_admin_menu', true );
-		wp_enqueue_script('wpte-wpl-select2-js');
-		wp_enqueue_script('wpte-wpl-settings-js');
-		wp_localize_script('wpte-wpl-settings-js', 'wpteSettings', [
-			'ajaxUrl'    => admin_url('admin-ajax.php'),
-			'wpte_nonce' => wp_create_nonce('wpte-settings-nonce'),
-			'error'      => __( 'Something Went Wrong!', 'wpte-product-layout' ),
-		]);
-		new PagesSettings();
-	}
-
-	/**
-	 * Plugin Admin SubMenu Getting Started
-	 *
-	 * @return void
-	 */
-	public function wpte_product_layout_getting_started() {
-		apply_filters('wpte_product_layout_admin_menu', true );
-		wp_enqueue_script('wpte-wpl-admin-js');
-		new PagesSupport();
-	}
-
-	/**
-	 * Plugin Admin SubMenu Status
-	 *
-	 * @return void
-	 */
-	public function wpte_product_layout_status() {
-		apply_filters('wpte_product_layout_admin_menu', true );
-		new PagesStatus();
-	}
-}
+<?php
+
+namespace WPTE_PRODUCT_LAYOUTIncludesAdmin;
+
+/**
+ * Admin Menu Class
+ *
+ * @since 1.0.0
+ */
+class Menu {
+
+	use PagesAdminTopMenu;
+
+	/**
+	 * Menu class constructor
+	 *
+	 * @since 1.0.0
+	 */
+	public function __construct() {
+		add_action( 'admin_menu', [ $this, 'regiter_admin_menu' ] );
+		$this->admin_menu();
+	}
+
+	/**
+	 * Admin Menu Method
+	 *
+	 * @since 1.0.0
+	 */
+	public function admin_menu() {
+		add_filter( 'wpte_product_layout_admin_menu', [ $this, 'wpte_admin_menu' ] );
+	}
+
+	/**
+	 * Register Admin Menue
+	 *
+	 * @return void
+	 */
+	public function regiter_admin_menu() {
+		$user = 'manage_options';
+		add_menu_page( __( 'Product Layouts', 'product-layouts' ), __( 'Product Layouts', 'product-layouts' ), $user, 'product-layouts', [ $this, 'plugin_page' ], WPTE_WPL_URL . '/Image/product-layouts-icon.svg', 56 );
+		add_submenu_page( 'product-layouts', __( 'Product Layouts', 'product-layouts' ), __( 'Product Layouts', 'product-layouts' ), $user, 'product-layouts', [ $this, 'plugin_page' ] );
+		add_submenu_page( 'product-layouts', __( 'Shortcode List', 'product-layouts' ), __( 'Shortcode List', 'product-layouts' ), $user, 'product-layouts-shortcode', [ $this, 'product_shortcode' ] );
+		add_submenu_page( 'product-layouts', __( 'Settings', 'product-layouts' ), __( 'Settings', 'product-layouts' ), $user, 'product-layouts-settings', [ $this, 'product_settings' ] );
+		add_submenu_page( 'product-layouts', __( 'Getting Started', 'product-layouts' ), __( 'Getting Started', 'product-layouts' ), $user, 'product-layouts-getting-started', [ $this, 'wpte_product_layout_getting_started' ] );
+		add_submenu_page( 'product-layouts', __( 'Status', 'product-layouts' ), __( 'Status', 'product-layouts' ), $user, 'product-layouts-status', [ $this, 'wpte_product_layout_status' ] );
+	}
+
+	/**
+	 * Plugin Admin Menu
+	 *
+	 * @return void
+	 */
+	public function plugin_page() {
+		$module = new Plugin_Page();
+		$module->module_page();
+	}
+
+	/**
+	 * Plugin Admin SubMenu Shortcode
+	 *
+	 * @return void
+	 */
+	public function product_shortcode() {
+		apply_filters( 'wpte_product_layout_admin_menu', true );
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		$importPage = isset( $_REQUEST['page'] ) && ! empty( $_REQUEST['page'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['page'] ) ) : '';
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
+		$action     = isset( $_REQUEST['action'] ) && ! empty( $_REQUEST['action'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['action'] ) ) : '';
+		if ( $importPage === 'product-layouts-shortcode' && $action === 'import' ) {
+			new PagesLayout_listImport();
+		} else {
+			new PagesLayout_listShortcode();
+			new PagesLayout_listExport();
+		}
+	}
+
+	/**
+	 * Plugin Admin SubMenu Settings
+	 *
+	 * @return void
+	 */
+	public function product_settings() {
+		apply_filters( 'wpte_product_layout_admin_menu', true );
+		wp_enqueue_script( 'wpte-wpl-select2-js' );
+		wp_enqueue_script( 'wpte-wpl-settings-js' );
+		wp_localize_script(
+            'wpte-wpl-settings-js', 'wpteSettings', [
+				'ajaxUrl'    => admin_url( 'admin-ajax.php' ),
+				'wpte_nonce' => wp_create_nonce( 'wpte-settings-nonce' ),
+				'error'      => __( 'Something Went Wrong!', 'product-layouts' ),
+			]
+        );
+		new PagesSettings();
+	}
+
+	/**
+	 * Plugin Admin SubMenu Getting Started
+	 *
+	 * @return void
+	 */
+	public function wpte_product_layout_getting_started() {
+		apply_filters( 'wpte_product_layout_admin_menu', true );
+		wp_enqueue_script( 'wpte-wpl-admin-js' );
+		new PagesSupport();
+	}
+
+	/**
+	 * Plugin Admin SubMenu Status
+	 *
+	 * @return void
+	 */
+	public function wpte_product_layout_status() {
+		apply_filters( 'wpte_product_layout_admin_menu', true );
+		new PagesStatus();
+	}
+}
--- a/product-layouts/Includes/Admin/Notice.php
+++ b/product-layouts/Includes/Admin/Notice.php
@@ -1,159 +1,160 @@
-<?php
-
-namespace WPTE_PRODUCT_LAYOUTIncludesAdmin;
-
-/**
- * Admin Notice Class
- *
- * @since 1.0.0
- */
-class Notice {
-
-	/**
-	 * Notice class constructor
-	 *
-	 * @since 1.0.0
-	 */
-	public function __construct() {
-
-		$this->notice_init();
-	}
-
-	/**
-	 * Method notice_init.
-	 *
-	 * @since 1.0.0
-	 *
-	 * @access public
-	 */
-	public function notice_init() {
-
-		// Check for required PHP version.
-		if ( version_compare( PHP_VERSION, WPTE_WPL_MINIMUM_PHP_VERSION, '<' ) ) {
-			add_action( 'admin_notices', [ $this, 'wpte_wpl_minimum_php_version' ] );
-			return;
-		}
-
-		// Check if WooCommerce installed and activated.
-		if ( ! class_exists( 'WooCommerce' ) ) {
-			add_action( 'admin_notices', [ $this, 'admin_notice_missing_main_plugin' ] );
-			return;
-		}
-
-		// Check for required Woocommerce version.
-		if ( version_compare( WC_VERSION, WPTE_WPL_MINIMUM_WC_VERSION, '<' ) ) {
-			add_action( 'admin_notices', [ $this, 'wpte_wpl_minimum_wc_version' ] );
-			return;
-		}
-
-		// Get Review from users
-		add_action( 'admin_notices', [ $this, 'wpte_wpl_get_review_from_users' ] );
-	}
-
-	/**
-	 * Method wpte_wpl_minimum_php_version.
-	 *
-	 * Warning when the site doesn't have a minimum required PHP version.
-	 *
-	 * @since 1.0.0
-	 *
-	 * @access public
-	 */
-	public function wpte_wpl_minimum_php_version() {
-
-		$message = sprintf(
-			/* translators: 1: Plugin name 2: PHP 3: Required PHP version */
-			esc_html__('"%1$s" requires "%2$s" version %3$s or greater.', 'wpte-product-layout'),
-			'<strong>' . esc_html__('Product Layouts for Woocommerce', 'wpte-product-layout') . '</strong>',
-			'<strong>' . esc_html__( 'PHP', 'wpte-product-layout' ) . '</strong>',
-			WPTE_WPL_MINIMUM_PHP_VERSION
-		);
-
-		printf( '<div class="notice notice-warning is-dismissible"><p>%1$s</p></div>', wp_kses( $message, wpte_plugins_allowedtags() ) );
-	}
-
-	/**
-	 * Method admin_notice_missing_main_plugin.
-	 *
-	 * @since 1.0.0
-	 *
-	 * @access public
-	 */
-	public function admin_notice_missing_main_plugin() {
-
-		$screen = get_current_screen();
-		if ( isset( $screen->parent_file ) && 'plugins.php' === $screen->parent_file && 'update' === $screen->id ) {
-			return;
-		}
-
-		$plugin            = 'woocommerce';
-		$file_path         = 'woocommerce/woocommerce.php';
-		$installed_plugins = get_plugins();
-
-		if ( isset( $installed_plugins[ $file_path ] ) ) { // check if plugin is installed.
-
-			if ( ! current_user_can('activate_plugins') ) {
-				return;
-			}
-			$activation_url = wp_nonce_url(admin_url('plugins.php?action=activate&plugin=' . $file_path), 'activate-plugin_' . $file_path);
-
-			$message  = wp_sprintf('<p><strong>%s</strong>%s</p>', esc_html__('Product Layouts for Woocommerce', 'wpte-product-layout'), __( ' not working because you need to activate the WooCommerce plugin.', 'wpte-product-layout') );
-			$message .= wp_sprintf('<p><a href="%s" class="button-primary">%s</a></p>', $activation_url, esc_html__('Activate WooCommerce Now', 'wpte-product-layout'));
-
-		} else {
-
-			if ( ! current_user_can('install_plugins') ) {
-				return;
-			}
-			$install_url = wp_nonce_url( add_query_arg(
-				[
-					'action' => 'install-plugin',
-					'plugin' => $plugin,
-				],
-					admin_url('update.php') ),
-					'install-plugin_' . $plugin
-				);
-			$message     = wp_sprintf('<p><strong>%s</strong>%s</p>', esc_html__('Product Layouts for Woocommerce', 'wpte-product-layout'), __(' not working because you need to install the WooCommerce plugin.', 'wpte-product-layout') );
-			$message    .= wp_sprintf('<p><a href="%s" class="button-primary">%s</a></p>', $install_url, esc_html__('Install WooCommerce Now', 'wpte-product-layout') );
-
-		}
-
-		printf('<div class="error"><p>%s</p></div>', wp_kses( $message, wpte_plugins_allowedtags() ) );
-	}
-
-	/**
-	 * Method wpte_wpl_minimum_wc_version.
-	 *
-	 * @since 1.0.0
-	 *
-	 * @access public
-	 */
-	public function wpte_wpl_minimum_wc_version() {
-
-		printf('<div class="notice notice-warning is-dismissible"><p>%1$s</p></div>', '%1$s' . esc_html__( ' requires ', 'wpte-product-layout' ) . ' %2$s' . esc_html__( ' version ', 'wpte-product-layout' ) . '%3$s' . esc_html__( 'or greater.', 'wpte-product-layout' ),
-		'<strong>' . esc_html__('Product Layouts for Woocommerce', 'wpte-product-layout') . '</strong>',
-		'<strong>' . esc_html__('Woocommerce', 'wpte-product-layout') . '</strong>',
-		floatval( WPTE_WPL_MINIMUM_WC_VERSION ) );
-	}
-
-	/**
-	 * Method wpte_wpl_get_review_from_users.
-	 *
-	 * @since 1.2.2
-	 *
-	 * @access public
-	 */
-	public function wpte_wpl_get_review_from_users() {
-		if ( ! ( isset( $_COOKIE['wpte-user-review'] ) && $_COOKIE['wpte-user-review'] == 1 ) ) :
-		?>
-		<div id="wpte-get-review" class="notice wpte-notice-review notice-warning is-dismissible">
-			<h2>🌟 <?php echo esc_html__('Product Layouts for Woocommerce', 'wpte-product-layout'); ?> 🌟</h2>
-			<p><?php echo esc_html__('Love our plugin? Leave us a 5-star review! Your feedback helps us thrive, motivating us to continuously update the plugin.', 'wpte-product-layout'); ?></p>
-			<button class="wpte-btn-given"><?php echo esc_html__('Already Given', 'wpte-product-layout'); ?></button>
-			<a href="https://wordpress.org/support/plugin/product-layouts/reviews/#new-post" target="__blank"><button class="wpte-btn-deserve"><?php echo esc_html__('You Deserve It', 'wpte-product-layout'); ?></button></a>
-			<button class="wpte-btn-never"><?php echo esc_html__("Don't Show Again", 'wpte-product-layout'); ?></button>
-		</div>
-		<?php
-		endif;
-	}
-}
+<?php
+
+namespace WPTE_PRODUCT_LAYOUTIncludesAdmin;
+
+/**
+ * Admin Notice Class
+ *
+ * @since 1.0.0
+ */
+class Notice {
+
+	/**
+	 * Notice class constructor
+	 *
+	 * @since 1.0.0
+	 */
+	public function __construct() {
+
+		$this->notice_init();
+	}
+
+	/**
+	 * Method notice_init.
+	 *
+	 * @since 1.0.0
+	 *
+	 * @access public
+	 */
+	public function notice_init() {
+
+		// Check for required PHP version.
+		if ( version_compare( PHP_VERSION, WPTE_WPL_MINIMUM_PHP_VERSION, '<' ) ) {
+			add_action( 'admin_notices', [ $this, 'wpte_wpl_minimum_php_version' ] );
+			return;
+		}
+
+		// Check if WooCommerce installed and activated.
+		if ( ! class_exists( 'WooCommerce' ) ) {
+			add_action( 'admin_notices', [ $this, 'admin_notice_missing_main_plugin' ] );
+			return;
+		}
+
+		// Check for required Woocommerce version.
+		if ( version_compare( WC_VERSION, WPTE_WPL_MINIMUM_WC_VERSION, '<' ) ) {
+			add_action( 'admin_notices', [ $this, 'wpte_wpl_minimum_wc_version' ] );
+			return;
+		}
+
+		// Get Review from users
+		add_action( 'admin_notices', [ $this, 'wpte_wpl_get_review_from_users' ] );
+	}
+
+	/**
+	 * Method wpte_wpl_minimum_php_version.
+	 *
+	 * Warning when the site doesn't have a minimum required PHP version.
+	 *
+	 * @since 1.0.0
+	 *
+	 * @access public
+	 */
+	public function wpte_wpl_minimum_php_version() {
+
+		$message = sprintf(
+			/* translators: 1: Plugin name 2: PHP 3: Required PHP version */
+			esc_html__( '"%1$s" requires "%2$s" version %3$s or greater.', 'product-layouts' ),
+			'<strong>' . esc_html__( 'Product Layouts for Woocommerce', 'product-layouts' ) . '</strong>',
+			'<strong>' . esc_html__( 'PHP', 'product-layouts' ) . '</strong>',
+			WPTE_WPL_MINIMUM_PHP_VERSION
+		);
+
+		printf( '<div class="notice notice-warning is-dismissible"><p>%1$s</p></div>', wp_kses( $message, wpte_plugins_allowedtags() ) );
+	}
+
+	/**
+	 * Method admin_notice_missing_main_plugin.
+	 *
+	 * @since 1.0.0
+	 *
+	 * @access public
+	 */
+	public function admin_notice_missing_main_plugin() {
+
+		$screen = get_current_screen();
+		if ( isset( $screen->parent_file ) && 'plugins.php' === $screen->parent_file && 'update' === $screen->id ) {
+			return;
+		}
+
+		$plugin            = 'woocommerce';
+		$file_path         = 'woocommerce/woocommerce.php';
+		$installed_plugins = get_plugins();
+
+		if ( isset( $installed_plugins[ $file_path ] ) ) { // check if plugin is installed.
+
+			if ( ! current_user_can( 'activate_plugins' ) ) {
+				return;
+			}
+			$activation_url = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $file_path ), 'activate-plugin_' . $file_path );
+
+			$message  = wp_sprintf( '<p><strong>%s</strong>%s</p>', esc_html__( 'Product Layouts for Woocommerce', 'product-layouts' ), __( ' not working because you need to activate the WooCommerce plugin.', 'product-layouts' ) );
+			$message .= wp_sprintf( '<p><a href="%s" class="button-primary">%s</a></p>', $activation_url, esc_html__( 'Activate WooCommerce Now', 'product-layouts' ) );
+		} else {
+			if ( ! current_user_can( 'install_plugins' ) ) {
+				return;
+			}
+			$install_url = wp_nonce_url(
+                add_query_arg(
+                    [
+						'action' => 'install-plugin',
+						'plugin' => $plugin,
+                    ],
+					admin_url( 'update.php' )
+                ),
+                'install-plugin_' . $plugin
+            );
+			$message     = wp_sprintf( '<p><strong>%s</strong>%s</p>', esc_html__( 'Product Layouts for Woocommerce', 'product-layouts' ), __( ' not working because you need to install the WooCommerce plugin.', 'product-layouts' ) );
+			$message    .= wp_sprintf( '<p><a href="%s" class="button-primary">%s</a></p>', $install_url, esc_html__( 'Install WooCommerce Now', 'product-layouts' ) );
+		}
+
+		printf( '<div class="error"><p>%s</p></div>', wp_kses( $message, wpte_plugins_allowedtags() ) );
+	}
+
+	/**
+	 * Method wpte_wpl_minimum_wc_version.
+	 *
+	 * @since 1.0.0
+	 *
+	 * @access public
+	 */
+	public function wpte_wpl_minimum_wc_version() {
+
+		printf(
+            '<div class="notice notice-warning is-dismissible"><p>%1$s</p></div>', '%1$s' . esc_html__( ' requires ', 'product-layouts' ) . ' %2$s' . esc_html__( ' version ', 'product-layouts' ) . '%3$s' . esc_html__( 'or greater.', 'product-layouts' ),
+            '<strong>' . esc_html__( 'Product Layouts for Woocommerce', 'product-layouts' ) . '</strong>',
+            '<strong>' . esc_html__( 'Woocommerce', 'product-layouts' ) . '</strong>',
+            floatval( WPTE_WPL_MINIMUM_WC_VERSION )
+        );
+	}
+
+	/**
+	 * Method wpte_wpl_get_review_from_users.
+	 *
+	 * @since 1.2.2
+	 *
+	 * @access public
+	 */
+	public function wpte_wpl_get_review_from_users() {
+		if ( ! ( isset( $_COOKIE['wpte-user-review'] ) && $_COOKIE['wpte-user-review'] == 1 ) ) :
+			?>
+		<div id="wpte-get-review" class="notice wpte-notice-review notice-warning is-dismissible">
+			<h2>🌟 <?php echo esc_html__( 'Product Layouts for Woocommerce', 'product-layouts' ); ?> 🌟</h2>
+			<p><?php echo esc_html__( 'Love our plugin? Leave us a 5-star review! Your feedback helps us thrive, motivating us to continuously update the plugin.', 'product-layouts' ); ?></p>
+			<button class="wpte-btn-given"><?php echo esc_html__( 'Already Given', 'product-layouts' ); ?></button>
+			<a href="https://wordpress.org/support/plugin/product-layouts/reviews/#new-post" target="__blank"><button class="wpte-btn-deserve"><?php echo esc_html__( 'You Deserve It', 'product-layouts' ); ?></button></a>
+			<button class="wpte-btn-never"><?php echo esc_html__( "Don't Show Again", 'product-layouts' ); ?></button>
+		</div>
+			<?php
+		endif;
+	}
+}
--- a/product-layouts/Includes/Admin/Pages/AdminRender.php
+++ b/product-layouts/Includes/Admin/Pages/AdminRender.php
@@ -1,474 +1,486 @@
-<?php
-
-namespace WPTE_PRODUCT_LAYOUTIncludesAdminPages;
-
-/**
- * AdminRender
- *
- * @since 1.0.0
- */
-abstract class AdminRender {
-
-	use WPTE_PRODUCT_LAYOUTIncludesHelperHelper;
-	use WPTE_PRODUCT_LAYOUTIncludesHelperAdvanced;
-
-	/**
-	 * Wpteid
-	 *
-	 * @var $wpteid
-	 * @since 1.0.0
-	 */
-	public $wpteid;
-
-	/**
-	 * Wpdb
-	 *
-	 * @var $wpdb
-	 * @since 1.0.0
-	 */
-	public $wpdb;
-
-	/**
-	 * WP DB Table Name
-	 *
-	 * @var $wpte_table
-	 * @since 1.0.0
-	 */
-	public $wpte_table;
-
-	/**
-	 * Dbdata
-	 *
-	 * @var $dbdata
-	 * @since 1.0.0
-	 */
-	public $dbdata;
-
-	/**
-	 * Rawdata
-	 *
-	 * @var $rawdata
-	 */
-	public $rawdata;
-
-	/**
-	 * Style
-	 *
-	 * @var $style
-	 */
-	public $style = [];
-
-	/**
-	 * Current Elements Style name
-	 *
-	 * @var $StyleName
-	 * @since 1.0.0
-	 */
-	public $StyleName;
-
-	/**
-	 * All Wrapper
-	 *
-	 * @var $WRAPPER
-	 * @since 1.0.0
-	 */
-	public $WRAPPER;
-
-	/**
-	 * All CSS Wrapper
-	 *
-	 * @var $CSSWRAPPER
-	 * @since 1.0.0
-	 */
-	public $CSSWRAPPER;
-
-	/**
-	 * All CSS Data
-	 *
-	 * @var $CSSDATA
-	 * @since 1.0.0
-	 */
-	public $CSSDATA;
-
-	/**
-	 * Type
-	 *
-	 * @var $type
-	 * @since 1.0.0
-	 */
-	public $type;
-
-	/**
-	 * Font
-	 *
-	 *  @var $font
-	 * @since 1.0.0
-	 */
-	public $font;
-
-	/**
-	 * Method __construct
-	 *
-	 * @param string $type .
-	 * @return void
-	 */
-	public function __construct( $type = '' ) {
-
-		global $wpdb;
-		$this->wpdb       = $wpdb;
-		$this->wpte_table = $this->wpdb->prefix . 'wpte_product_layout_style';
-		$this->wpteid     = ( ! empty( $_GET['styleid'] ) ? intval( $_GET['styleid'] ) : 0 );
-		$this->WRAPPER    = '.wpte-product-layout-wrapper-' . $this->wpteid;
-		$this->CSSWRAPPER = '.wpte-product-layout-wrapper-' . $this->wpteid . ' .wpte-product-row';
-		$this->wpte_script_loader();
-		$this->type = $type;
-		if ( $this->type != 'admin' ) {
-			$this->wpte_db_data();
-			$this->render();
-		}
-		new Layout_listExport();
-	}
-
-	/**
-	 * Method Hooks
-	 *
-	 * @return void
-	 */
-	public function wpte_db_data() {
-		global $wpdb;
-		$this->dbdata = $wpdb->get_row( $wpdb->prepare(
-				'SELECT * FROM ' . $wpdb->prefix . 'wpte_product_layout_style WHERE id = %d ', $this->wpteid
-			), ARRAY_A);
-		$this->StyleName = explode('-', ucfirst($this->dbdata['style_name']));
-		if ( ! empty( $this->dbdata['rawdata'] ) ) {
-			$this->rawdata = json_decode($this->dbdata['rawdata'], true);
-			if ( is_array( $this->rawdata ) ) {
-				$this->style = $this->rawdata;
-			}
-		}
-	}
-
-	/**
-	 * Method wpte_script_loader
-	 *
-	 * @return void
-	 */
-	public function wpte_script_loader() {
-
-		// Js.
-		wp_enqueue_script('wpte-serializejson');
-		wp_enqueue_script('wpte-wpl-select2-js');
-		wp_enqueue_script('wpte-nouislider');
-		wp_enqueue_script('wpte-gradient-color');
-		wp_enqueue_script('wpte-minicolors');
-		wp_enqueue_script('jquery-ui-resizable');
-		wp_enqueue_script('wpte-icon-picker');
-		wp_enqueue_script('wpte-font-picker-js');
-		wp_enqueue_script('wpte-global-js');
-		wp_enqueue_script('wpte-condition-js');
-		wp_enqueue_script('wpte-wpl-admin-js');
-		wp_enqueue_script('wpte-wpl-editor');
-		wp_localize_script('wpte-wpl-editor', 'wpteEditor', [
-			'ajaxUrl'    => admin_url('admin-ajax.php'),
-			'wpte_nonce' => wp_create_nonce('wpte-editor-update-nonce'),
-			'error'      => __('Something Went Wrong!', 'wpte-product-layout' ),
-		]);
-
-		wp_localize_script('wpte-global-js', 'wpteGlobal', [
-			'ajaxUrl'    => admin_url('admin-ajax.php'),
-			'wpte_nonce' => wp_create_nonce('wpte-global-nonce'),
-			'error'      => __('Something Went Wrong!', 'wpte-product-layout' ),
-		]);
-
-		$this->wpte_compare_script_loader();
-		$this->wpte_quickview_script_loader();
-	}
-
-	/**
-	 * Admin Compare script loader
-	 *
-	 * @since 1.0.1
-	 */
-	public function wpte_compare_script_loader() {
-		wp_enqueue_script('wpte-product-compare');
-	}
-
-	/**
-	 * Admin Quick view script loader
-	 *
-	 * @since 1.0.1
-	 */
-	public function wpte_quickview_script_loader() {
-		if ( version_compare( WC()->version, '3.0.0', '>=' ) ) {
-			if ( current_theme_supports( 'wc-product-gallery-zoom' ) ) {
-				wp_enqueue_script( 'zoom' );
-			}
-			if ( current_theme_supports( 'wc-product-gallery-slider' ) ) {
-				wp_enqueue_script( 'flexslider' );
-			}
-			wp_enqueue_script( 'wc-add-to-cart-variation' );
-			wp_enqueue_script( 'wc-single-product' );
-		}
-
-		wp_enqueue_script('wpte-quick-view-js');
-	}
-
-	/**
-	 * Template Register Control
-	 * return always true and abstract with current Style Template
-	 *
-	 * @since 1.0.0
-	 */
-	public function register_controls() {
-		return true;
-	}
-
-	/**
-	 * Template CSS Render.
-	 *
-	 * @param int   $id .
-	 * @param mixed $rawData .
-	 * @since 1.0.0
-	 */
-	public function template_css_render( $id, $rawData ) {
-		$styleid      = $id;
-		$this->wpteid = $styleid;
-
-		$this->WRAPPER    = '.wpte-product-layout-wrapper-' . $this->wpteid;
-		$this->CSSWRAPPER = '.wpte-product-layout-wrapper-' . $this->wpteid . ' .wpte-product-row';
-		$this->style      = $rawData;
-
-		ob_start();
-			$this->register_controls();
-			$this->wpte_advanced_controlers();
-		ob_end_clean();
-
-		$fullcssfile = '';
-		foreach ( $this->CSSDATA as $key => $responsive ) {
-			$tempcss = '';
-			foreach ( $responsive as $class => $classes ) {
-				$tempcss .= $class . '{';
-				foreach ( $classes as $properties ) {
-					$tempcss .= $properties;
-				}
-				$tempcss .= '}';
-			}
-			if ( $key === 'laptop' ) :
-				$fullcssfile .= $tempcss;
-			elseif ( $key === 'tab' ) :
-				$fullcssfile .= '@media only screen and (min-width : 669px) and (max-width : 993px){';
-				$fullcssfile .= $tempcss;
-				$fullcssfile .= '}';
-			elseif ( $key === 'mobile' ) :
-				$fullcssfile .= '@media only screen and (max-width : 668px){';
-				$fullcssfile .= $tempcss;
-				$fullcssfile .= '}';
-			endif;
-		}
-		$font = wp_json_encode( $this->font );
-		global $wpdb;
-		$this->wpdb->query($wpdb->prepare('UPDATE ' . $wpdb->prefix . 'wpte_product_layout_style SET stylesheet = %s WHERE id = %d', $fullcssfile, $styleid));
-		$this->wpdb->query($wpdb->prepare('UPDATE ' . $wpdb->prefix . 'wpte_product_layout_style SET font_family = %s WHERE id = %d', $font, $styleid));
-		exit;
-	}
-
-	/**
-	 * Method secondary_menut
-	 *
-	 * @return void
-	 */
-	public function secondary_menut() {
-		?>
-		<div class="wpte-wpl-wrapper">
-			<div class="wpte-wpl-row">
-				<div class="wpte-product-container">
-					<div class="wpte-col-top-lap-3 wpte-col-mob-1">
-						<div class="wpte-card">
-							<div class="wpte-card-info">
-								<div class="wpte-card-heading">
-									<span><?php echo esc_html__('Shortcode', 'wpte-product-layout' ); ?></span>
-									<span class="dashicons dashicons-arrow-down card-icon-hide"></span>
-									<span class="dashicons dashicons-arrow-right"></span>
-								</div>
-								<div class="wpte-card-body wpte-card-body-slider">
-									<div class="wpte-single-page-shortcode">
-										<?php
-										$id = isset( $_GET['styleid'] ) ? sanitize_text_field( wp_unslash( $_GET['styleid'] ) ) : '';
-										printf( '<b>%s</b>', esc_html__( 'Shortcode for posts/pages/plugins', 'wpte-product-layout' ) );
-										printf( '<p>%s</p>', esc_html__( 'Copy & paste the shortcode directly into any WordPress post, page or Page Builder.', 'wpte-product-layout' ) );
-										printf( '<input type="text" onclick="this.setSelectionRange(0, this.value.length)" value='[wpte_product_layout id="%1$s"]'>', esc_attr($id) );
-										?>
-										<div class="wpte-single-page-php-shortcode">
-											<?php
-												printf( '<b>%s</b>', esc_html__( 'Shortcode for templates/themes', 'wpte-product-layout' ) );
-												printf( '<p>%s</p>', esc_html__( 'Copy & paste this code into a template file to include the slideshow within your theme.', 'wpte-product-layout' ) );
-												printf( '<input type="text" onclick="this.setSelectionRange(0, this.value.length)" value='<?php echo do_shortcode("[wpte_product_layout id=%1$s]"); ?>'>', esc_attr($id) );
-											?>
-										</div>
-									</div>
-								</div>
-							</div>
-						</div>
-						<div class="wpte-card">
-							<div class="wpte-card-info">
-								<div class="wpte-card-heading">
-									<span><?php echo esc_html__('Shortcode Name', 'wpte-product-layout' ); ?></span>
-									<span class="dashicons dashicons-arrow-down card-icon-hide"></span>
-									<span class="dashicons dashicons-arrow-right"></span>
-								</div>
-								<div class="wpte-card-body wpte-card-body-slider">
-									<div class="wpte-single-page-shortcode">
-										<form class="wpte-change-shortcode-name" action="" method="post">
-											<?php
-												$shortcode_name = wpte_get_layout( $id ) ? wpte_get_layout( $id ) : (object) [];
-											?>
-											<input id="wpte-shortcode-name" type="text" value="<?php echo esc_html($shortcode_name->name); ?>">
-											<input id="wpte-shortcode-name-id" type="hidden" value="<?php echo esc_html($id); ?>" >
-											<button><?php echo esc_html__( 'Update', 'wpte-product-layout' ); ?></button>
-										</form>
-									</div>
-								</div>
-							</div>
-						</div>
-						<div class="wpte-card">
-							<div class="wpte-card-info">
-								<div class="wpte-card-heading">
-									<span><?php echo esc_html__('Action', 'wpte-product-layout' ); ?></span>
-									<span class="dashicons dashicons-arrow-down card-icon-hide"></span>
-									<span class="dashicons dashicons-arrow-right"></span>
-								</div>
-								<div class="wpte-card-body wpte-card-body-slider">
-									<div class="wpte-single-page-shortcode">
-										<?php $layouts = isset( $_GET['layouts'] ) ? sanitize_text_field( wp_unslash( $_GET['layouts'] ) ) : ''; ?>
-										<button class="wpte-single-page-export"><a href="<?php echo esc_url( admin_url( 'admin.php?page=product-layouts&layouts=' . $layouts . '&styleid=' . $id . '&action=export&id=' . $id . '' ) ); ?>"><?php echo esc_html__( 'EXPORT', 'wpte-product-layout' ); ?></a></button>
-										<button class="wpte-single-page-import"> <a href="<?php echo esc_url( admin_url( 'admin.php?page=product-layouts-shortcode&action=import' )); ?>"><?php echo esc_html__( 'IMPORT', 'wpte-product-layout' ); ?></a></button>
-									</div>
-								</div>
-							</div>
-						</div>
-					</div>
-				</div>
-			</div>
-		</div>
-		<?php
-	}
-
-	/**
-	 * Method wpte_editor_left_sidebar
-	 *
-	 * @return void
-	 */
-	public function wpte_editor_left_sidebar() {
-		?>
-		<aside id="wpte_setting_bar" data-visibale="true" class="ui-widget-content wpte-single-settings-card">
-			<form id="wpte-editor-update-form" action="" method="POST">
-				<div class="wpte-single-settings-card-header">
-					<div>
-						<?php echo esc_html__('Settings', 'wpte-product-layout' ); ?>
-					</div>
-					<div class="wpte-editor-avatar">
-						<svg xmlns="http://www.w3.org/2000/svg" width="30" height="28" viewBox="0 0 24 24" >
-							<path fill="currentColor" d="M21 11H3a1 1 0 0 1 0-2h18a1 1 0 0 1 0 2zm0-6H3a1 1 0 0 1 0-2h18a1 1 0 0 1 0 2zm0 12H3a1 1 0 0 1 0-2h18a1 1 0 0 1 0 2z"></path>
-						</svg>
-						<ul class="wpte-editor-dropdown-menu">
-							<li class="wpte-editor-back">
-								<a href="#" class="wpte-editor-go-back"><i class="wpte-icon icon-arrow-10"></i>Back</a>
-							</li>
-							<li>
-								<a href="<?php echo esc_url( get_site_url() ); ?>"><span class="dashicons dashicons-admin-site-alt3"></span>Visit Site</a>
-							</li>
-							<li>
-								<a href="<?php echo esc_url( admin_url() . 'admin.php?page=product-layouts' ); ?>"><span class="dashicons dashicons-wordpress"></span>Dashboard</a>
-							</li>
-						</ul>
-					</div>
-				</div>
-				<div class="wpte-single-settings-card-body">
-					<div class="wpte-single-settings-card-body-wrapper">
-						<div class="wpte-single-settings-card-body-inner">
-							<?php
-							$this->register_controls();
-							$product_layouts_page = isset( $_G

Frequently Asked Questions

What is CVE-2024-13362?
Overview of the vulnerability
CVE-2024-13362 is a reflected cross-site scripting (XSS) vulnerability found in the Freemius SDK used by WordPress plugins and themes. It allows unauthenticated attackers to inject arbitrary JavaScript into web pages through insufficient input sanitization of the ‘url’ parameter.
How does the vulnerability work?
Mechanism of exploitation
The vulnerability occurs when user-supplied input via the ‘url’ parameter is rendered directly into the page without proper sanitization. An attacker can craft a malicious URL that, when clicked by a user, executes JavaScript in the context of their browser session.
Who is affected by this vulnerability?
Identifying vulnerable installations
WordPress installations using the Freemius SDK version 2.10.1 or earlier are affected. This includes multiple plugins and themes that rely on Freemius for licensing and analytics.
How can I check if my site is vulnerable?
Steps for verification
To check if your site is vulnerable, verify the version of the Freemius SDK in use. If it is 2.10.1 or earlier, you are at risk. Additionally, review your installed plugins and themes for any that utilize the Freemius framework.
How can I fix or mitigate this issue?
Updating vulnerable components
The vulnerability is patched in version 2.10.2 of the Freemius SDK. Update to the latest version of the SDK and any affected plugins or themes to mitigate the risk. Regularly check for updates to ensure ongoing security.
What does the severity level mean?
Understanding risk assessment
The vulnerability has a medium severity rating with a CVSS score of 6.1. This indicates that while it is not the most critical vulnerability, it poses a significant risk that could lead to serious consequences if exploited.
What are the potential risks of exploitation?
Consequences of a successful attack
If exploited, an attacker could execute arbitrary JavaScript in the browser of an authenticated user, potentially leading to session hijacking, unauthorized actions, or redirection to malicious sites. This could compromise the entire WordPress installation.
What is a proof of concept for this vulnerability?
Demonstrating the exploit
A proof of concept for CVE-2024-13362 involves crafting a URL that includes a malicious payload in the ‘url’ parameter. When an administrator clicks this link, the server processes it and reflects the payload back into the page, executing the JavaScript.
What changes were made in the patch?
Details of the security update
The patch for CVE-2024-13362 includes improved sanitization of user inputs, specifically using functions like ‘esc_url’ and ‘sanitize_text_field’. It also strengthens nonce verification to ensure requests are legitimate.
How can I stay informed about future vulnerabilities?
Best practices for security monitoring
To stay informed, subscribe to security mailing lists, follow relevant security blogs, and regularly check the National Vulnerability Database (NVD) or similar resources for updates on vulnerabilities related to WordPress and its plugins.
What should I do if I cannot update immediately?
Temporary mitigation strategies
If immediate updates are not possible, consider disabling the affected plugins or themes until a patch can be applied. Additionally, review user permissions and limit access to the admin area to trusted users only.
Where can I find more information about this vulnerability?
Resources for further reading
More information can be found in the official CVE database, security advisories from plugin developers, and detailed analysis reports from security firms that cover CVE-2024-13362.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations