gocodebox · brianhogg · Apr 9, 2026 · Apr 9, 2026
@@ -0,0 +1,3 @@
+significance: patch
+type: changed
+entry: Using standard WP nonce check functions instead of llms_verify_nonce.
@@ -466,7 +466,7 @@ public function register() {
 	 */
 	protected function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) || ! current_user_can( $this->capability, $post_id ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) || ! current_user_can( $this->capability, $post_id ) ) {
 			return -1;
 		}
 

@@ -377,7 +377,7 @@ public function save(): ?WP_Error {
 		$nonce  = "llms_{$this->id}_nonce";
 		$action = "llms_{$this->id}_save";
 
-		if ( ! isset( $_POST[ $nonce ] ) || ! llms_verify_nonce( $nonce, $action ) || ! current_user_can( 'manage_lifterlms' ) ) {
+		if ( ! isset( $_POST[ $nonce ] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[ $nonce ] ) ), $action ) || ! current_user_can( 'manage_lifterlms' ) ) {
 			return null;
 		}
 

@@ -158,11 +158,8 @@ public function maybe_handle_awarded_engagement_sync_actions() {
 		}
 
 		// Verify nonce.
-		if ( ! llms_verify_nonce(
-			"_llms_{$this->engagement_type}_sync_actions_nonce",
-			"llms-{$this->engagement_type}-sync-actions",
-			'GET'
-		) ) {
+		$nonce_field = "_llms_{$this->engagement_type}_sync_actions_nonce";
+		if ( ! isset( $_REQUEST[ $nonce_field ] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST[ $nonce_field ] ) ), "llms-{$this->engagement_type}-sync-actions" ) ) {
 			$result = new WP_Error(
 				"llms-sync-awarded-{$this->engagement_type}s-invalid-nonce",
 				$this->get_text( self::TEXT_SYNC_AWARDED_ENGAGEMENTS_INVALID_NONCE )

@@ -253,7 +253,8 @@ public function ajax_callback_remote_install_verify() {
 	 */
 	protected function can_remote_install() {
 
-		if ( ! llms_verify_nonce( '_llms_' . $this->id . '_nonce', 'llms-' . $this->id . '-install' ) ) {
+		$nonce_field = '_llms_' . $this->id . '_nonce';
+		if ( ! isset( $_REQUEST[ $nonce_field ] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST[ $nonce_field ] ) ), 'llms-' . $this->id . '-install' ) ) {
 			return array(
 				'code'    => 'llms_' . $this->id . '_install_nonce_failure',
 				'message' => esc_html__( 'Security check failed.', 'lifterlms' ),

@@ -45,7 +45,7 @@ public function maybe_serve_export() {
 		}
 
 		// Verify nonce.
-		if ( ! llms_verify_nonce( 'llms_dl_export_nonce', LLMS_Abstract_Exportable_Admin_Table::EXPORT_NONCE_ACTION, 'GET' ) ) {
+		if ( ! isset( $_REQUEST['llms_dl_export_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['llms_dl_export_nonce'] ) ), LLMS_Abstract_Exportable_Admin_Table::EXPORT_NONCE_ACTION ) ) {
 			wp_die( esc_html__( 'Cheatin&#8217; huh?', 'lifterlms' ) );
 		}
 

@@ -123,7 +123,7 @@ public function admin_footer( $text ) {
 	 */
 	public function dismiss() {
 
-		if ( ! current_user_can( 'manage_lifterlms' ) || ! llms_verify_nonce( 'nonce', 'llms-admin-review-request-dismiss' ) ) {
+		if ( ! current_user_can( 'manage_lifterlms' ) || ! isset( $_REQUEST['nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) ), 'llms-admin-review-request-dismiss' ) ) {
 			wp_die();
 		}
 

@@ -239,7 +239,7 @@ private function get_products_for_cat( $cat, $include_bundles = true ) {
 	public function handle_actions() {
 
 		// Activate & deactivate addons.
-		if ( llms_verify_nonce( '_llms_manage_addon_nonce', 'llms_manage_addon' ) ) {
+		if ( isset( $_REQUEST['_llms_manage_addon_nonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_llms_manage_addon_nonce'] ) ), 'llms_manage_addon' ) ) {
 
 			$this->handle_manage_addons();
 			LLMS_Admin_Notices::output_notices();

@@ -81,7 +81,7 @@ public function add_help_tabs() {
 	 */
 	public function cloud_import() {
 
-		if ( ! llms_verify_nonce( 'llms_cloud_importer_nonce', 'llms-cloud-importer' ) || ! current_user_can( 'manage_lifterlms' ) ) {
+		if ( ! isset( $_REQUEST['llms_cloud_importer_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['llms_cloud_importer_nonce'] ) ), 'llms-cloud-importer' ) || ! current_user_can( 'manage_lifterlms' ) ) {
 			return false;
 		}
 
@@ -277,7 +277,7 @@ protected function show_error( $error ) {
 	 */
 	public function upload_import() {
 
-		if ( ! llms_verify_nonce( 'llms_importer_nonce', 'llms-importer' ) || ! current_user_can( 'manage_lifterlms' ) || empty( $_FILES['llms_import'] ) ) {
+		if ( ! isset( $_REQUEST['llms_importer_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['llms_importer_nonce'] ) ), 'llms-importer' ) || ! current_user_can( 'manage_lifterlms' ) || empty( $_FILES['llms_import'] ) ) {
 			return false;
 		}
 

@@ -246,7 +246,7 @@ public static function has_notice( $notice_id ) {
 	 */
 	public static function hide_notices() {
 		if ( ( isset( $_GET['llms-hide-notice'] ) || isset( $_GET['llms-remind-notice'] ) ) && isset( $_GET['_llms_notice_nonce'] ) ) {
-			if ( ! llms_verify_nonce( '_llms_notice_nonce', 'llms_hide_notices_nonce', 'GET' ) ) {
+			if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_llms_notice_nonce'] ) ), 'llms_hide_notices_nonce' ) ) {
 				wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'lifterlms' ) );
 			}
 			if ( ! current_user_can( 'manage_options' ) ) {

@@ -74,7 +74,7 @@ public static function add_core_tools( $tools ) {
 	 */
 	private static function do_tool() {
 
-		if ( ! llms_verify_nonce( '_wpnonce', 'llms_tool' ) || ! current_user_can( 'manage_lifterlms' ) ) {
+		if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'llms_tool' ) || ! current_user_can( 'manage_lifterlms' ) ) {
 			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'lifterlms' ) );
 		}
 
@@ -265,7 +265,7 @@ public static function output() {
 	 */
 	private static function remove_log_file() {
 
-		if ( ! llms_verify_nonce( '_wpnonce', 'delete_log', 'GET' ) || ! current_user_can( 'manage_lifterlms' ) ) {
+		if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'delete_log' ) || ! current_user_can( 'manage_lifterlms' ) ) {
 			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'lifterlms' ) );
 		}
 

@@ -88,7 +88,7 @@ public static function get_settings_tabs() {
 	public static function save() {
 
 		global $current_tab;
-		if ( isset( $_POST['_wpnonce'] ) && ! llms_verify_nonce( '_wpnonce', 'lifterlms-settings' ) ) {
+		if ( isset( $_POST['_wpnonce'] ) && ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) ), 'lifterlms-settings' ) ) {
 			die( esc_html__( 'Whoa! something went wrong there!. Please refresh the page and retry.', 'lifterlms' ) );
 		}
 

@@ -285,7 +285,7 @@ public function validate_post( $post_id, $post ) {
 			return false;
 		} elseif ( defined( 'DOING_AUTOSAVE' ) || is_int( wp_is_post_revision( $post ) ) || is_int( wp_is_post_autosave( $post ) ) ) {
 			return false;
-		} elseif ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		} elseif ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return false;
 		} elseif ( empty( $_POST['post_ID'] ) || $_POST['post_ID'] != $post_id ) {
 			return false;

@@ -247,7 +247,10 @@ public function get_fields() {
 	 */
 	protected function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return;
 		}
 

@@ -574,7 +574,10 @@ function_exists( 'llms_blocks_is_post_migrated' ) && llms_blocks_is_post_migrate
 	 */
 	protected function save_before( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return;
 		}
 

@@ -251,7 +251,10 @@ public function get_fields() {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return;
 		}
 

@@ -375,7 +375,10 @@ public function get_fields() {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return -1;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return -1;
 		}
 

@@ -91,7 +91,10 @@ public function output() {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return -1;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return -1;
 		}
 

@@ -104,7 +104,10 @@ public function output() {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return;
 		}
 

@@ -121,7 +121,10 @@ private function resend_receipt( $post_id ) {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! isset( $_REQUEST['lifterlms_meta_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return;
 		}
 

@@ -92,7 +92,10 @@ public function output() {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! llms_verify_nonce( 'llms_catalog_visibility_nonce', 'llms-catalog-visibility-nonce' ) ) {
+		if ( ! isset( $_REQUEST['llms_catalog_visibility_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['llms_catalog_visibility_nonce'] ) ), 'llms-catalog-visibility-nonce' ) ) {
 			return;
 		}
 

@@ -80,7 +80,7 @@ public static function output( $post ) {
 	 */
 	public static function export() {
 
-		if ( empty( llms_filter_input( INPUT_POST, 'llms_generate_export' ) ) || ! llms_verify_nonce( 'lifterlms_export_nonce', 'lifterlms_csv_export_data' ) ) {
+		if ( empty( llms_filter_input( INPUT_POST, 'llms_generate_export' ) ) || ! isset( $_REQUEST['lifterlms_export_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_export_nonce'] ) ), 'lifterlms_csv_export_data' ) ) {
 			return false;
 		}
 

@@ -257,7 +257,7 @@ private function redemption_section_html() {
 	 */
 	public function save( $post_id ) {
 
-		if ( ! empty( llms_filter_input( INPUT_POST, 'llms_generate_export' ) ) || ! llms_verify_nonce( 'lifterlms_meta_nonce', 'lifterlms_save_data' ) ) {
+		if ( ! empty( llms_filter_input( INPUT_POST, 'llms_generate_export' ) ) || ! isset( $_REQUEST['lifterlms_meta_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['lifterlms_meta_nonce'] ) ), 'lifterlms_save_data' ) ) {
 			return false;
 		}
 

@@ -404,7 +404,10 @@ private function get_settings_gateway( $curr_section ) {
 	 */
 	public function save() {
 
-		if ( ! llms_verify_nonce( '_wpnonce', 'lifterlms-settings' ) ) {
+		if ( ! isset( $_REQUEST['_wpnonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'lifterlms-settings' ) ) {
 			return;
 		}
 

@@ -242,7 +242,10 @@ public function merge_code_button() {
 	 */
 	public function before_save() {
 
-		if ( ! llms_verify_nonce( '_wpnonce', 'lifterlms-settings' ) ) {
+		if ( ! isset( $_REQUEST['_wpnonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'lifterlms-settings' ) ) {
 			return;
 		}
 
@@ -266,7 +269,10 @@ public function before_save() {
 	 */
 	public function after_save() {
 
-		if ( ! llms_verify_nonce( '_wpnonce', 'lifterlms-settings' ) ) {
+		if ( ! isset( $_REQUEST['_wpnonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ), 'lifterlms-settings' ) ) {
 			return;
 		}
 

@@ -84,7 +84,7 @@ public static function handle_staging_notice_actions() {
 			return;
 		}
 
-		if ( ! llms_verify_nonce( '_llms_staging_nonce', 'llms_staging_status', 'GET' ) || ! current_user_can( 'manage_options' ) ) {
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_llms_staging_nonce'] ) ), 'llms_staging_status' ) || ! current_user_can( 'manage_options' ) ) {
 			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'lifterlms' ) );
 		}
 

@@ -691,7 +691,7 @@ public static function update_actions() {
 			return;
 		}
 
-		if ( ! llms_verify_nonce( 'llms-db-update', 'do_db_updates', 'GET' ) ) {
+		if ( ! isset( $_REQUEST['llms-db-update'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['llms-db-update'] ) ), 'do_db_updates' ) ) {
 			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'lifterlms' ) );
 		}
 

@@ -220,7 +220,7 @@ public static function get_url( $role, $href = false, $args = array() ) {
 	 */
 	private function get_view() {
 
-		if ( ! llms_verify_nonce( 'view_nonce', 'llms-view-as', 'GET' ) ) {
+		if ( ! isset( $_REQUEST['view_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['view_nonce'] ) ), 'llms-view-as' ) ) {
 			return 'self';
 		}
 

@@ -462,7 +462,10 @@ private function start_ajax( $method ) {
 	public function switch_payment_source() {
 
 		// Invalid nonce or the form wasn't submitted.
-		if ( ! llms_verify_nonce( '_switch_source_nonce', self::ACTION_SWITCH_PAYMENT_SOURCE ) ) {
+		if ( ! isset( $_REQUEST['_switch_source_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_switch_source_nonce'] ) ), self::ACTION_SWITCH_PAYMENT_SOURCE ) ) {
 			return;
 		}
 
@@ -490,7 +493,10 @@ public function switch_payment_source() {
 	public function switch_payment_source_ajax() {
 
 		// Invalid nonce or the form wasn't submitted.
-		if ( ! llms_verify_nonce( self::AJAX_QS_VAR, self::ACTION_SWITCH_PAYMENT_SOURCE ) ) {
+		if ( ! isset( $_REQUEST[ self::AJAX_QS_VAR ] ) ) {
+			return null;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST[ self::AJAX_QS_VAR ] ) ), self::ACTION_SWITCH_PAYMENT_SOURCE ) ) {
 			return null;
 		}
 
@@ -676,7 +682,10 @@ private function switch_payment_source_success( $args, $note = false ) {
 	 */
 	private function verify_request( $field, $nonce ) {
 
-		if ( ! llms_verify_nonce( $field, $nonce, 'POST' ) ) {
+		if ( ! isset( $_REQUEST[ $field ] ) ) {
+			return null;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST[ $field ] ) ), $nonce ) ) {
 			return null;
 		}
 

@@ -88,7 +88,10 @@ protected function get_text( $text_type, $variables = array() ) {
 	 */
 	public function maybe_handle_reporting_actions() {
 
-		if ( ! llms_verify_nonce( '_llms_achievement_actions_nonce', 'llms-achievement-actions' ) ) {
+		if ( ! isset( $_REQUEST['_llms_achievement_actions_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_llms_achievement_actions_nonce'] ) ), 'llms-achievement-actions' ) ) {
 			return;
 		}
 

@@ -40,7 +40,10 @@ public function __construct() {
 	 */
 	public function maybe_run_actions() {
 
-		if ( ! llms_verify_nonce( '_llms_quiz_attempt_nonce', 'llms_quiz_attempt_actions', 'POST' ) ) {
+		if ( ! isset( $_REQUEST['_llms_quiz_attempt_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_llms_quiz_attempt_nonce'] ) ), 'llms_quiz_attempt_actions' ) ) {
 			return;
 		}
 

@@ -163,7 +163,10 @@ public function maybe_authenticate_export_generation() {
 	 * @return void
 	 */
 	public function maybe_handle_reporting_actions() {
-		if ( ! llms_verify_nonce( '_llms_cert_actions_nonce', 'llms-cert-actions' ) ) {
+		if ( ! isset( $_REQUEST['_llms_cert_actions_nonce'] ) ) {
+			return;
+		}
+		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['_llms_cert_actions_nonce'] ) ), 'llms-cert-actions' ) ) {
 			return;
 		}
-Original file line number
+Diff line change
@@ Expand Up / @@ -84,7 +84,7 @@ public static function handle_staging_notice_actions() { @@
     			return;
     		}
-    		if ( ! llms_verify_nonce( '_llms_staging_nonce', 'llms_staging_status', 'GET' ) || ! current_user_can( 'manage_options' ) ) {
+    		if ( ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_llms_staging_nonce'] ) ), 'llms_staging_status' ) || ! current_user_can( 'manage_options' ) ) {
     			wp_die( esc_html__( 'Action failed. Please refresh the page and retry.', 'lifterlms' ) );
     		}
@@ Expand Down @@