Fix security and sanitization issues in AJAX handler

- Add proper nonce sanitization with wp_unslash and sanitize_text_field
- Add capability check (install_plugins) before allowing dismissal
- Fix Neve plan default -1 handling by removing absint() to allow fallback to TPC license tier

Agent-Logs-Url: https://github.com/Codeinwp/templates-patterns-collection/sessions/69fed254-eb0a-4138-aca4-b87abd12189f

Co-authored-by: harshitarora-in <56164789+harshitarora-in@users.noreply.github.com>

Author: Claude

includes/Admin.php

@@ -180,7 +180,14 @@ public function dismiss_onboarding_promo_notice() {
 			return;
 		}
 
-		if ( ! wp_verify_nonce( $_REQUEST['nonce'], 'dismiss_onboarding_promo_notice' ) ) {
+		$nonce = sanitize_text_field( wp_unslash( $_REQUEST['nonce'] ) );
+
+		if ( ! wp_verify_nonce( $nonce, 'dismiss_onboarding_promo_notice' ) ) {
+			$this->ensure_ajax_response( $response );
+			return;
+		}
+
+		if ( ! current_user_can( 'install_plugins' ) ) {
 			$this->ensure_ajax_response( $response );
 			return;
 		}
@@ -212,7 +219,7 @@ private function should_show_business_agency_promo_text() {
 		$license_key  = isset( $license_data->key ) ? strtolower( trim( (string) $license_data->key ) ) : '';
 		$license_tier = License::get_license_tier( 0 );
 		$raw_tier     = isset( $license_data->tier ) ? absint( $license_data->tier ) : 0;
-		$neve_plan    = absint( apply_filters( 'product_neve_license_plan', -1 ) );
+		$neve_plan    = apply_filters( 'product_neve_license_plan', -1 );
 
 		if ( $license_key === '' || $license_key === 'free' ) {
 			return false;
@@ -222,7 +229,8 @@ private function should_show_business_agency_promo_text() {
 			return false;
 		}
 
-		if ( in_array( $neve_plan, array( 1, 2, 3 ), true ) ) {
+		// Check Neve plan only if it's a valid category (not -1 default)
+		if ( -1 !== $neve_plan && in_array( $neve_plan, array( 1, 2, 3, 4, 5, 6, 7, 8, 9 ), true ) ) {
 			// Normalize Neve plan category to TPC tier using License::NEVE_CATEGORY_MAPPING
 			$normalized_neve_tier = isset( License::NEVE_CATEGORY_MAPPING[ $neve_plan ] ) ? License::NEVE_CATEGORY_MAPPING[ $neve_plan ] : -1;
 			return in_array( $normalized_neve_tier, array( 2, 3 ), true );