diff --git a/composer.lock b/composer.lock
index a855ba17..ca4524bc 100644
--- a/composer.lock
+++ b/composer.lock
@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "codeinwp/themeisle-sdk",
-            "version": "3.3.48",
+            "version": "3.3.49",
             "source": {
                 "type": "git",
                 "url": "https://github.com/Codeinwp/themeisle-sdk.git",
-                "reference": "0727d2cf2fc9bfb81b42968aeaf2bf4e340f021e"
+                "reference": "605f78bbbd8526f7597a89077791043d9ecc8c20"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/Codeinwp/themeisle-sdk/zipball/0727d2cf2fc9bfb81b42968aeaf2bf4e340f021e",
-                "reference": "0727d2cf2fc9bfb81b42968aeaf2bf4e340f021e",
+                "url": "https://api.github.com/repos/Codeinwp/themeisle-sdk/zipball/605f78bbbd8526f7597a89077791043d9ecc8c20",
+                "reference": "605f78bbbd8526f7597a89077791043d9ecc8c20",
                 "shasum": ""
             },
             "require-dev": {
@@ -36,16 +36,16 @@
                     "homepage": "https://themeisle.com"
                 }
             ],
-            "description": "ThemeIsle SDK",
+            "description": "Themeisle SDK.",
             "homepage": "https://github.com/Codeinwp/themeisle-sdk",
             "keywords": [
                 "wordpress"
             ],
             "support": {
                 "issues": "https://github.com/Codeinwp/themeisle-sdk/issues",
-                "source": "https://github.com/Codeinwp/themeisle-sdk/tree/v3.3.48"
+                "source": "https://github.com/Codeinwp/themeisle-sdk/tree/v3.3.49"
             },
-            "time": "2025-08-11T16:47:24+00:00"
+            "time": "2025-09-18T13:41:05+00:00"
         }
     ],
     "packages-dev": [
diff --git a/includes/abstract/feedzy-rss-feeds-admin-abstract.php b/includes/abstract/feedzy-rss-feeds-admin-abstract.php
index 2f7b3b25..cab66b62 100644
--- a/includes/abstract/feedzy-rss-feeds-admin-abstract.php
+++ b/includes/abstract/feedzy-rss-feeds-admin-abstract.php
@@ -697,10 +697,14 @@ public function normalize_urls( $raw ) {
 		$feed_url = apply_filters( 'feedzy_get_feed_url', $feeds );
 		if ( is_array( $feed_url ) ) {
 			foreach ( $feed_url as $index => $url ) {
-				$feed_url[ $index ] = trim( $this->smart_convert( $url ) );
+				if ( wp_http_validate_url( $url ) ) {
+					$feed_url[ $index ] = trim( $this->smart_convert( esc_url_raw( $url ) ) );
+				}
 			}
+		} elseif ( wp_http_validate_url( $feed_url ) ) {
+			$feed_url = trim( $this->smart_convert( esc_url_raw( $feed_url ) ) );
 		} else {
-			$feed_url = trim( $this->smart_convert( $feed_url ) );
+			$feed_url = '';
 		}
 
 		return $feed_url;
diff --git a/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php b/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php
index 9f475aa2..62ed9410 100644
--- a/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php
+++ b/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php
@@ -284,8 +284,9 @@ public function feedzy_register_rest_route() {
 			array(
 				'methods'             => 'POST',
 				'callback'            => array( $this, 'feedzy_rest_route' ),
-				'permission_callback' => function () {
-					return is_user_logged_in();
+				'permission_callback' => function ( WP_REST_Request $request ) {
+					$post_id = absint( $request->get_param( 'postId' ) );
+					return current_user_can( 'edit_post', $post_id );
 				},
 				'args'                => array(
 					'url'      => array(
@@ -398,12 +399,14 @@ public function feedzy_rest_route( $data ) {
 	 */
 	public function feedzy_sanitize_feeds( $input ) {
 		if ( count( $input ) === 1 ) {
-			$feed = esc_url( $input[0] );
+			$feed = wp_http_validate_url( $input[0] );
 			return $feed;
 		} else {
 			$feeds = array();
 			foreach ( $input as $item ) {
-				$feeds[] = esc_url( $item );
+				if ( wp_http_validate_url( $item ) ) {
+					$feeds[] = esc_url_raw( $item );
+				}
 			}
 			return $feeds;
 		}
diff --git a/js/FeedzyBlock/Editor.js b/js/FeedzyBlock/Editor.js
index 979e7843..96065f3f 100644
--- a/js/FeedzyBlock/Editor.js
+++ b/js/FeedzyBlock/Editor.js
@@ -194,11 +194,12 @@ class Editor extends Component {
 				.filter((item) => item !== '');
 			url = queryString.stringify({ url }, { arrayFormat: 'bracket' });
 		}
+		const postId = wp.data.select('core/editor').getCurrentPostId();
 
 		apiFetch({
 			path: `/feedzy/v1/feed?${url}`,
 			method: 'POST',
-			data: this.props.attributes,
+			data: {...this.props.attributes, postId: postId},
 		})
 			.then((data) => {
 				if (this.unmounting) {
@@ -311,16 +312,20 @@ class Editor extends Component {
 
 	getImageURL(item, background) {
 		let url;
-		if (item.thumbnail && this.props.attributes.thumb === 'auto') {
-			url = item.thumbnail;
+		if (
+			item.thumbnail &&
+			this.props.attributes.thumb === 'auto' &&
+			item.thumbnail !== item.default_img
+		) {
+			url = item.thumbnail.replace(/http:/g, 'https:');
 		} else if (this.props.attributes.default) {
 			url = this.props.attributes.default.url;
+		} else if (item.default_img) {
+			url = item.default_img;
 		} else {
 			url = window.feedzyjs.imagepath + 'feedzy.svg';
 		}
 
-		url = url.replace(/http:/g, 'https:');
-
 		if (background) {
 			url = 'url("' + url + '")';
 		}
diff --git a/tests/e2e/specs/classic-block.spec.js b/tests/e2e/specs/classic-block.spec.js
index f70e7741..17733bce 100644
--- a/tests/e2e/specs/classic-block.spec.js
+++ b/tests/e2e/specs/classic-block.spec.js
@@ -124,4 +124,30 @@ test.describe('Feedzy Classic Block', () => {
 		const image = page.locator('.feedzy-rss .rss_image img');
 		await expect(image).toHaveAttribute('style', /aspect-ratio:\s*auto;/i);
 	});
+
+	test('embed youtube video', async ({ editor, page, admin }) => {
+		await admin.createNewPost();
+
+		await editor.insertBlock({
+			name: 'feedzy-rss-feeds/feedzy-block',
+			attributes: {
+				feeds: 'https://www.youtube.com/feeds/videos.xml?channel_id=UCSHmNs-_UuU1CfPhSbilTZQ',
+				max: 1,
+			},
+		});
+
+		const postId = await editor.publishPost();
+		await page.goto(`/?p=${postId}`);
+
+		const rssContainer = page.locator('.rss_item').first();
+		await expect(rssContainer).toBeVisible();
+
+		const youtubeLink = rssContainer
+			.locator('a[href*="youtube.com/"]')
+			.first();
+		await expect(youtubeLink).toBeVisible();
+
+		const image = rssContainer.locator('img').first();
+		await expect(image).toBeVisible();
+	});
 });
diff --git a/tests/e2e/specs/import.spec.js b/tests/e2e/specs/import.spec.js
index 32283ac2..8f91f01c 100644
--- a/tests/e2e/specs/import.spec.js
+++ b/tests/e2e/specs/import.spec.js
@@ -304,4 +304,31 @@ test.describe('Feed Import', () => {
 			page.locator('.attachment').count()
 		).resolves.toBeGreaterThan(0); // We should have some imported images.
 	});
+
+	test('close Feedzy Action modal when clicking outside', async ({
+		page,
+	}) => {
+		await page.goto('/wp-admin/post-new.php?post_type=feedzy_imports');
+		await tryCloseTourModal(page);
+
+		await page
+			.getByRole('button', { name: 'Step 3 Map content ' })
+			.click();
+
+		await expect(
+			page.getByText('Post Title item title Item')
+		).toBeVisible();
+
+		await page.getByTitle('item title').getByRole('link').click();
+
+		await expect(
+			page.getByRole('heading', { name: 'Add actions to this tag' })
+		).toBeVisible();
+
+		await page.locator('body').click({ position: { x: 0, y: 0 } });
+
+		await expect(
+			page.getByRole('heading', { name: 'Add actions to this tag' })
+		).not.toBeVisible();
+	});
 });