diff --git a/includes/Classes/GlobalSettingsHandler.php b/includes/Classes/GlobalSettingsHandler.php
index d897ded..2d76a23 100644
--- a/includes/Classes/GlobalSettingsHandler.php
+++ b/includes/Classes/GlobalSettingsHandler.php
@@ -21,9 +21,7 @@ public function handleEndpoints()
     {
         $route = sanitize_text_field($_REQUEST['route']);
 
-        if ($route !== 'wpf_upload_image') {
-            wpfValidateNonce('wpf_admin_nonce');
-        }
+        wpfValidateNonce('wpf_admin_nonce');
 
         $routes = array(
             'get_global_currency_settings'    => 'getGlobalCurrencySettings',
@@ -94,15 +92,16 @@ protected function handleFileUpload()
         if (!function_exists('wp_handle_upload')) {
             require_once(ABSPATH . 'wp-admin/includes/file.php');
         }
-        $uploadedfile = $_FILES['file'];
+        if (empty($_FILES['file']) || empty($_FILES['file']['tmp_name'])) {
+            wp_send_json_error(__('Please upload a valid image file', 'wppayform'), 423);
+        }
 
-        $acceptedFilles = array(
-            'image/png',
-            'image/jpeg'
-        );
+        $uploadedfile = $_FILES['file'];
+        $fileType = wp_check_filetype_and_ext($uploadedfile['tmp_name'], $uploadedfile['name']);
+        $acceptedExtensions = array('jpg', 'jpeg', 'png');
 
-        if (!in_array($uploadedfile['type'], $acceptedFilles)) {
-            wp_send_json(__('Please upload only jpg/png format files', 'wppayform'), 423);
+        if (empty($fileType['ext']) || !in_array($fileType['ext'], $acceptedExtensions, true)) {
+            wp_send_json_error(__('Please upload only jpg/png format files', 'wppayform'), 423);
         }
 
         $upload_overrides = array('test_form' => false);
diff --git a/includes/Classes/Menu.php b/includes/Classes/Menu.php
index c53e201..afb1438 100644
--- a/includes/Classes/Menu.php
+++ b/includes/Classes/Menu.php
@@ -157,7 +157,7 @@ public function enqueueAssets()
                 'wpf_admin_nonce' => wp_create_nonce('wpf_admin_nonce'),
                 'paymentStatuses' => GeneralSettings::getPaymentStatuses(),
                 'entryStatuses' => GeneralSettings::getEntryStatuses(),
-                'image_upload_url' => admin_url('admin-ajax.php?action=wpf_global_settings_handler&route=wpf_upload_image'),
+                'image_upload_url' => admin_url('admin-ajax.php?action=wpf_global_settings_handler&route=wpf_upload_image&wpf_admin_nonce=' . wp_create_nonce('wpf_admin_nonce')),
                 'forms_count' => Forms::getTotalCount(),
                 'assets_url' => WPPAYFORM_URL.'assets/',
                 'has_pro' => defined('WPPAYFORMHASPRO') && WPPAYFORMHASPRO,