diff --git a/includes/core/class-fields.php b/includes/core/class-fields.php
index 60d4d79a..d655dc5d 100644
--- a/includes/core/class-fields.php
+++ b/includes/core/class-fields.php
@@ -4947,57 +4947,48 @@ if ( ! class_exists( 'um\core\Fields' ) ) {
 		/**
 		 *
 		 */
-		function do_ajax_action() {
+		public function do_ajax_action() {
 			UM()->admin()->check_ajax_nonce();
 
 			if ( ! is_user_logged_in() || ! current_user_can( 'manage_options' ) ) {
 				wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
 			}
 
-			/**
-			 * @var $in_row
-			 * @var $in_sub_row
-			 * @var $in_column
-			 * @var $in_group
-			 * @var $act_id
-			 * @var $arg1
-			 * @var $arg2
-			 */
-			extract( $_POST );
-
 			$output = null;
 
 			$position = array();
-			if ( ! empty( $in_column ) ) {
-				$position['in_row'] = '_um_row_' . ( (int) $in_row + 1 );
-				$position['in_sub_row'] = $in_sub_row;
-				$position['in_column'] = $in_column;
-				$position['in_group'] = $in_group;
+			// phpcs:disable WordPress.Security.NonceVerification
+			if ( ! empty( $_POST['in_column'] ) ) {
+				$position['in_row']     = '_um_row_' . ( (int) $_POST['in_row'] + 1 );
+				$position['in_sub_row'] = isset( $_POST['in_sub_row'] ) ? $_POST['in_sub_row'] : '';
+				$position['in_column']  = isset( $_POST['in_column'] ) ? $_POST['in_column'] : '';
+				$position['in_group']   = isset( $_POST['in_group'] ) ? $_POST['in_group'] : '';
 			}
 
-			switch ( $act_id ) {
+			if ( isset( $_POST['act_id'] ) ) {
+				switch ( $_POST['act_id'] ) {
+					case 'um_admin_duplicate_field':
+						$this->duplicate_field( $_POST['arg1'], $_POST['arg2'] );
+						break;
 
-				case 'um_admin_duplicate_field':
-					$this->duplicate_field( $arg1, $arg2 );
-					break;
+					case 'um_admin_remove_field_global':
+						$this->delete_field_from_db( $_POST['arg1'] );
+						break;
 
-				case 'um_admin_remove_field_global':
-					$this->delete_field_from_db( $arg1 );
-					break;
+					case 'um_admin_remove_field':
+						$this->delete_field_from_form( $_POST['arg1'], $_POST['arg2'] );
+						break;
 
-				case 'um_admin_remove_field':
-					$this->delete_field_from_form( $arg1, $arg2 );
-					break;
-
-				case 'um_admin_add_field_from_predefined':
-					$this->add_field_from_predefined( $arg1, $arg2, $position );
-					break;
-
-				case 'um_admin_add_field_from_list':
-					$this->add_field_from_list( $arg1, $arg2, $position );
-					break;
+					case 'um_admin_add_field_from_predefined':
+						$this->add_field_from_predefined( $_POST['arg1'], $_POST['arg2'], $position );
+						break;
 
+					case 'um_admin_add_field_from_list':
+						$this->add_field_from_list( $_POST['arg1'], $_POST['arg2'], $position );
+						break;
+				}
 			}
+			// phpcs:enable WordPress.Security.NonceVerification
 
 			if ( is_array( $output ) ) {
 				print_r( $output );