Unescaped parameter $ADL_LP->template_table_name used in $wpdb->get_row($wpdb->prepare("SELECT * from {$ADL_LP->template_table_name} WHERE id = %d", $id))
Unescaped parameter $AND_NOT_IN used in $wpdb->get_col("SELECT aid FROM $wpdb->democracy_a WHERE qid = $poll_id $AND_NOT_IN")\n$AND_NOT_IN assigned unsafely at line 450:\n $AND_NOT_IN = $ids ? sprintf( "AND aid NOT IN (" . implode( ',', $ids ) . ")" ) : ''\n$ids assigned unsafely at line 444:\n $ids[] = $aid\n$aid assigned unsafely at line 422:\n $aid => \n$answ_row assigned unsafely at line 423:\n $answ_row = $wpdb->get_row( "SELECT * FROM $wpdb->democracy_a WHERE aid = " . (int) $aid )
Unescaped parameter $AND_clause used in $wpdb->query($wpdb->prepare(\n\t\t\t"UPDATE $wpdb->democracy_a SET votes = (votes+1) WHERE qid = %d $AND_clause", $poll->id\n\t\t))\n$AND_clause assigned unsafely at line 116:\n $AND_clause = ' AND aid IN (' . $aids . ')'\n$aids assigned unsafely at line 115:\n $aids = implode( ',', $aids )\n$aids assigned unsafely at line 112:\n $aids = array_slice( $aids, 0, $poll->multiple )\n$aids assigned unsafely at line 104:\n $aids = reset( $aids )\n$aids assigned unsafely at line 96:\n $aids = array_filter( $aids )\n$aids assigned unsafely at line 91:\n $aids[] = $aid\n$poll->multiple used without escaping.\n$aid assigned unsafely at line 90:\n $aid = $this->insert_democratic_answer( $new_free_answer \n$new_free_answer assigned unsafely at line 78:\n $new_free_answer = $id\n$aids[] used without escaping.\n$id used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $COLUMNS used in $wpdb->query("INSERT INTO $this->table_name ( $COLUMNS ) VALUES $INSERTS")\n$COLUMNS assigned unsafely at line 609:\n $COLUMNS = implode( ', ', $this->batch_columns )\n$INSERTS assigned unsafely at line 608:\n $INSERTS = implode( ', ', $INSERTS )\n$INSERTS assigned unsafely at line 605:\n $INSERTS[] = $wpdb->prepare( '(' . $FORMATS . ')', $_insert )\n$FORMATS assigned unsafely at line 602:\n $FORMATS = implode( ', ', $this->batch_formats )
Unescaped parameter $DBB_table_name used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM $DBB_table_name WHERE bps_job_type = %s", $DBB_Rows ))\n$DBB_table_name assigned unsafely at line 47:\n $DBB_table_name = $wpdb->prefix . "bpspro_db_backup"\n$DBB_Rows assigned unsafely at line 48:\n $DBB_Rows = 'Scheduled'\n$DBB_TableRows assigned unsafely at line 49:\n $DBB_TableRows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $DBB_table_name WHERE bps_job_type = %s", $DBB_Rows ) )
FunnelKit – Funnel Builder for WooCommerce Checkout