Unescaped parameter $checkMinIDQuery used in $wpdb->get_results($checkMinIDQuery)\n$checkMinIDQuery assigned unsafely at line 1309:\n $checkMinIDQuery = $wpdb->prepare("SELECT id FROM `" . $logTableName . "` \\n " .\n "WHERE CAST(requested_url AS CHAR CHARACTER SET utf8mb4) COLLATE utf8mb4_unicode_ci = %s \\n " .\n "LIMIT 1", $requested_url)\n$logTableName assigned unsafely at line 1247:\n $logTableName = $this->doTableNameReplacements("{wp_abj404_logsv2}")
Unescaped parameter $extraDataQuery used in $wpdb->get_results($extraDataQuery)\n$extraDataQuery assigned unsafely at line 243:\n $extraDataQuery = "select @@max_join_size as max_join_size, " . \n \t\t"@@sql_big_selects as sql_big_selects, " .\n "@@character_set_database as character_set_database"\n$someMySQLVariables assigned unsafely at line 246:\n $someMySQLVariables = $wpdb->get_results($extraDataQuery, ARRAY_A)
Unescaped parameter $f used in $wpdb->query('drop table ' . $f->strtolower($wpdb->prefix) . 'abj404_logs')\n$f assigned unsafely at line 486:\n $f = ABJ_404_Solution_Functions::getInstance()
Unescaped parameter $finalSQL used in $wpdb->get_results($finalSQL)\n$finalSQL assigned unsafely at line 693:\n $finalSQL \t= "SELECT * FROM {$wpdb->prefix}postmeta as `m1` WHERE {$whereSQL} m1.post_id IN ( SELECT post_id FROM {$wpdb->prefix}postmeta as `m` WHERE 1 = 1 AND m.meta_key ='_pprredirect_active' AND m.meta_value = '1');"\n$whereSQL assigned unsafely at line 692:\n $whereSQL \t= ((int) $allNewWin == 1 || (int) $allNoFoll == 1 || $rewrite ) ? "" : " ( m1.meta_key IN ( '_pprredirect_newwindow' ,'_pprredirect_relnofollow', '_pprredirect_rewritelink', '_pprredirect_url' ) AND m1.meta_value !='0' AND m1.meta_value !='' ) AND "
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $id used in $wpdb->get_results("select $id,$name from PREFIX_$tbl $where $order $limit ")\n$id used without escaping.\n$name used without escaping.\n$tbl used without escaping.\n$order used without escaping.\n$limit used without escaping.