Unescaped parameter $column used in $wpdb->get_results("SELECT DISTINCT $column FROM $wpdb->stream")\n$column used without escaping.
Unescaped parameter $context_table_name used in $wpdb->get_col($wpdb->prepare(\n\t\t\t\t"SELECT DISTINCT c.history_id\n\t\t\t\tFROM {$context_table_name} AS c\n\t\t\t\tWHERE c.key = %s",\n\t\t\t\t'_imported_event'\n\t\t\t))\n$context_table_name assigned unsafely at line 563:\n $context_table_name = $this->simple_history->get_contexts_table_name()
Unescaped parameter $context_table_name used in $wpdb->query($wpdb->prepare(\n\t\t\t\t"DELETE FROM {$context_table_name}\n\t\t\t\tWHERE history_id IN ({$placeholders})",\n\t\t\t\t...$history_ids\n\t\t\t))\n$context_table_name assigned unsafely at line 563:\n $context_table_name = $this->simple_history->get_contexts_table_name()
Unescaped parameter $count_query used in $wpdb->get_var($count_query)\n$count_query assigned unsafely at line 268:\n $count_query = apply_filters( 'wp_stream_db_count_query', $count_query, $args )\n$count_query assigned unsafely at line 255:\n $count_query = "SELECT COUNT(*) as found\n\t\tFROM $wpdb->stream\n\t\t{$join}\n\t\tWHERE 1=1 {$where}"\n$args used without escaping.\n$join assigned unsafely at line 31:\n $join = ''\n$where assigned unsafely at line 232:\n $where = apply_filters( 'wp_stream_db_query_where', $where )\n$where assigned unsafely at line 162:\n $where .= $wpdb->prepare( " AND $wpdb->stream.%s NOT IN {$format}", $field, $value )\n$format assigned unsafely at line 161:\n $format = '(' . join( ',', array_fill( 0, count( $value ), $type ) ) . ')'\n$type assigned unsafely at line 158:\n $type = is_numeric( array_shift( $value ) ) ? '%d' : '%s'\n$type assigned unsafely at line 130:\n $type = is_numeric( array_shift( $value ) ) ? '%d' : '%s'