Unescaped parameter $ignored_where used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t\t\t\t\t"SELECT count(*) FROM {$wpdb->prefix}accessibility_checker $ignored_where",\n\t\t\t\t$ignored_parameters\n\t\t\t))\n$ignored_where assigned unsafely at line 200:\n $ignored_where .= ' and rule != %s'\n$ignored_where assigned unsafely at line 197:\n $ignored_where = 'WHERE siteid = %d and postid = %d and ignre = %d'\n$ignored_count assigned unsafely at line 204:\n $ignored_count = $wpdb->get_var(\n\t\t\t$wpdb->prepare(\n\t\t\t\t// phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared , WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare\n\t\t\t\t"SELECT count(*) FROM {$wpdb->prefix}accessibility_checker $ignored_where",\n\t\t\t\t$ignored_parameters\n\t\t\t)\n\t\t)\n$ignored_parameters assigned unsafely at line 196:\n $ignored_parameters = [ get_current_blog_id(), $this->post_id, 1 ]
Unescaped parameter $posts_without_issues used in $wpdb->get_var($posts_without_issues)\n$posts_without_issues assigned unsafely at line 255:\n $posts_without_issues = "\n\t\t\t\tSELECT COUNT({$wpdb->posts}.ID) FROM {$wpdb->posts}\n\t\t\t\tLEFT JOIN " . $wpdb->prefix . "accessibility_checker ON {$wpdb->posts}.ID = " .\n\t\t\t\t$wpdb->prefix . 'accessibility_checker.postid WHERE ' .\n\t\t\t\t$wpdb->prefix . 'accessibility_checker.postid IS NULL\n\t\t\t\tAND post_type IN(' .\n\t\t\t\t\tHelpers::array_to_sql_safe_list(\n\t\t\t\t\t\tSettings::get_scannable_post_types()\n\t\t\t\t\t) . ')\n\t\t\t\tAND post_status IN(' .\n\t\t\t\t\tHelpers::array_to_sql_safe_list(\n\t\t\t\t\t\tSettings::get_scannable_post_statuses()\n\t\t\t\t\t) . ')'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $errorid, $type ))\n$query assigned unsafely at line 174:\n $query .= 'order by ignre'\n$query assigned unsafely at line 171:\n $query .= ' and ignre != 2 '\n$query assigned unsafely at line 167:\n $query = 'SELECT * FROM ' . $wpdb->prefix . 'wp_ada_compliance_basic where postid = %d and type = %s '\n$results assigned unsafely at line 176:\n $results = $wpdb->get_results( $wpdb->prepare( $query, $errorid, $type ), ARRAY_A )\n$errorid assigned unsafely at line 44:\n $errorid = ''\n$type assigned unsafely at line 120:\n $type = sanitize_text_field( wp_unslash( $_GET['type'] ) )\nNote: sanitize_text_field() is not a safe escaping function.\n$report_filtered_errors assigned unsafely at line 31:\n $report_filtered_errors = get_option( 'wp_ada_compliance_basic_report_filtered_errors', 'scanonly' )\n$postid assigned unsafely at line 74:\n $postid = sanitize_text_field( wp_unslash( $_GET['postid'] ) )\n$_GET['type'] used without escaping.\n$_GET['postid'] used without escaping.
Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $query_variables ))\n$query assigned unsafely at line 883:\n $query .= $totalquery\n$totalquery assigned unsafely at line 879:\n $totalquery .= ' and postid = %d '\n$errorid used without escaping.
Unescaped parameter $query used in $wpdb->get_results($wpdb->prepare( $query, $query_variables ))\n$query assigned unsafely at line 923:\n $query .= ' and errorcode = %s '\n$query_variables[] used without escaping.