ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $ad_thetime used in $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}quads_stats` ".$ad_thetime ." ".$search_param ." LIMIT %d, %d",array($offset,$items_per_page)))

Unescaped parameter $ad_thetime used in $wpdb->get_results($wpdb->prepare("SELECT ad_id , log_date as ad_thetime,log_clicks ,ip_address,log_url as url,browser,referrer FROM `{$wpdb->prefix}quads_logs` ". $ad_thetime ." ".$search_param." LIMIT %d, %d",array($offset,$items_per_page)))

Unescaped parameter $ad_thetime used in $wpdb->get_row($wpdb->prepare("SELECT count(*) as total FROM `{$wpdb->prefix}quads_logs` ". $ad_thetime ." ".$search_param))

Unescaped parameter $ad_thetime used in $wpdb->get_row($wpdb->prepare("SELECT count(*) as total FROM `{$wpdb->prefix}quads_stats` ". $ad_thetime ." ".$search_param))

Unescaped parameter $adtable_name used in $wpdb->get_results($wpdb->prepare("SELECT * FROM $adtable_name WHERE status = '1' AND slot NOT IN (%d) ORDER BY RAND() LIMIT %d", $exclude, $setting_num_slots))\n$adtable_name assigned unsafely at line 131:\n $adtable_name = $wpdb->prefix . "wp125_ads"

Affected Plugins

Plugins that have instances of this rule violation

Google for WooCommerce

google-listings-and-ads

issues

900K

installs

Facebook for WooCommerce

facebook-for-woocommerce

issues

500K

installs