Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT DISTINCT YEAR( date_updated ) AS year, MONTH( date_updated ) AS month FROM {$wpdb->ahrefs_content} as c, {$wpdb->posts} as p WHERE snapshot_id = %d AND taxonomy = '' AND c.post_id = p.ID $additional_where ORDER BY date_updated DESC", $snapshot_id ))\n$additional_where assigned unsafely at line 66:\n $additional_where = implode( ' ', $additional_where )\n$additional_where assigned unsafely at line 57:\n $additional_where = [ 'AND ( p.post_type IN (' . Ahrefs_Seo_Data_Content::get_allowed_post_types_for_where() . ') )' ]
Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT DISTINCT YEAR( date_updated ) AS year, MONTH( date_updated ) AS month FROM {$wpdb->ahrefs_content} as c, {$wpdb->posts} as p WHERE snapshot_id = %d AND taxonomy = '' AND c.post_id = p.ID {$additional_where} ORDER BY date_updated DESC", $snapshot_id ))\n$additional_where assigned unsafely at line 60:\n $additional_where = implode( ' ', $additional_where )\n$additional_where assigned unsafely at line 55:\n $additional_where = [ 'AND ( p.post_type IN (' . Ahrefs_Seo_Data_Content::get_allowed_post_types_for_where() . ') )' ]
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT c.post_id as post_id, c.title as title, p.post_author as author, p.post_type as post_type, date(c.date_updated) as created, c.total_month as 'total', c.organic_month as 'organic', c.backlinks, c.refdomains, c.position, c.keyword, c.kw_low, kw_source, c.is_approved_keyword, c.action, c.badge, c.taxonomy as taxonomy, c.last_well_date FROM {$wpdb->ahrefs_content} c LEFT JOIN {$wpdb->posts} p ON c.post_id = p.ID AND c.taxonomy = '' WHERE snapshot_id = %d $additional_where ORDER BY post_id, taxonomy", $snapshot_id ))\n$additional_where assigned unsafely at line 976:\n $additional_where = $this->status_to_action_clause( $tab )\n$tab used without escaping.
Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT c.post_id as post_id, c.title as title, p.post_author as author, p.post_type as post_type, date(c.date_updated) as created, c.total_month as 'total', c.organic_month as 'organic', c.backlinks, c.refdomains, c.position, c.keyword, c.kw_low, kw_source, c.is_approved_keyword, c.action, c.badge, c.taxonomy as taxonomy, c.last_well_date FROM {$wpdb->ahrefs_content} c LEFT JOIN {$wpdb->posts} p ON c.post_id = p.ID AND c.taxonomy = '' WHERE snapshot_id = %d {$additional_where} ORDER BY post_id, taxonomy", $snapshot_id ))\n$additional_where assigned unsafely at line 832:\n $additional_where = $this->status_to_action_clause( $tab )\n$tab used without escaping.
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare( "SELECT count(*) FROM {$wpdb->ahrefs_content} WHERE snapshot_id = %d AND $column_name is null $additional_where AND action <> %s AND action <> %s AND action <> %s", $this->snapshot_id, Ahrefs_Seo_Data_Content::ACTION4_ADDED_SINCE_LAST, Ahrefs_Seo_Data_Content::ACTION4_OUT_OF_SCOPE, Ahrefs_Seo_Data_Content::ACTION4_MANUALLY_EXCLUDED ))\n$additional_where assigned unsafely at line 371:\n $additional_where = $this->get_where_for_not_noindex_similar_statuses()