Unescaped parameter $all_images_query used in $wpdb->get_results($wpdb->prepare( $all_images_query, $prepare_args ))\n$all_images_query assigned unsafely at line 104:\n $all_images_query = $all_images_query . " AND (p.post_parent = 0 OR NOT EXISTS(SELECT 1 FROM {$wpdb->posts} p3 WHERE p3.ID = p.post_parent AND p3.post_type IN ($post_types_placeholders)))"\n$all_images_query assigned unsafely at line 95:\n $all_images_query = $all_images_query . " AND (EXISTS(SELECT 1 FROM {$wpdb->postmeta} pm2 WHERE pm2.post_id = p.post_parent and pm2.meta_key = %s and CAST(pm2.meta_value as UNSIGNED) = p.ID))"\n$all_images_query assigned unsafely at line 90:\n $all_images_query = $all_images_query . " AND (EXISTS(SELECT 1 FROM {$wpdb->posts} p2 WHERE p2.ID = p.post_parent and p2.post_type = %s))"\n$all_images_query assigned unsafely at line 83:\n $all_images_query = $all_images_query . " AND (NOT EXISTS(SELECT 1 FROM {$atai_asset_table} WHERE wp_post_id = p.ID))"\n$all_images_query assigned unsafely at line 79:\n $all_images_query = $all_images_query . " AND (p.post_parent > 0)"
Unescaped parameter $cacheInstance->get_db_table_name() used in $wpdb->get_row($wpdb->prepare(\n "SELECT message_content FROM {$cacheInstance->get_db_table_name()} WHERE cache_key = %s AND expires_at > %s LIMIT 1",\n $key,\n $now_utc\n ))
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $cacheInstance->get_db_table_name() used in $wpdb->get_var($wpdb->prepare("SELECT 1 FROM {$cacheInstance->get_db_table_name()} WHERE cache_key = %s LIMIT 1", $key))
Unescaped parameter $column_name used in $wpdb->get_results("SELECT DISTINCT {$column_name} FROM $this->table_name WHERE {$column_name} != '' ")
Unescaped parameter $countSql used in $wpdb->get_var($this->wpdb->prepare( $countSql, $countParams ))\n$countSql used without escaping.