ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $mapping_values_sql used in $wpdb->get_results($mapping_values_sql)\n$mapping_values_sql assigned unsafely at line 41:\n $mapping_values_sql = 'SELECT * FROM ' . $wpdb->prefix . 'dms_mapping_values'\n$old_mappings assigned unsafely at line 42:\n $old_mappings = $wpdb->get_results( $mappings_sql )\n$mappings_sql assigned unsafely at line 40:\n $mappings_sql = 'SELECT * FROM ' . $wpdb->prefix . 'dms_mappings'

Unescaped parameter $mappings_sql used in $wpdb->get_results($mappings_sql)\n$mappings_sql assigned unsafely at line 40:\n $mappings_sql = 'SELECT * FROM ' . $wpdb->prefix . 'dms_mappings'\n$mapping_values_sql assigned unsafely at line 41:\n $mapping_values_sql = 'SELECT * FROM ' . $wpdb->prefix . 'dms_mapping_values'\n$old_mappings assigned unsafely at line 42:\n $old_mappings = $wpdb->get_results( $mappings_sql )

Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 139:\n $query .= " LIMIT $offset, $limit"\n$offset assigned unsafely at line 138:\n $offset = ( $paged - 1 ) * $limit\n$paged assigned unsafely at line 134:\n $paged = is_null( $paged ) || $paged < 1 ? 1 : $paged

Affected Plugins

Plugins that have instances of this rule violation

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

domain-mapping-system

issues

installs

Unescaped parameter $query_string used in $wpdb->get_row($query_string)\n$query_string assigned unsafely at line 32:\n $query_string = trim( $query_string )\n$query_string assigned unsafely at line 30:\n $query_string = substr_replace( $query_string, '', $pos, strlen( 'UNION' ) )\n$query_string assigned unsafely at line 25:\n $query_string .= "SELECT `host`, '" . $blog->id . "' as `blog_id` FROM " . $prefix . "dms_mappings WHERE host='" . $domain . "' UNION "\n$pos assigned unsafely at line 28:\n $pos = strrpos( $query_string, 'UNION' )\n$blog->id used without escaping.\n$domain assigned unsafely at line 20:\n $domain = $_SERVER['HTTP_HOST']\n$_SERVER['HTTP_HOST'] used without escaping.