UnescapedDBParameter

Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 224:\n $query = $wpdb->prepare( "SELECT {$columns} FROM {$table_name} ORDER BY {$order_by} {$order} LIMIT %d OFFSET %d;", $limit, $offset )\n$columns assigned unsafely at line 177:\n $columns = '`id`, `bulletin_title`, `is_activated`, `placement`'\n$table_name assigned unsafely at line 176:\n $table_name = $table_prefix . self::$bulletins_table_name\n$order_by assigned unsafely at line 178:\n $order_by = 'id'\n$order assigned unsafely at line 193:\n $order = 'ASC'\n$_REQUEST['status'] used without escaping.\n$status assigned unsafely at line 197:\n $status = sanitize_text_field( $_REQUEST['status'] )\nNote: sanitize_text_field() is not a safe escaping function.

Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 299:\n $query = $wpdb->prepare( "SELECT * FROM {$table_name} WHERE id = %d;", sanitize_text_field( $bulletin_id ) )\nNote: sanitize_text_field() is not a safe escaping function.\n$table_name assigned unsafely at line 295:\n $table_name = $table_prefix . self::$bulletins_table_name

Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 331:\n $query = $wpdb->prepare( "SELECT {$column_name_string} FROM {$table_name} WHERE id = %s;", sanitize_text_field( $bulletin_id ) )\nNote: sanitize_text_field() is not a safe escaping function.\n$column_name_string assigned unsafely at line 328:\n $column_name_string = $column_name\n$table_name assigned unsafely at line 330:\n $table_name = $table_prefix . self::$bulletins_table_name