Unescaped parameter $current_query used in $wpdb->get_results($current_query)\n$current_query assigned unsafely at line 386:\n $current_query = "\n SELECT \n session_id,\n TIMESTAMPDIFF(MINUTE, MIN(interaction_time), MAX(interaction_time)) as duration_minutes\n FROM `$table_name`\n WHERE " . $period_info['current'] . $user_type_condition . "\n GROUP BY session_id"\n$user_type_condition assigned unsafely at line 383:\n $user_type_condition = " AND user_type = '" . esc_sql($user_type) . "'"\n$user_type_condition assigned unsafely at line 381:\n $user_type_condition = ''\n$user_type used without escaping.
Unescaped parameter $current_query used in $wpdb->get_results($current_query)\n$current_query assigned unsafely at line 655:\n $current_query = "\n SELECT \n session_id,\n COUNT(*) as message_count,\n TIMESTAMPDIFF(MINUTE, MIN(interaction_time), MAX(interaction_time)) as duration_minutes\n FROM `$table_name`\n WHERE " . $period_info['current'] . $user_type_condition . "\n GROUP BY session_id"\n$user_type_condition assigned unsafely at line 651:\n $user_type_condition = " AND user_type = '" . esc_sql($user_type) . "'"\n$user_type_condition assigned unsafely at line 649:\n $user_type_condition = ''\n$user_type used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $current_query used in $wpdb->get_row($current_query)\n$current_query assigned unsafely at line 293:\n $current_query = "\n SELECT \n COUNT(*) as total_messages,\n COUNT(CASE WHEN user_type = 'Visitor' THEN 1 END) as visitor_messages,\n COUNT(CASE WHEN user_type = 'Chatbot' THEN 1 END) as chatbot_messages\n FROM `$table_name`\n WHERE " . $period_info['current'] . $user_type_condition\n$table_name assigned unsafely at line 241:\n $table_name = $wpdb->prefix . 'chatbot_chatgpt_conversation_log'\n$total_records assigned unsafely at line 244:\n $total_records = $wpdb->get_var("SELECT COUNT(*) FROM `$table_name`")
Unescaped parameter $current_query used in $wpdb->get_row($current_query)\n$current_query assigned unsafely at line 555:\n $current_query = "\n SELECT \n COUNT(DISTINCT session_id) as total_visitors,\n COUNT(DISTINCT CASE WHEN visit_count = 1 THEN session_id END) as new_visitors,\n COUNT(DISTINCT CASE WHEN visit_count > 1 THEN session_id END) as returning_visitors\n FROM (\n SELECT \n session_id,\n COUNT(DISTINCT DATE(interaction_time)) as visit_count\n FROM $table_name\n WHERE " . $period_info['current'] . $user_type_condition . "\n GROUP BY session_id\n ) as visitor_stats"\n$user_type_condition assigned unsafely at line 552:\n $user_type_condition = " AND user_type = '" . esc_sql($user_type) . "'"\n$user_type_condition assigned unsafely at line 550:\n $user_type_condition = ''\n$user_type used without escaping.
Unescaped parameter $current_query used in $wpdb->get_row($current_query)\n$current_query assigned unsafely at line 768:\n $current_query = "\n SELECT \n AVG(CAST(sentiment_score AS DECIMAL(10,2))) as avg_score,\n COUNT(CASE WHEN CAST(sentiment_score AS DECIMAL(10,2)) > 0 THEN 1 END) * 100.0 / COUNT(*) as positive_percent\n FROM `$table_name`\n WHERE " . $period_info['current'] . $user_type_condition . "\n AND sentiment_score IS NOT NULL\n AND sentiment_score != ''"\n$user_type_condition assigned unsafely at line 764:\n $user_type_condition = " AND user_type = '" . esc_sql($user_type) . "'"\n$user_type_condition assigned unsafely at line 762:\n $user_type_condition = ''\n$user_type used without escaping.