Unescaped parameter $column used in $wpdb->get_row($wpdb->prepare( "\r\n\t\t\tSELECT *\r\n\t\t\tFROM {$table}\r\n\t\t\tWHERE {$column} LIKE %s\r\n\t\t\tORDER BY {$key_column} ASC\r\n\t\t\tLIMIT 1\r\n\t\t", $key ))\n$column assigned unsafely at line 268:\n $column = 'meta_key'\n$key_column assigned unsafely at line 269:\n $key_column = 'meta_id'\n$value_column assigned unsafely at line 270:\n $value_column = 'meta_value'\n$key assigned unsafely at line 273:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare( "\r\n\t\t\tSELECT COUNT(*)\r\n\t\t\tFROM {$table}\r\n\t\t\tWHERE {$column} LIKE %s\r\n\t\t", $key ))\n$column assigned unsafely at line 195:\n $column = 'meta_key'\n$key assigned unsafely at line 198:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 53:\n $sql = $this->replace_tags($sql)
Unescaped parameter $sql used in $wpdb->query($wpdb->prepare( $sql, $values ))\n$sql assigned unsafely at line 86:\n $sql = $wpdb->query( $wpdb->prepare( $sql, $values ) )\n$sql assigned unsafely at line 80:\n $sql = $this->replace_tags($sql)\n$values used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $this->db_analytics_table used in $wpdb->get_results("SELECT * FROM {$this->db_analytics_table} WHERE is_synced = 0")