ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

30K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $query used in $wpdb->get_col($query)\n$query assigned unsafely at line 199:\n $query = $wpdb->prepare("\r\n SELECT DISTINCT post_id\r\n FROM {$wpdb->postmeta}\r\n WHERE meta_key = %s\r\n AND $status_condition\r\n LIMIT %d OFFSET %d\r\n ", $meta_key, $max_image_count, $offset)\n$status_condition assigned unsafely at line 196:\n $status_condition = "meta_value = 'pending'"\n$status_condition assigned unsafely at line 194:\n $status_condition = "meta_value IN ('pending', 'optimized')"\n$meta_key assigned unsafely at line 191:\n $meta_key = 'compressx_image_meta_status'\n$max_image_count used without escaping.\n$offset used without escaping.\n$force used without escaping.

Unescaped parameter $query used in $wpdb->get_col($query)\n$query assigned unsafely at line 220:\n $query = $wpdb->prepare("\r\n SELECT DISTINCT pm.post_id\r\n FROM {$wpdb->postmeta} pm\r\n WHERE pm.meta_key = %s\r\n AND $status_condition\r\n AND pm.post_id > %d\r\n ORDER BY pm.post_id ASC\r\n LIMIT %d\r\n ", $meta_key, $last_id, $limit)\n$status_condition assigned unsafely at line 216:\n $status_condition = $force\r\n ? "pm.meta_value IN ('pending', 'optimized')"\r\n : "pm.meta_value = 'pending'"\n$meta_key assigned unsafely at line 214:\n $meta_key = 'compressx_image_meta_status'\n$last_id used without escaping.\n$limit used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

AVIF & WebP Converter

ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization

shortpixel-adaptive-images

issues

10K

installs