ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

60K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $autoupdates used in $wpdb->query("ALTER TABLE $autoupdates CONVERT TO CHARACTER SET $db_charset")\n$autoupdates assigned unsafely at line 213:\n $autoupdates \t= $wpdb->prefix."auto_updates"\n$db_charset assigned unsafely at line 215:\n $db_charset \t= constant( 'DB_CHARSET' )\n$updateLog assigned unsafely at line 214:\n $updateLog \t\t= $wpdb->prefix."update_log"

Unescaped parameter $autoupdates used in $wpdb->query("DROP TABLE IF EXISTS $autoupdates")\n$autoupdates assigned unsafely at line 180:\n $autoupdates \t= $wpdb->prefix."auto_updates"\n$updateLog assigned unsafely at line 181:\n $updateLog \t\t= $wpdb->prefix."update_log"

Unescaped parameter $pro_table used in $wpdb->get_var("SELECT COUNT(*) FROM $pro_table")\n$pro_table assigned unsafely at line 64:\n $pro_table\t\t= $wpdb->prefix . "fsb_images"\n$rowcount assigned unsafely at line 69:\n $rowcount\t= $wpdb->get_var( "SELECT COUNT(*) FROM $pro_table" )

Unescaped parameter $pro_table used in $wpdb->get_var("show tables like '$pro_table'")\n$pro_table assigned unsafely at line 64:\n $pro_table\t\t= $wpdb->prefix . "fsb_images"\n$rowcount used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Companion Auto Update

companion-auto-update

issues

50K

installs

Simple Full Screen Background Image

simple-full-screen-background-image

issues

10K

installs