Unescaped parameter $column used in $wpdb->get_results("\n\t\t\t\tSELECT (CHAR_LENGTH({$column})*3) as bytes, `{$id}` as id\n\t\t\t\tFROM {$table}\n\t\t\t\tHAVING bytes IS NOT NULL\n\t\t\t")\n$column assigned unsafely at line 210:\n $column = $data['column']\n$id assigned unsafely at line 211:\n $id = $data['id']\n$data['column'] used without escaping.\n$data['id'] used without escaping.
Unescaped parameter $column used in $wpdb->get_results("\n\t\t\t\tSELECT (CHAR_LENGTH({$column})*3) as bytes, `{$id}` as id\n\t\t\t\tFROM {$table}\n\t\t\t\tHAVING bytes IS NULL\n\t\t\t")\n$column assigned unsafely at line 232:\n $column = $data['column']\n$id assigned unsafely at line 233:\n $id = $data['id']\n$data['column'] used without escaping.\n$data['id'] used without escaping.
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", \t\t\t\t$action_id,\n\t\t\t\tself::POST_TYPE\n\t\t\t))
Unescaped parameter $count_query used in $wpdb->get_var($count_query)\n$count_query assigned unsafely at line 285:\n $count_query = 'SELECT COUNT(DISTINCT(co.id)) as found\n FROM ' . $this->table_name( 'cost_tracker' ) . ' as co ' .\n $join_lookup .\n " WHERE 1 {$where}"\n$join_lookup assigned unsafely at line 183:\n $join_lookup = ''\n$filter_prod_type_slugs assigned unsafely at line 188:\n $filter_prod_type_slugs = MainWP_DB::instance()->escape_array( $filter_prod_type_slugs )\n$filter_prod_type_slugs assigned unsafely at line 82:\n $filter_prod_type_slugs = array_filter(\n $filter_prod_type_slugs,\n function ( $e ) use ( $product_types ) {\n return is_string( $e ) && in_array( $e, $product_types, true ) ? true : false; // to valid.\n }\n )\n$filter_prod_type_slugs assigned unsafely at line 62:\n $filter_prod_type_slugs = ! empty( $args['filter_prods_types'] ) ? $args['filter_prods_types'] : false\n$args['filter_prods_types'] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $count_query used in $wpdb->get_var($count_query)\n$count_query assigned unsafely at line 322:\n $count_query = "SELECT COUNT(*)\n FROM $wpdb->mainwp_tbl_logs as lg\n {$join}\n WHERE `lg`.`connector` != 'compact' {$where} {$recent_where} {$where_users_filter}"\n$join assigned unsafely at line 292:\n $join .= ' LEFT JOIN ' . $this->get_sub_query_view() . ' sub_lg ON lg.log_id = sub_lg.sub_log_id '