Unescaped parameter $prepared_query used in $wpdb->get_results($prepared_query)\n$prepared_query assigned unsafely at line 141:\n $prepared_query = $wpdb->prepare($query, $type)\n$query assigned unsafely at line 139:\n $query .= " WHERE type = %s"\n$query assigned unsafely at line 138:\n $query = "SELECT id, data FROM " . $table_name\n$type used without escaping.\n$table_name assigned unsafely at line 136:\n $table_name = $wpdb->prefix . "njt_fastdup_entities"
Unescaped parameter $prepared_query used in $wpdb->get_results($prepared_query)\n$prepared_query assigned unsafely at line 156:\n $prepared_query = $wpdb->prepare($query, $entity_id, $type)\n$query assigned unsafely at line 154:\n $query .= " WHERE id = %d AND type = %s "\n$query assigned unsafely at line 153:\n $query = "SELECT id, data FROM " . $table_name\n$entity_id used without escaping.\n$type used without escaping.\n$table_name assigned unsafely at line 151:\n $table_name = $wpdb->prefix . "njt_fastdup_entities"
Unescaped parameter $prepared_query used in $wpdb->query($prepared_query)\n$prepared_query assigned unsafely at line 122:\n $prepared_query = $wpdb->prepare($query, $type, $serialized_entity)\n$query assigned unsafely at line 118:\n $query = "INSERT INTO " . $table_name\n$table_name assigned unsafely at line 116:\n $table_name = $wpdb->prefix . "njt_fastdup_entities"
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 188:\n $query = "DELETE FROM " . $table_name
Unescaped parameter $sql used in $wpdb->get_row($sql)\n$sql assigned unsafely at line 25:\n $sql = $wpdb->prepare("SELECT * FROM `{$table_name}` WHERE ID = %d", $id)\n$table_name assigned unsafely at line 24:\n $table_name = $wpdb->prefix . "njt_fastdup_packages"\n$id used without escaping.