Unescaped parameter $post->ID used in $wpdb->query("update {$wpdb->posts} set post_status = 'future' where ID = " . $post->ID)\n$post->ID used without escaping.
Unescaped parameter $tableName used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"\n\t\t\t\tSELECT title FROM {$tableName}\n\t\t\t\tWHERE id = %d\n\t\t\t\t",\n\t\t\t\t$albumId\n\t\t\t))\n$tableName assigned unsafely at line 131:\n $tableName = $this->getMediaAlbumsTable()
Unescaped parameter $tableName used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"\n\t\t\t\tSELECT title FROM {$tableName}\n\t\t\t\tWHERE id = %d\n\t\t\t\t",\n\t\t\t\t$folderId\n\t\t\t))\n$tableName assigned unsafely at line 134:\n $tableName = $this->getDocumentFoldersTable()
Affected Plugins
Plugins that have instances of this rule violation