Unescaped parameter $_instance->_tb used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t'SELECT url FROM `' . $_instance->_tb . '` WHERE dateline < %d ORDER BY id DESC LIMIT %d', \t\t\t\ttime() - $_instance->_conf_cache_ttl,\n\t\t\t\t(int) apply_filters( 'litespeed_avatar_limit', 30 )\n\t\t\t))\n$_instance->_tb used without escaping.
Unescaped parameter $column used in $wpdb->get_row($wpdb->prepare( "SELECT * FROM $table WHERE $column LIKE %s ORDER BY $key_column ASC LIMIT 1", $key ))\n$column assigned unsafely at line 282:\n $column = 'meta_key'\n$key_column assigned unsafely at line 283:\n $key_column = 'meta_id'\n$value_column assigned unsafely at line 284:\n $value_column = 'meta_value'\n$key assigned unsafely at line 287:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*) FROM $table WHERE $column LIKE %s", $key ))\n$column assigned unsafely at line 214:\n $column = 'meta_key'\n$key assigned unsafely at line 217:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"DELETE FROM $table WHERE $column LIKE %s",\n\t\t\t\t$key\n\t\t\t))\n$column assigned unsafely at line 511:\n $column = 'meta_key'\n$key assigned unsafely at line 514:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $column used in $wpdb->query("\n\t\t\t\tINSERT IGNORE INTO {$table}\n\t\t\t\tSET `$column` = '$option_key',\n\t\t\t\t\t`$value_column` = '{}';\n\t\t\t")\n$column assigned unsafely at line 154:\n $column = 'option_name'\n$option_key assigned unsafely at line 156:\n $option_key = $this->get_option_key()\n$value_column assigned unsafely at line 155:\n $value_column = 'option_value'