Unescaped parameter $post_types used in $wpdb->get_results($wpdb->prepare(\r\n\t\t\t\t\t"SELECT ID, post_title, post_type FROM $wpdb->posts WHERE post_status = 'publish' " .\r\n\t\t\t\t\t\t\t\t\t\t"AND post_type IN ( '{$post_types}' ) " .\r\n\t\t\t\t\t'AND post_title LIKE %s',\r\n\t\t\t\t\t'%' . $wpdb->esc_like( $search_term ) . '%'\r\n\t\t\t\t))\n$post_types assigned unsafely at line 153:\n $post_types = implode( "', '", array_map( 'sanitize_key', $post_types ) )\n$post_types assigned unsafely at line 152:\n $post_types = apply_filters( 'wpcb_button_post_types', array( 'post', 'page' ) )
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 608:\n $query = self::build_db_logs_query(\n\t\t\t\t$filters,\n\t\t\t\t$limit,\n\t\t\t\t$offset,\n\t\t\t\t$order\n\t\t\t)\n$filters used without escaping.\n$limit used without escaping.\n$offset used without escaping.\n$order used without escaping.
Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 666:\n $query = "SELECT {$columns} UNION ALL " . $query\n$columns assigned unsafely at line 663:\n $columns .= "'" . self::$_log_columns[ $i ] . "'"\n$_log_columns[$i] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation