Unescaped parameter $__in used in $wpdb->get_results("SELECT id, type, timestamp FROM " . SWIFT_PERFORMANCE_TABLE_PREFIX . "warmup WHERE id IN ({$__in})")\n$__in assigned unsafely at line 460:\n $__in = trim($__in, ',')\n$__in assigned unsafely at line 458:\n $__in .= "'" . esc_sql($id) . "',"\n$__in assigned unsafely at line 456:\n $__in = ''\n$id used without escaping.
Unescaped parameter $comp used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\t\t"SELECT * FROM `$table` WHERE to_process $comp %s\n\t\t\t\t\tAND url LIKE %s\n\t\t\t\t\tORDER BY priority, to_process\n\t\t\t\t\tLIMIT %d OFFSET %d",\n\t\t\t\tgmdate( 'Y-m-d G:i:s' ),\n\t\t\t\t'%' . $wpdb->esc_like( $search_query ) . '%',\n\t\t\t\t$limit,\n\t\t\t\t$offset\n\t\t\t))\n$comp assigned unsafely at line 198:\n $comp = 'postponed' === $mode ? '>' : '<='\n$search_query used without escaping.\n$limit used without escaping.\n$offset used without escaping.
Unescaped parameter $custom_table_name used in $wpdb->get_row("SELECT COUNT(*) as item_count FROM {$custom_table_name}")\n$custom_table_name assigned unsafely at line 631:\n $custom_table_name = $queue_table_storage->table_name\n$queue_table_storage->table_name used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $custom_table_name used in $wpdb->query("DELETE FROM {$custom_table_name}")\n$custom_table_name assigned unsafely at line 631:\n $custom_table_name = $queue_table_storage->table_name\n$queue_table_storage->table_name used without escaping.
Unescaped parameter $from used in $wpdb->get_results("SELECT meta_value FROM {$wpdb->postmeta} WHERE meta_key = '_wp_attachment_metadata' LIMIT {$from}," . SWIFT_PERFORMANCE_SCAN_IMAGE_STEP)\n$from used without escaping.