ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $plugin used in $wpdb->get_results("\n SELECT * FROM $this->table_name\n WHERE plugin = '$plugin' $file_name $sql_version")\n$plugin used without escaping.\n$file_name assigned unsafely at line 47:\n $file_name = " AND filename = '$file'"\n$sql_version assigned unsafely at line 45:\n $sql_version = " AND version = '$version';"\n$file used without escaping.\n$version used without escaping.

Unescaped parameter $plugin used in $wpdb->get_results("\n SELECT * FROM $this->table_name\n WHERE plugin = '$plugin' $sql_version")\n$plugin used without escaping.\n$sql_version assigned unsafely at line 40:\n $sql_version = " AND version = '$version';"\n$version used without escaping.

Affected Plugins

Plugins that have instances of this rule violation