Unescaped parameter $table used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\t\t\t\t\t\t'SELECT * FROM ' . $table . ' WHERE shipping_method_instance = %s order by pricing_id',\n\t\t\t\tarray(\n\t\t\t\t\t$method,\n\t\t\t\t)\n\t\t\t))\n$table assigned unsafely at line 176:\n $table = $wpdb->prefix . 'bw_pricing_items'\n$result assigned unsafely at line 177:\n $result = $wpdb->get_results(\n\t\t\t$wpdb->prepare(\n\t\t\t\t// %i for the table name is not used here for compatibility issues\n\t\t\t\t// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared\n\t\t\t\t'SELECT * FROM ' . $table . ' WHERE shipping_method_instance = %s order by pricing_id',\n\t\t\t\tarray(\n\t\t\t\t\t$method,\n\t\t\t\t)\n\t\t\t),\n\t\t\tARRAY_A\n\t\t)\n$method used without escaping.
Affected Plugins
Plugins that have instances of this rule violation