ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $query used in $wpdb->get_col($wpdb->prepare( $query, $params ))\n$query assigned unsafely at line 394:\n $query = sprintf(\n\t\t"SELECT ID FROM {$wpdb->posts} WHERE post_type IN (%s) AND post_status != 'trash' AND (%s) LIMIT %%d OFFSET %%d",\n\t\t$post_type_placeholders,\n\t\t$where_like\n\t)\n$where_like assigned unsafely at line 384:\n $where_like = implode( ' OR ', $like_clauses )\n$like_clauses assigned unsafely at line 381:\n $like_clauses[] = 'post_content LIKE %s'\n$term used without escaping.

Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 338:\n $query = $this->resolveTableName($query)

Unescaped parameter $query used in $wpdb->get_row($query)\n$query used without escaping.

Unescaped parameter $query used in $wpdb->get_var($query)\n$query used without escaping.

Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 155:\n $query = $this->resolveTableName($query)

Affected Plugins

Plugins that have instances of this rule violation

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers