Unescaped parameter $table_name used in $wpdb->get_col($wpdb->prepare( "SELECT COUNT(*) as num_rows FROM {$table_name} WHERE setting = '%s'", $whattocheck ))\n$table_name assigned unsafely at line 88:\n $table_name = $wpdb->prefix . "revision_control"\n$rows assigned unsafely at line 90:\n $rows \t= $wpdb->get_col( $wpdb->prepare( "SELECT COUNT(*) as num_rows FROM {$table_name} WHERE setting = '%s'", $whattocheck ) )\n$whattocheck used without escaping.
Unescaped parameter $table_name used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM {$table_name} WHERE setting = '%s'", 'revisions' ))\n$table_name assigned unsafely at line 203:\n $table_name = $wpdb->prefix . "revision_control"\n$configs assigned unsafely at line 206:\n $configs \t= $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_name} WHERE setting = '%s'", 'revisions' ) )
Unescaped parameter $table_name used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM {$table_name} WHERE setting = '%s'", 'revisions' ))\n$table_name assigned unsafely at line 324:\n $table_name = $wpdb->prefix . "revision_control"\n$configs assigned unsafely at line 327:\n $configs \t= $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$table_name} WHERE setting = '%s'", 'revisions' ) )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name used in $wpdb->query($wpdb->prepare( "UPDATE {$table_name} SET val = %s WHERE setting = 'revisions'", $value ))\n$table_name assigned unsafely at line 287:\n $table_name = $wpdb->prefix . "revision_control"\n$value used without escaping.