ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $attachment_query used in $wpdb->get_col("SELECT meta_data FROM $wpdb->flagpictures $attachment_query LIMIT $offset, $max_query")\n$attachment_query assigned unsafely at line 787:\n $attachment_query = 'WHERE pid IN (' . substr( $attachment_query, 0, -1 ) . ')'\n$attachment_query assigned unsafely at line 784:\n $attachment_query .= "'" . array_pop( $attachment_ids ) . "',"\n$attachment_ids assigned unsafely at line 781:\n $attachment_ids = get_option( 'ewww_image_optimizer_bulk_flag_attachments' )

Unescaped parameter $attachment_query used in $wpdb->get_col("SELECT meta_data FROM $wpdb->flagpictures $attachment_query LIMIT $offset, $max_query")\n$attachment_query assigned unsafely at line 815:\n $attachment_query = 'WHERE pid IN (' . substr( $attachment_query, 0, -1 ) . ')'\n$attachment_query assigned unsafely at line 812:\n $attachment_query .= "'" . array_pop( $attachment_ids ) . "',"\n$attachment_ids assigned unsafely at line 781:\n $attachment_ids = get_option( 'ewww_image_optimizer_bulk_flag_attachments' )

Unescaped parameter $attachment_query used in $wpdb->get_col("SELECT meta_data FROM $wpdb->nggpictures $attachment_query LIMIT $offset, $max_query")\n$attachment_query assigned unsafely at line 732:\n $attachment_query = 'WHERE pid IN (' . substr( $attachment_query, 0, -1 ) . ')'\n$attachment_query assigned unsafely at line 729:\n $attachment_query .= "'" . array_pop( $attachment_ids ) . "',"\n$attachment_ids assigned unsafely at line 726:\n $attachment_ids = get_option( 'ewww_image_optimizer_bulk_ngg_attachments' )

Affected Plugins

Plugins that have instances of this rule violation

EWWW Image Optimizer

ewww-image-optimizer

Unescaped parameter $attachment_query used in $wpdb->get_col("SELECT meta_data FROM $wpdb->nggpictures $attachment_query LIMIT $offset, $max_query")\n$attachment_query assigned unsafely at line 772:\n $attachment_query = 'WHERE pid IN (' . substr( $attachment_query, 0, -1 ) . ')'\n$attachment_query assigned unsafely at line 769:\n $attachment_query .= "'" . array_pop( $attachment_ids ) . "',"\n$attachment_ids assigned unsafely at line 726:\n $attachment_ids = get_option( 'ewww_image_optimizer_bulk_ngg_attachments' )