Unescaped parameter $clause used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT COUNT(*) FROM {$wpdb->prefix}wc_orders_meta WHERE {$clause}",\n\t\t\t\t\array_column($where, 1)\n\t\t\t))\n$clause assigned unsafely at line 431:\n $clause = \\implode(' AND ', \\array_map(function($c) {\n\t\t\t\treturn "`{$c[0]}`={$c[2]}";\n\t\t\t}, $where))\n$c used without escaping.
Unescaped parameter $copyPts used in $wpdb->query($copyPts)\n$copyPts assigned unsafely at line 333:\n $copyPts = "UPDATE $thistoric INNER JOIN $tmeta ON $thistoric.user_id=$tmeta.user_id AND $tmeta.meta_key='lws_wr_points' SET new_total=$tmeta.meta_value"\n$thistoric assigned unsafely at line 323:\n $thistoric = $wpdb->base_prefix . 'lws_wr_historic'\n$defaultStackId used without escaping.
Unescaped parameter $delete_meta_ids used in $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE meta_id IN (" . implode( ',', $delete_meta_ids ) . ")")\n$delete_meta_ids assigned unsafely at line 98:\n $delete_meta_ids[] = $row->meta_id\n$row->meta_id used without escaping.
Unescaped parameter $icl used in $wpdb->get_col("SHOW TABLES LIKE '{$icl}'")\n$icl assigned unsafely at line 639:\n $icl = $wpdb->prefix . 'icl_strings'\n$template used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $ids used in $wpdb->get_results("SELECT $wpdb->terms.term_id, $wpdb->terms.name, taxonomy FROM $wpdb->term_taxonomy INNER JOIN $wpdb->terms USING (term_id) WHERE $wpdb->terms.term_id in ($ids)")\n$ids assigned unsafely at line 45:\n $ids = implode(', ', $ids)