Unescaped parameter $columns used in $wpdb->get_results($wpdb->prepare("SELECT $columns FROM $table_name ORDER BY id DESC LIMIT %d", $recent))\n$columns assigned unsafely at line 37:\n $columns .= ', settings'\n$table_name assigned unsafely at line 34:\n $table_name = $wpdb->prefix . "micro_revisions"\n$rev->user_action used without escaping.
Unescaped parameter $columns used in $wpdb->get_results($wpdb->prepare(\r\n\t\t\t\t"SELECT $columns FROM $this->content_table \r\n\t\t\t WHERE published = %d AND type = %s $whereString \r\n\t\t\t ORDER BY aspect, modified_at DESC \r\n\t\t\t $limit",\r\n\t\t\t\t$values\r\n\t\t\t))\n$columns assigned unsafely at line 212:\n $columns = 'slug, name, aspect, content, modified_at, meta, func_ref'\n$limit assigned unsafely at line 249:\n $limit = "LIMIT %d"\n$values[] used without escaping.
Unescaped parameter $columns used in $wpdb->get_row($wpdb->prepare("SELECT $columns FROM $table_name WHERE id = %d", $revision_id))\n$columns assigned unsafely at line 37:\n $columns .= ', settings'\n$table_name assigned unsafely at line 34:\n $table_name = $wpdb->prefix . "micro_revisions"\n$rev->user_action used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $content_table used in $wpdb->get_results($wpdb->prepare(\r\n\t\t\t\t"SELECT DISTINCT slug FROM $content_table \r\n\t\t\t\tWHERE type = %s AND published = %d",\r\n\t\t\t\t'folder_mod', $published\r\n\t\t\t))\n$content_table assigned unsafely at line 54:\n $content_table = $wpdb->prefix . "micro_content"\n$published used without escaping.
Unescaped parameter $preparedSql used in $wpdb->get_results($preparedSql)\n$preparedSql assigned unsafely at line 796:\n $preparedSql = $wpdb->prepare(\r\n\t\t\t"SELECT * FROM $mods_table \r\n\t\t\t\tWHERE published = %d and ( $selectString ) \r\n\t\t\t\tORDER BY type desc, seq",\r\n\t\t\t...$selectArray\r\n\t\t)\n$mods_table assigned unsafely at line 779:\n $mods_table = $wpdb->prefix . "micro_content"\n$selectString assigned unsafely at line 791:\n $selectString.= 'slug = %s'\n$selectArray[] used without escaping.