Unescaped parameter $RSTR_NAME used in $wpdb->query("DELETE FROM `{$wpdb->options}` WHERE `{$wpdb->options}`.`option_name` REGEXP '^_transient_(.*)?{$RSTR_NAME}(.*|$)'")\n$RSTR_NAME assigned unsafely at line 17:\n $RSTR_NAME = 'serbian-transliteration'\n$options assigned unsafely at line 20:\n $options = [\n $RSTR_NAME,\n $RSTR_NAME . '-ID',\n $RSTR_NAME . '-activation',\n $RSTR_NAME . '-deactivation',\n $RSTR_NAME . '-term-script',\n $RSTR_NAME . '-html-tags',\n $RSTR_NAME . '-reviewed',\n $RSTR_NAME . '-version',\n $RSTR_NAME . '-db-version',\n $RSTR_NAME . '-activated',\n $RSTR_NAME . '-db-cache-table-exists',\n]
Unescaped parameter $post_type_query used in $wpdb->get_results($wpdb->prepare(sprintf("SELECT `ID`, `post_name` FROM `%s` WHERE %s AND TRIM(IFNULL(`post_name`,'')) <> '' AND `post_type` NOT LIKE 'revision' AND `post_status` NOT LIKE 'trash' ORDER BY `ID` DESC LIMIT %%d, %%d", $wpdb->posts, $post_type_query), $offset, $posts_per_page))\n$post_type_query assigned unsafely at line 69:\n $post_type_query = $post_type ? sprintf("FIND_IN_SET(`post_type`, '%s')", $post_type) : '1=1'\n$post_type assigned unsafely at line 68:\n $post_type = isset($_REQUEST['post_type']) ? (is_array($_REQUEST['post_type']) ? implode(',', array_map('sanitize_text_field', $_REQUEST['post_type'])) : sanitize_text_field($_REQUEST['post_type'])) : null\nNote: sanitize_text_field() is not a safe escaping function.\n$_REQUEST['post_type'] used without escaping.