Unescaped parameter $cf7d_table used in $wpdb->get_var("show tables like '$cf7d_table'")\n$cf7d_table assigned unsafely at line 92:\n $cf7d_table = $wpdb->prefix . 'cf7_data'\n$sql used without escaping.
Unescaped parameter $cf7d_table_entry used in $wpdb->get_var("show tables like '$cf7d_table_entry'")\n$cf7d_table_entry assigned unsafely at line 103:\n $cf7d_table_entry = $wpdb->prefix . 'cf7_data_entry'\n$sql assigned unsafely at line 94:\n $sql = 'CREATE TABLE ' . $cf7d_table . ' (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `created` timestamp NOT NULL,\n UNIQUE KEY id (id)\n ) ' . $charset_collate . ';'\n$cf7d_table assigned unsafely at line 92:\n $cf7d_table = $wpdb->prefix . 'cf7_data'
Unescaped parameter $cf7d_table_entry used in $wpdb->query("DELETE FROM $cf7d_table_entry WHERE `name` LIKE 'cf7mls_step-%'")\n$cf7d_table_entry assigned unsafely at line 103:\n $cf7d_table_entry = $wpdb->prefix . 'cf7_data_entry'\n$sql assigned unsafely at line 119:\n $sql = 'ALTER TABLE ' . $cf7d_table_entry . ' change name name VARCHAR(250) character set utf8, change value value text character set utf8;'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $del_id used in $wpdb->query("DELETE FROM {$wpdb->prefix}cf7_data WHERE id IN($del_id)")\n$del_id assigned unsafely at line 271:\n $del_id = cf7d_sanitize_arr( json_decode( stripslashes( $_POST['del_id'] ), true ) )\n$_POST['del_id'] used without escaping.
Unescaped parameter $del_id used in $wpdb->query("DELETE FROM {$wpdb->prefix}cf7_data_entry WHERE data_id IN($del_id)")\n$del_id assigned unsafely at line 271:\n $del_id = cf7d_sanitize_arr( json_decode( stripslashes( $_POST['del_id'] ), true ) )\n$_POST['del_id'] used without escaping.