Unescaped parameter $field used in $wpdb->get_results("\n\t\tSELECT $field, ttm.meta_value\n\t\tFROM $table AS ttm\n\t\tINNER JOIN $wpdb->term_taxonomy AS tt\n\t\t\tON tt.term_taxonomy_id = ttm.term_taxo_id\n\t\tINNER JOIN $wpdb->posts AS p\n\t\t\tON p.ID = ttm.meta_value\n\t\tWHERE ttm.meta_key = '_thumbnail_id'\n\t\t\tAND CAST( ttm.meta_value AS SIGNED ) > 0\n\t\t\tAND p.post_type = 'attachment'\n\t\t\tAND p.post_mime_type LIKE 'image/%'")\n$field assigned unsafely at line 278:\n $field = $use_term_id ? 'tt.term_id' : 'tt.term_taxonomy_id'\n$metas assigned unsafely at line 281:\n $metas = $wpdb->get_results( // WPCS: unprepared SQL ok.\n\t\t"\n\t\tSELECT $field, ttm.meta_value\n\t\tFROM $table AS ttm\n\t\tINNER JOIN $wpdb->term_taxonomy AS tt\n\t\t\tON tt.term_taxonomy_id = ttm.term_taxo_id\n\t\tINNER JOIN $wpdb->posts AS p\n\t\t\tON p.ID = ttm.meta_value\n\t\tWHERE ttm.meta_key = '_thumbnail_id'\n\t\t\tAND CAST( ttm.meta_value AS SIGNED ) > 0\n\t\t\tAND p.post_type = 'attachment'\n\t\t\tAND p.post_mime_type LIKE 'image/%'"\n\t)\n$table assigned unsafely at line 271:\n $table = $wpdb->prefix . 'term_taxometa'\n$exists assigned unsafely at line 272:\n $exists = $wpdb->get_var( "SHOW TABLES LIKE '$table'" )
Unescaped parameter $table used in $wpdb->get_var("SHOW TABLES LIKE '$table'")\n$table assigned unsafely at line 271:\n $table = $wpdb->prefix . 'term_taxometa'\n$exists assigned unsafely at line 272:\n $exists = $wpdb->get_var( "SHOW TABLES LIKE '$table'" )
Affected Plugins
Plugins that have instances of this rule violation