Unescaped parameter $aRow->categories used in $wpdb->get_results("SELECT category_name FROM ".ASL_PREFIX."categories WHERE id IN ($aRow->categories)")\n$aRow->categories used without escaping.
Unescaped parameter $attr_name used in $wpdb->get_col("SELECT name FROM ".ASL_PREFIX.$attr_name." WHERE id IN ($attr_ids)")\n$attr_name assigned unsafely at line 241:\n $attr_name = (in_array($type, self::$options))? $type: self::$options[0]\n$type used without escaping.\n$options[0] used without escaping.
Unescaped parameter $attr_name used in $wpdb->get_results($wpdb->prepare("SELECT * FROM ".ASL_PREFIX.$attr_name." WHERE lang = %s ORDER BY name ASC", $lang))\n$attr_name assigned unsafely at line 184:\n $attr_name = (in_array($type, self::$options))? $type: self::$options[0]\n$type used without escaping.\n$options[0] used without escaping.
Unescaped parameter $attr_name used in $wpdb->get_row($wpdb->prepare("SELECT id FROM ".ASL_PREFIX.$attr_name." WHERE name = %s AND lang = %s", $name, $lang))\n$attr_name assigned unsafely at line 212:\n $attr_name = (in_array($type, self::$options))? $type: self::$options[0]\n$type used without escaping.\n$options[0] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $categories_ids used in $wpdb->get_results('SELECT category_name FROM ' . ASL_PREFIX . "categories WHERE id IN ($categories_ids)")\n$categories_ids assigned unsafely at line 343:\n $categories_ids = implode(',', $categories_ids)\n$categories_ids assigned unsafely at line 340:\n $categories_ids = array_filter($categories_ids)\n$categories_ids assigned unsafely at line 339:\n $categories_ids = explode(',', $aRow->categories)\n$aRow->categories used without escaping.