Unescaped parameter $entry_page used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t"SELECT ID, post_title FROM $wpdb->posts WHERE post_type='page' AND ( post_content LIKE %s OR post_content LIKE %s ) AND ID <> {$entry_page};",\n\t\t\t\t\t\t"%{$block_placeholder}%",\n\t\t\t\t\t\t"%{$shortcode}%"\n\t\t\t\t\t))\n$entry_page assigned unsafely at line 328:\n $entry_page = $post_id && ! is_wp_error( $post_id ) ? $post_id : false\n$post_id assigned unsafely at line 316:\n $post_id = wp_insert_post(\n\t\t\t\tarray(\n\t\t\t\t\t'ID' => 0,\n\t\t\t\t\t'post_title' => $title,\n\t\t\t\t\t'post_name' => $slug,\n\t\t\t\t\t'post_content' => '',\n\t\t\t\t\t'post_status' => 'publish',\n\t\t\t\t\t'post_type' => 'page',\n\t\t\t\t),\n\t\t\t\ttrue\n\t\t\t)\n$title assigned unsafely at line 304:\n $title = isset( $settings['title'] ) ? sanitize_text_field( $settings['title'] ) : 'Knowledge Base'\nNote: sanitize_text_field() is not a safe escaping function.\n$slug assigned unsafely at line 305:\n $slug = isset( $settings['slug'] ) ? strtolower( sanitize_text_field( $settings['slug'] ) ) : 'knowledge-base'
Unescaped parameter $items_sql used in $wpdb->get_col($items_sql)\n$items_sql assigned unsafely at line 1008:\n $items_sql = $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_type = %s AND ID NOT IN $exclude_sql", bp_docs_get_post_type_name() )\n$exclude_sql assigned unsafely at line 1007:\n $exclude_sql = '(' . implode( ',', $exclude ) . ')'\n$exclude assigned unsafely at line 1003:\n $exclude = bp_docs_access_query()->get_doc_ids()
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->get_col($query)\n$query assigned unsafely at line 198:\n $query = $wpdb->prepare(\n\t\t\t\t"SELECT id FROM {$wpdb->prefix}catfolders \n\t\t\t\tWHERE parent IN (" . str_repeat('%d,', count($current_parents) - 1) . "%d)\n\t\t\t\tAND type = 'attachment' \n\t\t\t\tAND created_by = %d",\n\t\t\t\tarray_merge($current_parents, array(apply_filters('catf_folder_created_by', 0)))\n\t\t\t)
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 308:\n $query = apply_filters( 'basepress_views_reset', $query )
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 608:\n $query = self::build_db_logs_query(\n\t\t\t\t$filters,\n\t\t\t\t$limit,\n\t\t\t\t$offset,\n\t\t\t\t$order\n\t\t\t)\n$filters used without escaping.\n$limit used without escaping.\n$offset used without escaping.\n$order used without escaping.
Document Gallery – Display PDF Gallery from Many Folders