Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 129:\n $query = $wpdb->prepare( "SELECT * FROM " . $this->shipments_table() . " WHERE `shipping_id` = %d " . $status_query . " ORDER BY `order_id` ASC",\r\r\t\t\t$id )\n$status_query assigned unsafely at line 123:\n $status_query = sprintf( "AND `status` = '%s'", $status )\n$status used without escaping.
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 168:\n $query .= ') '\n$query assigned unsafely at line 166:\n $query .= $one_delivery_method_text\n$one_delivery_method_text assigned unsafely at line 160:\n $one_delivery_method_text .= ','
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 61:\n $query = "SELECT * FROM " . $this->table()
Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 161:\n $query = $wpdb->prepare( "SELECT * FROM " . $this->shipments_table() . " WHERE `shipping_id` = %d AND `status` = '" . self::STATUS_WAITING . "' ORDER BY `order_id` ASC LIMIT 1",\r\r\t\t\t$id )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->get_row($query)\n$query assigned unsafely at line 208:\n $query = $wpdb->prepare("SELECT * FROM " . $this->table() . " WHERE `identifier` = %s AND `carrier_code` = %s " . $type_sql,\r\r $identifier, $carrier_code)