ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $config_item_key used in $wpdb->get_results("SELECT id, config_item_value, created_at\n FROM " . $wpdb->base_prefix . "drflex_config_items\n WHERE config_item_key = '" . $config_item_key . "'\n ORDER BY id desc LIMIT 1\n ;")\n$config_item_key used without escaping.

Unescaped parameter $id used in $wpdb->query("DELETE FROM " . $wpdb->base_prefix . "drflex_custom_resources \n WHERE id = '" . $id . "';")\n$id used without escaping.

Unescaped parameter $qry used in $wpdb->query($qry)\n$qry assigned unsafely at line 279:\n $qry = "DELETE FROM " . $wpdb->base_prefix . "drflex_custom_resources \n WHERE " . $where_str . ";"\n$where_str assigned unsafely at line 278:\n $where_str = "id = '" . implode("'OR id = '", $delete_ids) . "'"\n$delete_ids used without escaping.

Unescaped parameter $resource_hash used in $wpdb->get_results("SELECT count(id)\n FROM " . $wpdb->base_prefix . "drflex_custom_resources \n WHERE resource_hash_md5 = '" . $resource_hash . "'\n ;")\n$resource_hash used without escaping.

Unescaped parameter $sql_exception used in $wpdb->query("DELETE FROM " . $wpdb->base_prefix . "drflex_custom_resources\n WHERE resource_uri != '$sql_exception' AND PERMANENT != true;")\n$sql_exception used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Dr. Flex

dr-flex

issues

installs