Unescaped parameter $column used in $wpdb->get_row($wpdb->prepare( " SELECT * FROM {$table} WHERE {$column} LIKE %s ORDER BY {$key_column} ASC LIMIT 1 ", $key ))\n$column assigned unsafely at line 267:\n $column = 'meta_key'\n$key_column assigned unsafely at line 268:\n $key_column = 'meta_id'\n$value_column assigned unsafely at line 269:\n $value_column = 'meta_value'\n$key assigned unsafely at line 272:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare( " SELECT COUNT(*) FROM {$table} WHERE {$column} LIKE %s ", $key ))\n$column assigned unsafely at line 198:\n $column = 'meta_key'\n$key assigned unsafely at line 201:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $comments_request used in $wpdb->get_col($comments_request)\n$comments_request assigned unsafely at line 1238:\n $comments_request = "SELECT {$wpdb->comments}.comment_ID FROM {$wpdb->comments} $cjoin $cwhere $cgroupby $corderby $climits"\n$cjoin assigned unsafely at line 1222:\n $cjoin = apply_filters_ref_array( 'comment_feed_join', array( '', &$this ) )\n$cwhere assigned unsafely at line 1225:\n $cwhere = apply_filters_ref_array( 'comment_feed_where', array( "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'", &$this ) )\n$cgroupby assigned unsafely at line 1229:\n $cgroupby = ( ! empty( $cgroupby ) ) ? 'GROUP BY ' . $cgroupby : ''\n$cgroupby assigned unsafely at line 1228:\n $cgroupby = apply_filters_ref_array( 'comment_feed_groupby', array( '', &$this ) )\n$corderby assigned unsafely at line 1233:\n $corderby = ( ! empty( $corderby ) ) ? 'ORDER BY ' . $corderby : ''\n$corderby assigned unsafely at line 1232:\n $corderby = apply_filters_ref_array( 'comment_feed_orderby', array( 'comment_date_gmt DESC', &$this ) )\n$climits assigned unsafely at line 1236:\n $climits = apply_filters_ref_array( 'comment_feed_limits', array( 'LIMIT ' . get_option( 'posts_per_rss' ), &$this ) )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $found_posts_query used in $wpdb->get_var($found_posts_query)\n$found_posts_query assigned unsafely at line 137:\n $found_posts_query = apply_filters_ref_array( 'found_posts_query', array( 'SELECT FOUND_ROWS()', &$this ) )
Unescaped parameter $query used in $wpdb->get_col($query)\n$query assigned unsafely at line 103:\n $query = "SELECT distinct product_id FROM {$table}"\n$table assigned unsafely at line 97:\n $table = $wpdb->prefix . 'vi_wad_error_product_images'\n$table_posts assigned unsafely at line 98:\n $table_posts = $wpdb->prefix . 'posts'\n$search used without escaping.