ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $createQuery used in $wpdb->query(sprintf($createQuery, $prefix . $table))\n$createQuery assigned unsafely at line 90:\n $createQuery = '\n CREATE TABLE IF NOT EXISTS `%s` (\n `endpoint_id` BIGINT(20) unsigned NOT NULL,\n `host_id` INT(10) unsigned NOT NULL,\n PRIMARY KEY (`endpoint_id`, `host_id`),\n INDEX (`host_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci'\n$dropOldQuery assigned unsafely at line 98:\n $dropOldQuery = '\n DROP TABLE IF EXISTS `%s`;\n '\n$oldPrefix assigned unsafely at line 145:\n $oldPrefix = substr($oldPrefix, 0, - 5)\n$oldPrefix assigned unsafely at line 102:\n $oldPrefix = 'jtl_connector_link_'\n$prefix assigned unsafely at line 146:\n $prefix = substr($prefix, 0, - 5)\n$prefix assigned unsafely at line 103:\n $prefix = $wpdb->prefix . $oldPrefix

Unescaped parameter $dropOldQuery used in $wpdb->query(sprintf($dropOldQuery, $oldPrefix . $table))\n$dropOldQuery assigned unsafely at line 98:\n $dropOldQuery = '\n DROP TABLE IF EXISTS `%s`;\n '\n$oldPrefix assigned unsafely at line 145:\n $oldPrefix = substr($oldPrefix, 0, - 5)\n$oldPrefix assigned unsafely at line 102:\n $oldPrefix = 'jtl_connector_link_'\n$prefix assigned unsafely at line 146:\n $prefix = substr($prefix, 0, - 5)\n$prefix assigned unsafely at line 103:\n $prefix = $wpdb->prefix . $oldPrefix

Affected Plugins

Plugins that have instances of this rule violation

JTL-Connector for WooCommerce

woo-jtl-connector

issues

installs