Unescaped parameter $_GET['sql-table'] used in $wpdb->get_row($wpdb->prepare(\n\t\t\t'SELECT * FROM ' . $_GET['sql-table'] . ' WHERE ' . $_GET['sql-primary-column'] . ' = %d LIMIT 1', \t\t\t$_GET['sql-primary-key']\n\t\t))\n$_GET['sql-table'] used without escaping.
Unescaped parameter $_GET['sql-table'] used in $wpdb->get_row($wpdb->prepare(\n\t\t\t'SELECT * FROM ' . $_GET['sql-table'] . ' WHERE ' . $_GET['sql-primary-column'] . ' = %s LIMIT 1', \t\t\t$_GET['sql-primary-key']\n\t\t))\n$_GET['sql-table'] used without escaping.
Unescaped parameter $column_name used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\t'SELECT ' . $column_name . ' AS column_name, ' . $primary_column . ' as primary_column FROM ' . $table_name . ' WHERE ' . $column_name . ' LIKE %s', \t\t\t\t\t\t\t'%' . $wpdb->esc_like( $scan_data->search ) . '%'\n\t\t\t\t\t\t))\n$column_name assigned unsafely at line 251:\n $column_name = $column->Field\n$column->Field used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column_name used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t\t\t'SELECT ' . $column_name . ' AS column_name, ' . $primary_column . ' as primary_column FROM ' . $table_name . ' WHERE ' . $column_name . ' REGEXP %s', \t\t\t\t\t\t\t$scan_data->search\n\t\t\t\t\t\t))\n$column_name assigned unsafely at line 251:\n $column_name = $column->Field\n$column->Field used without escaping.
Unescaped parameter $params['sql-column'] used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t\t'SELECT ' . $params['sql-column'] . ' FROM ' . $params['sql-table'] . ' WHERE ' . $params['sql-primary-column'] . ' = %d LIMIT 1', \t\t\t\t\t$params['sql-primary-key']\n\t\t\t\t))\n$params['sql-column'] used without escaping.