Unescaped parameter $eCondition used in $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE $wpdb->terms.term_id NOT IN(\n SELECT $wpdb->term_taxonomy.parent\n FROM $wpdb->term_taxonomy\n )\n AND {$eCondition}")\n$eCondition assigned unsafely at line 162:\n $eCondition .= ")"\n$eCondition assigned unsafely at line 159:\n $eCondition .= "OR $wpdb->term_taxonomy.taxonomy = '".esc_attr($post_type->name)."_folder'"\nNote: esc_attr() is not a safe escaping function.\n$total_records assigned unsafely at line 163:\n $total_records = $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE $wpdb->terms.term_id NOT IN(\n SELECT $wpdb->term_taxonomy.parent\n FROM $wpdb->term_taxonomy\n )\n AND {$eCondition}")
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $eCondition used in $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE {$eCondition}")\n$eCondition assigned unsafely at line 162:\n $eCondition .= ")"\n$eCondition assigned unsafely at line 159:\n $eCondition .= "OR $wpdb->term_taxonomy.taxonomy = '".esc_attr($post_type->name)."_folder'"\nNote: esc_attr() is not a safe escaping function.\n$total_records assigned unsafely at line 163:\n $total_records = $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE $wpdb->terms.term_id NOT IN(\n SELECT $wpdb->term_taxonomy.parent\n FROM $wpdb->term_taxonomy\n )\n AND {$eCondition}")
Unescaped parameter $extra_query used in $wpdb->get_results('SELECT TABLE_NAME, COLUMN_NAME, COLUMN_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE DATA_TYPE IN ("varchar", "text", "tinytext", "mediumtext", "longtext") AND TABLE_SCHEMA = "'.DB_NAME.'" '.$extra_query.' ORDER BY TABLE_NAME')\n$extra_query assigned unsafely at line 618:\n $extra_query = ' AND TABLE_NAME LIKE "'.$wpdb->prefix.'%" '\n$extra_query assigned unsafely at line 611:\n $extra_query = ''\n$all used without escaping.\n$options assigned unsafely at line 616:\n $options = get_option('wp-media-folders-options')
Unescaped parameter $filebirdTable used in $wpdb->get_results("SELECT * FROM {$filebirdTable} ORDER BY folder_id ASC")\n$filebirdTable assigned unsafely at line 771:\n $filebirdTable = $wpdb->prefix.'fbv_attachment_folder'
Unescaped parameter $filebirdTable used in $wpdb->get_results("SELECT * FROM {$filebirdTable} ORDER BY folder_id ASC")\n$filebirdTable assigned unsafely at line 780:\n $filebirdTable = $wpdb->prefix.'catfolders_posts'\n$filebirdTable assigned unsafely at line 771:\n $filebirdTable = $wpdb->prefix.'fbv_attachment_folder'