Unescaped parameter $assigned_count_query used in $wpdb->get_var($assigned_count_query)\n$assigned_count_query assigned unsafely at line 395:\n $assigned_count_query = apply_filters( 'Wicked_Folders\\Folder_Collection\\fetch_item_counts\\assigned_count_query', $assigned_count_query, $this )
Unescaped parameter $count_query used in $wpdb->get_results($count_query)\n$count_query assigned unsafely at line 394:\n $count_query = apply_filters( 'Wicked_Folders\\Folder_Collection\\fetch_item_counts\\count_query', $count_query, $this )
Unescaped parameter $eCondition used in $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE $wpdb->terms.term_id NOT IN(\n SELECT $wpdb->term_taxonomy.parent\n FROM $wpdb->term_taxonomy\n )\n AND {$eCondition}")\n$eCondition assigned unsafely at line 162:\n $eCondition .= ")"\n$eCondition assigned unsafely at line 159:\n $eCondition .= "OR $wpdb->term_taxonomy.taxonomy = '".esc_attr($post_type->name)."_folder'"\nNote: esc_attr() is not a safe escaping function.\n$total_records assigned unsafely at line 163:\n $total_records = $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE $wpdb->terms.term_id NOT IN(\n SELECT $wpdb->term_taxonomy.parent\n FROM $wpdb->term_taxonomy\n )\n AND {$eCondition}")
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $eCondition used in $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE {$eCondition}")\n$eCondition assigned unsafely at line 162:\n $eCondition .= ")"\n$eCondition assigned unsafely at line 159:\n $eCondition .= "OR $wpdb->term_taxonomy.taxonomy = '".esc_attr($post_type->name)."_folder'"\nNote: esc_attr() is not a safe escaping function.\n$total_records assigned unsafely at line 163:\n $total_records = $wpdb->get_var("SELECT COUNT($wpdb->terms.term_id) AS total_records\n FROM $wpdb->terms\n INNER JOIN $wpdb->term_taxonomy\n ON $wpdb->terms.term_id = $wpdb->term_taxonomy.term_id\n WHERE $wpdb->terms.term_id NOT IN(\n SELECT $wpdb->term_taxonomy.parent\n FROM $wpdb->term_taxonomy\n )\n AND {$eCondition}")
Unescaped parameter $filebirdTable used in $wpdb->get_results("SELECT * FROM {$filebirdTable} ORDER BY folder_id ASC")\n$filebirdTable assigned unsafely at line 771:\n $filebirdTable = $wpdb->prefix.'fbv_attachment_folder'
CatFolders – Tame Your WordPress Media Library by Category