Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 608:\n $query = self::build_db_logs_query(\n\t\t\t\t$filters,\n\t\t\t\t$limit,\n\t\t\t\t$offset,\n\t\t\t\t$order\n\t\t\t)\n$filters used without escaping.\n$limit used without escaping.\n$offset used without escaping.\n$order used without escaping.
Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 666:\n $query = "SELECT {$columns} UNION ALL " . $query\n$columns assigned unsafely at line 663:\n $columns .= "'" . self::$_log_columns[ $i ] . "'"\n$_log_columns[$i] used without escaping.
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 179:\n $sql = $wpdb->prepare( "SELECT entry_id FROM " . self::$sms_table . " WHERE entry_id = %d AND form_id = %d AND reciever = %s AND message = %s ", $entry_id, $form_id, $receiver, $message )\n$sms_table used without escaping.
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 220:\n $sql .= ' OFFSET ' . ( $page_number - 1 ) * $per_page\n$page_number used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $sql used in $wpdb->get_var($sql)\n$sql assigned unsafely at line 140:\n $sql .= ' WHERE `form_id` LIKE "%%' . $wpdb->esc_like( $_REQUEST['id'] ) . '%%"'\n$_REQUEST['id'] used without escaping.