UnescapedDBParameter

Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare( "SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", $action_id, self::POST_TYPE ))

Unescaped parameter $query used in $wpdb->get_var($query)\n$query assigned unsafely at line 260:\n $query = $wpdb->prepare( $query, $args )\n$query assigned unsafely at line 258:\n $query .= " ORDER BY scheduled_date_gmt $order LIMIT 1"\n$order assigned unsafely at line 254:\n $order = 'DESC'

Unescaped parameter $query used in $wpdb->get_var($query)\n$query assigned unsafely at line 276:\n $query = $wpdb->prepare( $query, $args )\n$query assigned unsafely at line 259:\n $query .= " AND p.post_status=%s"\n$params['status'] used without escaping.

Unescaped parameter $query_count used in $wpdb->get_var($query_count)\n$query_count assigned unsafely at line 433:\n $query_count = "SELECT COUNT({$this->ID}) FROM {$this->table_name} {$where}"\n$where assigned unsafely at line 426:\n $where = ''\n$sql assigned unsafely at line 429:\n $sql = "SELECT $columns FROM {$this->table_name} {$where} {$order} {$limit} {$offset}"\n$columns assigned unsafely at line 421:\n $columns = '`' . implode( '`, `', $this->get_table_columns() ) . '`'\n$order assigned unsafely at line 416:\n $order = $this->get_items_query_order()\n$limit assigned unsafely at line 414:\n $limit = $this->get_items_query_limit()\n$offset assigned unsafely at line 415:\n $offset = $this->get_items_query_offset()