Unescaped parameter $where used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t"SELECT DISTINCT $wpdb->users.ID FROM $wpdb->posts INNER JOIN $wpdb->users ON post_author = $wpdb->users.ID $where AND post_author IN ( %1\$s ) ORDER BY FIELD( $wpdb->users.ID, %2\$s)", \t\t\t\t$ids,\n\t\t\t\t$ids\n\t\t\t))\n$where assigned unsafely at line 74:\n $where = get_posts_by_author_sql( $post_types, true, $author_id, $public_only )\n$post_types assigned unsafely at line 53:\n $post_types = \\WPGraphQL::get_allowed_post_types(\n\t\t\t'names',\n\t\t\t[\n\t\t\t\t'public' => true,\n\t\t\t]\n\t\t)
Affected Plugins
Plugins that have instances of this rule violation