Unescaped parameter $status_sql used in $wpdb->get_results("SELECT COUNT(ID) FROM {$wpdb->posts} WHERE post_type IN ( 'product', 'product_variation' ) AND ID NOT IN (SELECT post_parent FROM {$wpdb->posts} WHERE post_type IN ( 'product', 'product_variation' ) ) AND post_status IN ($status_sql)")\n$status_sql assigned unsafely at line 1757:\n $status_sql = implode(',', $quoted_statuses)\n$quoted_statuses assigned unsafely at line 1754:\n $quoted_statuses = array_map(function ($status) use ($wpdb) {\r\n\t\t\t\t\t\treturn "'" . esc_sql($status) . "'";\r\n\t\t\t\t\t}, $acceptable_post_status)\n$status used without escaping.
Affected Plugins
Plugins that have instances of this rule violation