Unescaped parameter $blog_id used in $wpdb->query($wpdb->prepare(\n\t\t\t\t\t\t\t\t\t\t\t\t"DELETE FROM\t$wpdb->get_blog_prefix( $blog_id )postmeta\n\t\t\t\t\t\tWHERE\t\t\tmeta_key LIKE %s",\n\t\t\t\t\t\t\t\t\t\t\t\t[ '%_oembed_%' ]\n\t\t\t\t\t))\n$blog_id used without escaping.
Unescaped parameter $full_table_name used in $wpdb->query("CREATE TABLE IF NOT EXISTS $full_table_name ( $columns ) $table_options;")\n$full_table_name assigned unsafely at line 58:\n $full_table_name = $wpdb->$key\n$columns used without escaping.\n$table_options assigned unsafely at line 77:\n $table_options = $charset_collate . ' ' . $opts['table_options']\n$key used without escaping.\n$charset_collate assigned unsafely at line 69:\n $charset_collate = ''\n$opts['table_options'] used without escaping.
Unescaped parameter $full_table_name used in $wpdb->query("DROP TABLE IF EXISTS $full_table_name;")\n$full_table_name assigned unsafely at line 58:\n $full_table_name = $wpdb->$key\n$key used without escaping.
Unescaped parameter $key used in $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->$key)\n$key used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $keys used in $wpdb->query("\n\t\t\tDELETE FROM {$wpdb->usermeta}\n\t\t\tWHERE meta_key IN {$keys}\n\t\t")\n$keys assigned unsafely at line 152:\n $keys = '( ' . implode( ', ', $keys ) . ' )'\n$keys assigned unsafely at line 150:\n $keys[] = "'{$option}_{$hook}'"\n$option used without escaping.\n$hook assigned unsafely at line 147:\n $hook = str_replace( '-', '', $this->pagehook )