Unescaped parameter $excluded_types used in $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' AND comment_type NOT IN ('" . implode( "','", $excluded_types ) . "')", $post_id ))\n$excluded_types assigned unsafely at line 796:\n $excluded_types = array_filter( self::get_comment_type_slugs(), array( self::class, 'is_comment_type_enabled' ) )
Unescaped parameter $type_inclusion used in $wpdb->get_col($wpdb->prepare(\n\t\t\t\t\t\t\t\t"SELECT DISTINCT comment_post_ID FROM {$wpdb->comments} WHERE comment_approved = '1' {$type_inclusion} ORDER BY comment_post_ID LIMIT %d OFFSET %d",\n\t\t\t\t$batch_size,\n\t\t\t\t$offset\n\t\t\t))\n$type_inclusion assigned unsafely at line 495:\n $type_inclusion = "AND comment_type IN ('" . implode( "','", $comment_types ) . "')"\n$comment_types assigned unsafely at line 494:\n $comment_types = Comment::get_comment_type_slugs()
Affected Plugins
Plugins that have instances of this rule violation