Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 331:\n $sql = self::$wpdb->prepare("\n\t\t\tSELECT $fieldName\n\t\t\tFROM $tableName\n\t\t\tWHERE customer_id = %d AND api_key = %s\n\t\t\tORDER BY iyzico_card_id DESC LIMIT 1;\n\t\t", $customerId, $apiKey)\n$fieldName assigned unsafely at line 328:\n $fieldName = 'card_user_key'\n$tableName assigned unsafely at line 327:\n $tableName = self::$wpdb->prefix.'iyzico_card'\n$customerId used without escaping.\n$apiKey used without escaping.
Unescaped parameter $sql used in $wpdb->get_row($sql)\n$sql assigned unsafely at line 237:\n $sql = self::$wpdb->prepare("\n\t\t\tSELECT *\n\t\t\tFROM $tableName\n\t\t\tWHERE order_id = %d\n\t\t\tORDER BY iyzico_order_id DESC LIMIT 1;\n\t\t", $orderId)\n$tableName assigned unsafely at line 234:\n $tableName = self::$wpdb->prefix.'iyzico_order'\n$orderId used without escaping.
Unescaped parameter $sql used in $wpdb->get_row($sql)\n$sql assigned unsafely at line 314:\n $sql = self::$wpdb->prepare("\n\t\t\tSELECT *\n\t\t\tFROM $tableName\n\t\t\tWHERE token = %s\n\t\t\tORDER BY iyzico_order_id DESC LIMIT 1;\n\t\t", $token)\n$tableName assigned unsafely at line 311:\n $tableName = self::$wpdb->prefix.'iyzico_order'\n$token used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 134:\n $sql = "DROP TABLE IF EXISTS $table_name;"\n$table_name assigned unsafely at line 131:\n $table_name = $wpdb->prefix.'iyzico_order'\n$table_name2 assigned unsafely at line 132:\n $table_name2 = $wpdb->prefix.'iyzico_card'
Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 138:\n $sql = "DROP TABLE IF EXISTS $table_name2;"\n$table_name2 assigned unsafely at line 132:\n $table_name2 = $wpdb->prefix.'iyzico_card'