ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

10K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $old used in $wpdb->query("\r\n\t\t\t\tUPDATE {$wpdb->options} \r\n\t\t\t\tSET option_value = REPLACE( option_value, '/{$old}', '/{$new}') \r\n\t\t\t\tWHERE option_value LIKE '%/{$old}%'\r\n\t\t\t")\n$old assigned unsafely at line 872:\n $old => \n$new used without escaping.

Unescaped parameter $old used in $wpdb->query("\r\n\t\t\t\tUPDATE {$wpdb->postmeta} \r\n\t\t\t\tSET meta_value = REPLACE( meta_value, '/{$old}', '/{$new}') \r\n\t\t\t\tWHERE meta_value LIKE '%/{$old}%'\r\n\t\t\t")\n$old assigned unsafely at line 872:\n $old => \n$new used without escaping.

Unescaped parameter $old used in $wpdb->query("\r\n\t\t\t\tUPDATE {$wpdb->posts} \r\n\t\t\t\tSET post_content = REPLACE( post_content, '/{$old}', '/{$new}') \r\n\t\t\t\tWHERE post_content LIKE '%/{$old}%'\r\n\t\t\t")\n$old assigned unsafely at line 872:\n $old => \n$new used without escaping.

Unescaped parameter $old used in $wpdb->query("\r\n\t\t\t\tUPDATE {$wpdb->posts} \r\n\t\t\t\tSET post_excerpt = REPLACE( post_excerpt, '/{$old}', '/{$new}') \r\n\t\t\t\tWHERE post_excerpt LIKE '%/{$old}%'\r\n\t\t\t")\n$old assigned unsafely at line 872:\n $old => \n$new used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Unescaped parameter $table_name used in $wpdb->query("\r\n\t\t\t\t\tUPDATE $table_name \r\n\t\t\t\t\tSET elements = REPLACE( elements, '/{$old}', '/{$new}') \r\n\t\t\t\t\tWHERE elements LIKE '%/{$old}%'\r\n\t\t\t\t")\n$table_name assigned unsafely at line 947:\n $table_name = $wpdb->prefix.'fpd_views'\n$table_name assigned unsafely at line 938:\n $table_name = $wpdb->prefix.'fpd_products'\n$table_name assigned unsafely at line 929:\n $table_name = $wpdb->prefix.'toolset_post_guid_id'\n$table_name assigned unsafely at line 920:\n $table_name = $wpdb->prefix.'revslider_static_slides'\n$table_name assigned unsafely at line 906:\n $table_name = $wpdb->prefix.'revslider_slides'\n$table_name assigned unsafely at line 897:\n $table_name = $wpdb->prefix.'yoast_seo_links'\n$old assigned unsafely at line 872:\n $old => \n$new used without escaping.