Unescaped parameter $executable_query used in $wpdb->get_results($executable_query)\n$executable_query assigned unsafely at line 158:\n $executable_query = $sql_template\n$sql_template assigned unsafely at line 151:\n $sql_template = $sql_select_from . $sql_where . $sql_order_by\n$sql_where assigned unsafely at line 146:\n $sql_where = " WHERE `purchasecode` LIKE %s"\n$query_args[] used without escaping.\n$this->search assigned unsafely at line 136:\n $this->search = isset($_REQUEST['s']) ? sanitize_text_field(wp_unslash($_REQUEST['s'])) : ''\nNote: sanitize_text_field() is not a safe escaping function.\n$_REQUEST['s'] used without escaping.
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 371:\n $sql = $wpdb->prepare(\r\n "SELECT `itemid`, `token`, `username`, `domain` FROM {$wpdb->prefix}license_envato_userlist WHERE `{$key}` = %s",\r\n $value\r\n )\n$key used without escaping.
Affected Plugins
Plugins that have instances of this rule violation