Unescaped parameter $field used in $wpdb->get_col("SELECT {$field} FROM {$table}")\n$field assigned unsafely at line 38:\n $field = 'blog_id'\n$table assigned unsafely at line 39:\n $table = $wpdb->prefix.'blogs'\n$blog_id used without escaping.
Unescaped parameter $join used in $wpdb->get_row($select . $join . $where . $groupby)\n$join assigned unsafely at line 228:\n $join .= " INNER JOIN " . $wpdb->terms . " AS t ON t.term_id = tt.term_id"\n$where assigned unsafely at line 190:\n $where .= PLL()->model->post->where_clause( $this->current_lang )\n$args[$tax_qv] used without escaping.\n$tax_qv used without escaping.
Unescaped parameter $q used in $wpdb->get_results($q)\n$q assigned unsafely at line 1076:\n $q = $wpdb->prepare( "SELECT post_id, meta_value FROM $wpdb->postmeta WHERE `meta_key` = %s AND LOWER(`meta_value`) IN $uris_flat LIMIT %d", '_wp_attached_file', count( $uris_base ) )\n$uris_flat assigned unsafely at line 1075:\n $uris_flat = "('" . implode( "','", array_keys( $uris_base ) ) . "')"
Unescaped parameter $query used in $wpdb->get_col($query)\n$query used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 608:\n $query = self::build_db_logs_query(\n\t\t\t\t$filters,\n\t\t\t\t$limit,\n\t\t\t\t$offset,\n\t\t\t\t$order\n\t\t\t)\n$filters used without escaping.\n$limit used without escaping.\n$offset used without escaping.\n$order used without escaping.