Unescaped parameter $collections_table used in $wpdb->get_row($wpdb->prepare( "SELECT * FROM $collections_table WHERE id = %d", $id ))\n$collections_table assigned unsafely at line 1071:\n $collections_table = $wpdb->prefix . 'mgl_collections'\n$shortcodes_table assigned unsafely at line 1072:\n $shortcodes_table = $wpdb->prefix . 'mgl_gallery_shortcodes'\n$collection assigned unsafely at line 1075:\n $collection = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $collections_table WHERE id = %d", $id ), ARRAY_A )\n$id used without escaping.
Unescaped parameter $collections_table used in $wpdb->get_var($wpdb->prepare( "SELECT COUNT( * ) FROM $collections_table WHERE id = %s", $id ))\n$collections_table assigned unsafely at line 310:\n $collections_table = $wpdb->prefix . 'mgl_collections'\n$table_exists assigned unsafely at line 313:\n $table_exists = $wpdb->get_var( "SHOW TABLES LIKE '$collections_table'" ) === $collections_table
Unescaped parameter $collections_table used in $wpdb->get_var($wpdb->prepare( "SELECT COUNT( * ) FROM $collections_table WHERE name LIKE %s", '%' . $wpdb->esc_like( $search ) . '%' ))\n$collections_table assigned unsafely at line 1115:\n $collections_table = $wpdb->prefix . 'mgl_collections'\n$shortcodes_table assigned unsafely at line 1116:\n $shortcodes_table = $wpdb->prefix . 'mgl_gallery_shortcodes'\n$table_exists assigned unsafely at line 1119:\n $table_exists = $wpdb->get_var( "SHOW TABLES LIKE '$collections_table'" ) === $collections_table
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $collections_table used in $wpdb->get_var("SELECT COUNT( * ) FROM $collections_table")\n$collections_table assigned unsafely at line 1115:\n $collections_table = $wpdb->prefix . 'mgl_collections'\n$shortcodes_table assigned unsafely at line 1116:\n $shortcodes_table = $wpdb->prefix . 'mgl_gallery_shortcodes'\n$table_exists assigned unsafely at line 1119:\n $table_exists = $wpdb->get_var( "SHOW TABLES LIKE '$collections_table'" ) === $collections_table
Unescaped parameter $collections_table used in $wpdb->get_var("SHOW TABLES LIKE '$collections_table'")\n$collections_table assigned unsafely at line 1115:\n $collections_table = $wpdb->prefix . 'mgl_collections'\n$shortcodes_table assigned unsafely at line 1116:\n $shortcodes_table = $wpdb->prefix . 'mgl_gallery_shortcodes'\n$table_exists assigned unsafely at line 1119:\n $table_exists = $wpdb->get_var( "SHOW TABLES LIKE '$collections_table'" ) === $collections_table