Unescaped parameter $db_table used in $wpdb->get_results("SELECT * FROM {$wpdb->prefix}daextlnl_$db_table $filter ORDER BY $db_primary_key DESC $query_limit")\n$db_table used without escaping.\n$filter assigned unsafely at line 201:\n $filter .= ')'\n$filter assigned unsafely at line 195:\n $filter .= $wpdb->prepare(\r\n\t\t\t\t\t$searchable_field . ' LIKE %s',\r\n\t\t\t\t\t'%' . $post_search_input . '%'\r\n\t\t\t\t)\n$db_primary_key assigned unsafely at line 227:\n $db_primary_key = sanitize_key( $db_primary_key )\nNote: sanitize_key() is not a safe escaping function.\n$query_limit assigned unsafely at line 224:\n $query_limit = $pag->query_limit()\n$total_items assigned unsafely at line 210:\n $total_items = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}daextlnl_$db_table $filter" )\n$searchable_field assigned unsafely at line 192:\n $searchable_field = sanitize_key( $searchable_field )\n$pag assigned unsafely at line 214:\n $pag = new Daextlnl_Pagination( $this->shared )
Unescaped parameter $db_table used in $wpdb->get_var("SELECT COUNT(*) FROM {$wpdb->prefix}daextlnl_$db_table $filter")\n$db_table used without escaping.\n$filter assigned unsafely at line 201:\n $filter .= ')'\n$filter assigned unsafely at line 195:\n $filter .= $wpdb->prepare(\r\n\t\t\t\t\t$searchable_field . ' LIKE %s',\r\n\t\t\t\t\t'%' . $post_search_input . '%'\r\n\t\t\t\t)\n$total_items assigned unsafely at line 210:\n $total_items = $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}daextlnl_$db_table $filter" )\n$searchable_field assigned unsafely at line 192:\n $searchable_field = sanitize_key( $searchable_field )\nNote: sanitize_key() is not a safe escaping function.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $db_table_name used in $wpdb->get_row($wpdb->prepare(\r\n\t\t\t\t\t\t"SELECT * FROM $db_table_name WHERE $primary_key = %d",\r\n\t\t\t\t\t\t$edit_id\r\n\t\t\t\t\t))\n$db_table_name assigned unsafely at line 533:\n $db_table_name = $wpdb->prefix . 'daextlnl_' . $this->db_table\nNote: sanitize_key() is not a safe escaping function.\n$primary_key assigned unsafely at line 536:\n $primary_key = sanitize_key( $this->primary_key )
Unescaped parameter $db_table_name used in $wpdb->query($wpdb->prepare( "DELETE FROM $db_table_name WHERE $primary_key = %d", $data['delete_id'] ))\n$db_table_name assigned unsafely at line 1247:\n $db_table_name = $wpdb->prefix . 'daextlnl_' . $this->db_table\nNote: sanitize_key() is not a safe escaping function.\n$primary_key assigned unsafely at line 1250:\n $primary_key = sanitize_key( $this->primary_key )
Unescaped parameter $post_title_where used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t"SELECT ID, post_title, post_author\n\t\t\t\t\tFROM $wpdb->posts\n\t\t\t\t\tWHERE $post_title_where\n\t\t\t\t\tpost_type = '{$args['post_type']}' AND\n\t\t\t\t\tpost_status IN ( $post_statuses ) AND\n\t\t\t\t\t$capability_where\n\t\t\t\t\tORDER BY post_title LIMIT %d",\n\t\t\t\tabsint( $args['count'] )\n\t\t\t))\n$post_title_where assigned unsafely at line 1785:\n $post_title_where = $search_term ? $wpdb->prepare(\n\t\t\t'post_title LIKE %s AND',\n\t\t\t'%' . $wpdb->esc_like( $search_term ) . '%'\n\t\t) :\n\t\t\t''\n$post_statuses assigned unsafely at line 1792:\n $post_statuses = self::wpdb_prepare_in( $post_statuses )\n$post_statuses assigned unsafely at line 1791:\n $post_statuses = array_intersect( array_keys( get_post_statuses() ), $args['post_status'] )\n$args['post_status'] assigned unsafely at line 1767:\n $args['post_status'] = array_diff( $args['post_status'], [ 'trash' ] )