Unescaped parameter $joins used in $wpdb->get_results($wpdb->prepare("SELECT p.ID, cache.* FROM {$wpdb->posts} p $joins $conditions ORDER BY p.post_date DESC LIMIT %d OFFSET %d", ...$params))\n$joins assigned unsafely at line 349:\n $joins = " LEFT JOIN {$table_cache} cache ON p.ID = cache.post_id "\n$conditions assigned unsafely at line 348:\n $conditions = "WHERE p.post_type = %s AND cache.post_id IS NULL"\n$table_cache assigned unsafely at line 334:\n $table_cache = $wpdb->prefix . 'llms_txt_cache'\n$post_type used without escaping.
Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 727:\n $sql = $wpdb->prepare("SELECT p.ID FROM {$wpdb->posts} p LEFT JOIN {$table_cache} c ON p.ID=c.post_id WHERE p.post_type=%s AND c.post_id IS NULL", $post_type)\n$table_cache assigned unsafely at line 701:\n $table_cache = $wpdb->prefix . 'llms_txt_cache'
Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 752:\n $sql = $wpdb->prepare("SELECT p.ID FROM {$wpdb->posts} p LEFT JOIN {$table_cache} c ON p.ID=c.post_id WHERE p.post_type=%s AND c.post_id IS NULL", $post_type)\n$table_cache assigned unsafely at line 747:\n $table_cache = $wpdb->prefix . 'llms_txt_cache'\n$ids assigned unsafely at line 753:\n $ids = array_merge($ids, array_map('intval', $wpdb->get_col($sql)))
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table used in $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM {$table} WHERE type = %s", $post_type->name))\n$table assigned unsafely at line 7:\n $table = $wpdb->prefix . 'llms_txt_cache'\n$latest_post assigned unsafely at line 9:\n $latest_post = apply_filters('get_llms_content', '')
Unescaped parameter $table used in $wpdb->query("TRUNCATE TABLE {$table}")\n$table assigned unsafely at line 312:\n $table = $wpdb->prefix . 'llms_txt_cache'