Unescaped parameter $category_sql used in $wpdb->get_results("SELECT * FROM $wpdb->downloads WHERE $category_sql AND file_permission != -2 ORDER BY FROM_UNIXTIME(file_date) DESC LIMIT $limit")\n$category_sql assigned unsafely at line 1208:\n $category_sql = "file_category = $cat_id"\n$limit used without escaping.\n$cat_id used without escaping.
Unescaped parameter $current_query used in $wpdb->query($current_query)\n$current_query assigned unsafely at line 1765:\n $current_query .= $line\n$line assigned unsafely at line 1757:\n $line = fgets($fp)\n$fp assigned unsafely at line 1752:\n $fp = @fopen($file_name, 'r')\n$file_name used without escaping.
Unescaped parameter $delete_query used in $wpdb->get_results($delete_query)\n$delete_query assigned unsafely at line 689:\n $delete_query = "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = ".$args['post_id']\n$args['post_id'] used without escaping.
Unescaped parameter $dl_name used in $wpdb->get_row("SELECT file_id, file, file_permission FROM $wpdb->downloads WHERE file = \"$dl_name\" AND file_permission != -2")\n$dl_name assigned unsafely at line 177:\n $dl_name = '/'.$dl_name\n$dl_name assigned unsafely at line 166:\n $dl_name = addslashes(get_query_var('dl_name'))\nNote: addslashes() is not a safe escaping function.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $download_options['rss_sortby'] used in $wpdb->get_results("SELECT * FROM $wpdb->downloads WHERE file_permission != -2 ORDER BY {$download_options['rss_sortby']} DESC LIMIT {$download_options['rss_limit']}")\n$download_options['rss_sortby'] used without escaping.\n$download_options['rss_limit'] used without escaping.