ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

20K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $ad_thetime used in $wpdb->get_results($wpdb->prepare("SELECT * FROM `{$wpdb->prefix}quads_stats` ".$ad_thetime ." ".$search_param ." LIMIT %d, %d",array($offset,$items_per_page)))

Unescaped parameter $ad_thetime used in $wpdb->get_results($wpdb->prepare("SELECT ad_id , log_date as ad_thetime,log_clicks ,ip_address,log_url as url,browser,referrer FROM `{$wpdb->prefix}quads_logs` ". $ad_thetime ." ".$search_param." LIMIT %d, %d",array($offset,$items_per_page)))

Unescaped parameter $ad_thetime used in $wpdb->get_row($wpdb->prepare("SELECT count(*) as total FROM `{$wpdb->prefix}quads_logs` ". $ad_thetime ." ".$search_param))

Unescaped parameter $ad_thetime used in $wpdb->get_row($wpdb->prepare("SELECT count(*) as total FROM `{$wpdb->prefix}quads_stats` ". $ad_thetime ." ".$search_param))

Unescaped parameter $device_name used in $wpdb->get_row($wpdb->prepare("SELECT id,stats_clicks FROM {$wpdb->prefix}quads_clicks_{$device_name} WHERE ad_id = %d AND stats_date = %d",array($ad_id, $todays_date)))\n$device_name assigned unsafely at line 357:\n $device_name = 'mobile'\n$device_name assigned unsafely at line 355:\n $device_name = 'mobile'\n$device_name assigned unsafely at line 353:\n $device_name = 'desktop'\n$device_name assigned unsafely at line 348:\n $device_name =''\n$performance_tracking assigned unsafely at line 336:\n $performance_tracking = isset($quads_options['ad_performance_tracking'])?$quads_options['ad_performance_tracking']:false\n$ad_stats assigned unsafely at line 362:\n $ad_stats = $wpdb->get_row($wpdb->prepare("SELECT id,stats_clicks FROM {$wpdb->prefix}quads_clicks_{$device_name} WHERE ad_id = %d AND stats_date = %d",array($ad_id, $todays_date)),ARRAY_A)\n$ad_id assigned unsafely at line 345:\n $ad_id = $id_array[1]\n$isMobile assigned unsafely at line 351:\n $isMobile = $mobile_detect->isMobile()\n$isTablet assigned unsafely at line 352:\n $isTablet = $mobile_detect->isTablet()\n$mobile_detect assigned unsafely at line 349:\n $mobile_detect = $isTablet = ''\n$quads_options['ad_performance_tracking'] used without escaping.\n$id_array[1] used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Ads by Quads – Adsense Ads, Banner Ads, Popup Ads

quick-adsense-reloaded

issues

20K

installs