Unescaped parameter $__table used in $wpdb->get_col($wpdb->prepare( "SELECT meta_value FROM $__table WHERE meta_key = %s AND post_id = %d", self::LANGUAGE_META_KEY, $postarr['ID'] ))\n$__table assigned unsafely at line 3479:\n $__table = _get_meta_table( 'post' )
Unescaped parameter $column used in $wpdb->get_results($wpdb->prepare( "SELECT meta_value FROM {$wpdb->{$this->object_table}} WHERE meta_key = %s AND {$column} = %d;", $meta_key, $object_id ))\n$column assigned unsafely at line 183:\n $column = sanitize_key( $this->object_type . '_id' )\nNote: sanitize_key() is not a safe escaping function.
Unescaped parameter $column used in $wpdb->get_row($wpdb->prepare( "SELECT * FROM {$table} WHERE {$column} LIKE %s ORDER BY {$key_column} ASC LIMIT 1", $key ))\n$column assigned unsafely at line 269:\n $column = 'meta_key'\n$key_column assigned unsafely at line 270:\n $key_column = 'meta_id'\n$value_column assigned unsafely at line 271:\n $value_column = 'meta_value'\n$key assigned unsafely at line 274:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*) FROM {$wpdb->options} WHERE {$column} LIKE %s", $key ))\n$column assigned unsafely at line 194:\n $column = 'meta_key'\n$key assigned unsafely at line 197:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare( "SELECT meta_value FROM {$wpdb->{$this->object_table}} WHERE meta_key = %s AND {$column} = %d AND meta_value LIKE %s LIMIT 1", $meta_key, $object_id, $like ))\n$column assigned unsafely at line 229:\n $column => $object_id\n$object_id used without escaping.