Unescaped parameter $activity_sql used in $wpdb->get_results($activity_sql)\n$activity_sql assigned unsafely at line 113:\n $activity_sql = $wpdb->prepare( "SELECT *, max(privacy) as max_privacy FROM {$rtmedia_model->table_name} WHERE activity_id > %d AND activity_id is NOT NULL GROUP BY activity_id ORDER BY id limit %d", $lastid, $limit )
Unescaped parameter $activity_sql used in $wpdb->get_results($activity_sql)\n$activity_sql assigned unsafely at line 854:\n $activity_sql = $wpdb->prepare(\n\t\t\t\t"SELECT *\n\t\t\t\tFROM {$bp_prefix}bp_activity\n\t\t\t\tWHERE id IN (\n\t\t\t\t\tSELECT DISTINCT a.meta_value\n\t\t\t\t\tFROM $wpdb->postmeta a\n\t\t\t\t\tLEFT JOIN $wpdb->posts p ON a.post_id = p.ID\n\t\t\t\t\tWHERE (NOT p.ID IS NULL)\n\t\t\t\t\tAND p.ID = %d\n\t\t\t\t\tAND a.meta_key = %s\n\t\t\t\t)",\n\t\t\t\t$media_id,\n\t\t\t\t'bp_media_child_activity'\n\t\t\t)\n$bp_prefix assigned unsafely at line 771:\n $bp_prefix = bp_core_get_table_prefix()
Unescaped parameter $activity_table used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t\t\t"SELECT activity.id FROM {$activity_table} AS activity INNER JOIN {$table} AS album ON ( activity.item_id = album.id ) WHERE activity.item_id = %d AND activity.component = %s AND activity.type = %s", \t\t\t\t\t\t$bp_album_item->id,\n\t\t\t\t\t\t'album',\n\t\t\t\t\t\t'bp_album_picture'\n\t\t\t\t\t))\n$activity_table assigned unsafely at line 434:\n $activity_table = $wpdb->base_prefix . 'bp_activity'\n$table assigned unsafely at line 433:\n $table = $wpdb->base_prefix . 'bp_album'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $activity_table used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t\t\t"SELECT id FROM {$activity_table} WHERE item_id = %d AND component = %s AND type = %s AND secondary_item_id = 0", \t\t\t\t\t\t$imported_media_id,\n\t\t\t\t\t\t'activity',\n\t\t\t\t\t\t'activity_update'\n\t\t\t\t\t))\n$activity_table assigned unsafely at line 434:\n $activity_table = $wpdb->base_prefix . 'bp_activity'
Unescaped parameter $activity_table used in $wpdb->get_var("SELECT SUM( b.count ) AS total\n FROM (\n SELECT (\n SELECT COUNT( a.id )\n FROM {$activity_table} a\n WHERE a.item_id = activity.id\n AND a.component = 'activity'\n AND a.type = 'activity_comment'\n ) AS count\n FROM {$activity_table} AS activity\n INNER JOIN {$bp_album_table} AS album ON ( album.id = activity.item_id )\n WHERE activity.component = 'album'\n AND activity.type = 'bp_album_picture'\n AND album.import_status =0\n )b")\n$activity_table assigned unsafely at line 283:\n $activity_table = $wpdb->base_prefix . 'bp_activity'\n$bp_album_table assigned unsafely at line 282:\n $bp_album_table = $wpdb->base_prefix . 'bp_album'