ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $currentTime used in $wpdb->query("DELETE FROM {$mypos_table} WHERE expired_time + 86400 < {$currentTime}")\n$currentTime assigned unsafely at line 964:\n $currentTime = $currentDate->getTimestamp()\n$currentDate assigned unsafely at line 963:\n $currentDate = new DateTime()

Unescaped parameter $currentTime used in $wpdb->query("DELETE FROM {$mypos_table} WHERE expired_time < {$currentTime}")\n$currentTime assigned unsafely at line 964:\n $currentTime = $currentDate->getTimestamp()\n$currentDate assigned unsafely at line 963:\n $currentDate = new DateTime()

Unescaped parameter $currentTime used in $wpdb->query("UPDATE {$mypos_table} SET last_check = {$currentTime} WHERE order_id IN ({$ordersRaw})")\n$currentTime assigned unsafely at line 964:\n $currentTime = $currentDate->getTimestamp()\n$ordersRaw assigned unsafely at line 977:\n $ordersRaw = implode(',', array_map(function ($order) {\r\n\t\t\t\t\treturn $order->order_id;\r\n\t\t\t\t}, $orders))\n$currentDate assigned unsafely at line 963:\n $currentDate = new DateTime()

Unescaped parameter $item['data'] used in $wpdb->get_results("SELECT * FROM wp_mypos_upsells WHERE base_products LIKE '%i:" . $item['data']->get_id() . ";%'")\n$item['data'] used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

myPOS Checkout for WooCommerce

mypos-virtual-for-woocommerce

issues

installs