Unescaped parameter $table_name used in $wpdb->get_row($wpdb->prepare( "SELECT * FROM $table_name WHERE id = %s", $id ))\n$table_name assigned unsafely at line 62:\n $table_name = $wpdb->prefix . 'core_framework_presets'\n$row assigned unsafely at line 63:\n $row = $wpdb->get_row(\n\t\t\t$wpdb->prepare( "SELECT * FROM $table_name WHERE id = %s", $id )\n\t\t)\n$id assigned unsafely at line 61:\n $id = $options['selected_id']\n$options['selected_id'] used without escaping.
Unescaped parameter $table_name used in $wpdb->get_row($wpdb->prepare( "SELECT * FROM $table_name WHERE id = %s", $id ))\n$table_name assigned unsafely at line 786:\n $table_name = $wpdb->prefix . 'core_framework_presets'\n$row assigned unsafely at line 787:\n $row = $wpdb->get_row(\n\t\t\t$wpdb->prepare( "SELECT * FROM $table_name WHERE id = %s", $id )\n\t\t)\n$id assigned unsafely at line 783:\n $id = $request->get_param( 'id' ) ?? ''\n$request used without escaping.
Unescaped parameter $table_name used in $wpdb->get_var($wpdb->prepare( "SELECT id FROM $table_name WHERE id = %s", $id ))\n$table_name assigned unsafely at line 578:\n $table_name = $wpdb->prefix . 'core_framework_presets'\n$target_table assigned unsafely at line 579:\n $target_table = $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table_name ) )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name used in $wpdb->get_var($wpdb->prepare( "SELECT id FROM $table_name WHERE id = %s", $preset_id ))\n$table_name assigned unsafely at line 1388:\n $table_name = $wpdb->prefix . 'core_framework_presets'\n$target_table assigned unsafely at line 1389:\n $target_table = $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table_name ) )