Unescaped parameter $__in used in $wpdb->get_results("SELECT id, type, timestamp FROM " . SWIFT_PERFORMANCE_TABLE_PREFIX . "warmup WHERE id IN ({$__in})")\n$__in assigned unsafely at line 460:\n $__in = trim($__in, ',')\n$__in assigned unsafely at line 458:\n $__in .= "'" . esc_sql($id) . "',"\n$__in assigned unsafely at line 456:\n $__in = ''\n$id used without escaping.
Unescaped parameter $_instance->_tb used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t'SELECT url FROM `' . $_instance->_tb . '` WHERE dateline < %d ORDER BY id DESC LIMIT %d', \t\t\t\ttime() - $_instance->_conf_cache_ttl,\n\t\t\t\t(int) apply_filters( 'litespeed_avatar_limit', 30 )\n\t\t\t))\n$_instance->_tb used without escaping.
Unescaped parameter $allowed_protected_keys_sql used in $wpdb->get_col($wpdb->prepare(\n\t\t\t\t"SELECT DISTINCT meta_key\n\t\t\t\t\tFROM {$wpdb->postmeta}\n\t\t\t\t\tWHERE meta_key NOT LIKE %s {$allowed_protected_keys_sql}\n\t\t\t\t\tLIMIT 800",\n\t\t\t\t'\_%',\n\t\t\t\t...$allowed_protected_keys\n\t\t\t))\n$allowed_protected_keys_sql assigned unsafely at line 2711:\n $allowed_protected_keys_sql = ''\n$allowed_protected_keys assigned unsafely at line 2710:\n $allowed_protected_keys = apply_filters( 'ep_prepare_meta_allowed_protected_keys', [], new \\WP_Post( (object) [] ) )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $attachmentID used in $wpdb->get_var("SELECT posts.guid FROM {$wpdb->posts} posts WHERE posts.ID='" . $attachmentID . "'")\n$attachmentID used without escaping.
Unescaped parameter $auto_draft_date used in $wpdb->get_var("SELECT COUNT(ID) FROM $wpdb->posts WHERE post_status = 'auto-draft'" . $auto_draft_date)\n$auto_draft_date assigned unsafely at line 371:\n $auto_draft_date \t\t= aDBc_get_keep_last_sql_arg('auto-draft','post_modified')