Unescaped parameter $full_table_name used in $wpdb->query("CREATE TABLE IF NOT EXISTS $full_table_name ( $columns ) $table_options;")\n$full_table_name assigned unsafely at line 320:\n $full_table_name = $wpdb->$key\n$columns used without escaping.\n$table_options assigned unsafely at line 341:\n $table_options = $charset_collate . ' ' . $opts['table_options']\n$key used without escaping.\n$charset_collate assigned unsafely at line 331:\n $charset_collate = ''\n$opts['table_options'] used without escaping.
Unescaped parameter $full_table_name used in $wpdb->query("DROP TABLE IF EXISTS $full_table_name;")\n$full_table_name assigned unsafely at line 320:\n $full_table_name = $wpdb->$key\n$key used without escaping.
Unescaped parameter $key used in $wpdb->query("DROP TABLE IF EXISTS " . $wpdb->$key)\n$key used without escaping.
Unescaped parameter $keys used in $wpdb->query("\n\t\t\tDELETE FROM {$wpdb->usermeta}\n\t\t\tWHERE meta_key IN {$keys}\n\t\t")\n$keys assigned unsafely at line 202:\n $keys = '( ' . implode( ', ', $keys ) . ' )'\n$keys assigned unsafely at line 199:\n $keys[] = "'{$option}_{$hook}'"\n$option used without escaping.\n$hook assigned unsafely at line 196:\n $hook = str_replace( '-', '', $this->pagehook )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $postmeta_table_name used in $wpdb->get_results("SELECT * FROM " . $postmeta_table_name . " WHERE post_id = " . $this->id . " AND meta_key LIKE 'field_%'")\n$postmeta_table_name assigned unsafely at line 111:\n $postmeta_table_name = $wpdb->prefix . 'postmeta'\n$fields assigned unsafely at line 114:\n $fields = $wpdb->get_results( "SELECT * FROM " . $postmeta_table_name . " WHERE post_id = " . $this->id . " AND meta_key LIKE 'field_%'" )