Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 481:\n $sql = "DROP TABLE IF EXISTS $table_name"\n$table_name assigned unsafely at line 480:\n $table_name = $wpdb->prefix . 'postmark_log'
Unescaped parameter $table used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM $table ORDER BY log_entry_date DESC LIMIT %d OFFSET %d", 10, $_POST['offset'] ))\n$table assigned unsafely at line 162:\n $table = $wpdb->prefix . 'postmark_log'\n$_POST['_wpnonce'] used without escaping.
Unescaped parameter $table used in $wpdb->get_results($wpdb->prepare( "SELECT * FROM $table ORDER BY log_entry_date DESC LIMIT %d", 10 ))\n$table assigned unsafely at line 236:\n $table = $wpdb->prefix . 'postmark_log'\n$count assigned unsafely at line 239:\n $count = $wpdb->get_var( 'SELECT COUNT(*) FROM ' . $table )
Unescaped parameter $table used in $wpdb->get_var('SELECT COUNT(*) FROM ' . $table)\n$table assigned unsafely at line 236:\n $table = $wpdb->prefix . 'postmark_log'\n$count assigned unsafely at line 239:\n $count = $wpdb->get_var( 'SELECT COUNT(*) FROM ' . $table )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name used in $wpdb->get_var($wpdb->prepare(\n\t\t\t"SELECT COUNT(*)\n\t\t\t FROM $table_name\n WHERE BINARY(%s) < BINARY(DATE_SUB(NOW(), INTERVAL %d DAY))",\n\t\t\t'log_entry_date',\n\t\t\t7\n\t\t))\n$table_name assigned unsafely at line 421:\n $table_name = $wpdb->prefix . 'postmark_log'\n$rows_to_delete_count assigned unsafely at line 424:\n $rows_to_delete_count = $wpdb->get_var(\n\t\t$wpdb->prepare(\n\t\t\t"SELECT COUNT(*)\n\t\t\t FROM $table_name\n WHERE BINARY(%s) < BINARY(DATE_SUB(NOW(), INTERVAL %d DAY))",\n\t\t\t'log_entry_date',\n\t\t\t7\n\t\t)\n\t)