Unescaped parameter $GLOBALS['table_prefix'] used in $wpdb->get_results("SHOW TABLES LIKE '".$GLOBALS['table_prefix']."%'")\n$GLOBALS['table_prefix'] used without escaping.
Unescaped parameter $newPrefix used in $wpdb->query("UPDATE {$newPrefix}options SET option_name='{$newPrefix}user_roles' WHERE option_name='{$oldPrefix}user_roles';")\n$newPrefix used without escaping.\n$oldPrefix used without escaping.
Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 126:\n $query = 'update '.$newPrefix.'usermeta set meta_key = CONCAT(replace(left(meta_key, ' . strlen($oldPrefix) . "), '{$oldPrefix}', '{$newPrefix}'), SUBSTR(meta_key, " . (strlen($oldPrefix) + 1) . ")) where meta_key in ('{$oldPrefix}autosave_draft_ids', '{$oldPrefix}capabilities', '{$oldPrefix}metaboxorder_post', '{$oldPrefix}user_level', '{$oldPrefix}usersettings','{$oldPrefix}usersettingstime', '{$oldPrefix}user-settings', '{$oldPrefix}user-settings-time', '{$oldPrefix}dashboard_quick_press_last_post_id')"\n$newPrefix used without escaping.\n$oldPrefix used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $tableOldName used in $wpdb->query("RENAME TABLE `{$tableOldName}` TO `{$tableNewName}`")\n$tableOldName assigned unsafely at line 93:\n $tableOldName = $table[0]\n$tableNewName assigned unsafely at line 98:\n $tableNewName = substr_replace($tableOldName, $newPrefix, 0, strlen($currentPrefix))\n$newPrefix used without escaping.\n$currentPrefix used without escaping.