Unescaped parameter $blog_table used in $wpdb->get_results($wpdb->prepare( "SELECT blog_id FROM $blog_table WHERE blog_id != %d", 1 ))
Unescaped parameter $extra_checks used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t"\n\t\t\tSELECT DISTINCT YEAR( post_date ) AS year, MONTH( post_date ) AS month\n\t\t\tFROM $wpdb->posts\n\t\t\tWHERE post_type = %s\n\t\t\t$extra_checks\n\t\t\tORDER BY post_date DESC\n\t\t",\n\t\t\t\t$post_type\n\t\t\t))\n$extra_checks assigned unsafely at line 566:\n $extra_checks .= " AND post_status != 'trash'"\n$extra_checks assigned unsafely at line 564:\n $extra_checks = "AND post_status != 'auto-draft'"\n$_GET['post_status'] used without escaping.
Unescaped parameter $hint_ids used in $wpdb->query("DELETE FROM $pprh_table WHERE id IN ($hint_ids)")\n$hint_ids used without escaping.
Unescaped parameter $hint_ids used in $wpdb->query($wpdb->prepare(\n\t\t\t"UPDATE $pprh_table SET status = %s WHERE id IN ($hint_ids)", $action ))\n$hint_ids used without escaping.
Unescaped parameter $pprh_table used in $wpdb->query("DROP TABLE $pprh_table")\n$pprh_table assigned unsafely at line 13:\n $pprh_table = $wpdb->prefix . 'pprh_table'
Affected Plugins
Plugins that have instances of this rule violation