Unescaped parameter $from_post->ID used in $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->postmeta WHERE post_id=$from_post->ID")\n$from_post->ID used without escaping.
Unescaped parameter $query used in $wpdb->get_var($query)\n$query assigned unsafely at line 109:\n $query = $wpdb->prepare("\n\t\t\t\t\tSELECT p.ID FROM $wpdb->posts AS p\n\t\t\t\t\tWHERE\n\t\t\t\t\tp.post_type = %s\n\t\t\t\t\tAND (\n\t\t\t\t\t\tp.post_date $op %s\n\t\t\t\t\t\tOR\n\t\t\t\t\t\t(p.post_date = %s AND p.ID $op %s)\n\t\t\t\t\t)\n\t\t\t\t\tAND (p.post_status NOT IN ('" . implode( "','", $exclude_states ) . "'))\n\t\t\t\t\t$additionnal_where\n\t\t\t\t\tORDER BY p.post_date $order, p.ID $order LIMIT 1\n\t\t\t\t",\n\t\t\t\t $post->post_type, $post->post_date, $post->post_date, $post->ID\n\t\t\t)\n$additionnal_where assigned unsafely at line 102:\n $additionnal_where .= ' AND post_author = \\'' . get_current_user_id() . '\\''
Unescaped parameter $sql_query used in $wpdb->query($sql_query)\n$sql_query assigned unsafely at line 181:\n $sql_query.= implode(" UNION ALL ", $sql_query_sel)\n$sql_query_sel assigned unsafely at line 179:\n $sql_query_sel[]= "SELECT $to_post->ID, '$meta_key', '$meta_value'"\n$to_post->ID used without escaping.\n$meta_key assigned unsafely at line 177:\n $meta_key = $meta_info->meta_key\nNote: addslashes() is not a safe escaping function.\n$meta_value assigned unsafely at line 178:\n $meta_value = addslashes( $meta_info->meta_value )\n$meta_info->meta_key used without escaping.\n$meta_info->meta_value used without escaping.
Affected Plugins
Plugins that have instances of this rule violation