Unescaped parameter $apmeta_to_delete used in $wpdb->query("DELETE FROM {$wpdb->prefix}ap_meta WHERE apmeta_id IN ({$apmeta_to_delete})")\n$apmeta_to_delete assigned unsafely at line 299:\n $apmeta_to_delete = sanitize_comma_delimited( $apmeta_to_delete, 'int' )\n$apmeta_to_delete assigned unsafely at line 292:\n $apmeta_to_delete[] = $rep->apmeta_id\n$rep->apmeta_id used without escaping.
Unescaped parameter $column used in $wpdb->get_row($wpdb->prepare( "SELECT * FROM {$wpdb->ap_activity} WHERE activity_{$column} = %d$q_where ORDER BY activity_date DESC LIMIT 1", $_post->ID ))\n$column assigned unsafely at line 160:\n $column = 'answer' === $type ? 'a_id' : 'q_id'\n$q_where assigned unsafely at line 165:\n $q_where = " AND (activity_a_id = 0 OR activity_action IN('new_a', 'unselected','selected') )"\n$q_where assigned unsafely at line 162:\n $q_where = ''\n$activity assigned unsafely at line 168:\n $activity = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->ap_activity} WHERE activity_{$column} = %d$q_where ORDER BY activity_date DESC LIMIT 1", $_post->ID ) )\n$_post->ID used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $event_query used in $wpdb->get_var("SELECT count(*) FROM {$wpdb->ap_subscribers} WHERE 1=1 {$event_query} {$ref_query}")\n$event_query assigned unsafely at line 121:\n $event_query = ''\n$ref_query assigned unsafely at line 115:\n $ref_query = ''\n$event used without escaping.\n$ref_id used without escaping.
Unescaped parameter $id used in $wpdb->query("DELETE FROM {$wpdb->prefix}ap_meta WHERE apmeta_type = 'post_view' AND apmeta_actionid = {$id}")\n$id used without escaping.
Unescaped parameter $ids used in $wpdb->get_results("SELECT * FROM {$wpdb->posts} WHERE ID in ({$ids})")\n$ids assigned unsafely at line 719:\n $ids = array_merge( $this->ids['post'], $this->ids['answer'], $this->ids['question'] )