Unescaped parameter $blog_default_cat used in $wpdb->get_var("SELECT term_taxonomy_id FROM {$wpdb->term_taxonomy} \n WHERE term_id='{$blog_default_cat}' AND taxonomy='category'")\n$blog_default_cat assigned unsafely at line 908:\n $blog_default_cat = get_option( 'default_category' )
Unescaped parameter $processed_posts used in $wpdb->get_col("\n SELECT ID FROM {$wpdb->posts} p \n WHERE ID NOT IN(" . join( ',', $processed_posts ) . ") AND ( post_title LIKE '[:%' OR post_title LIKE '<!--:%' OR post_content LIKE '[:%' OR post_content LIKE '<!--:%' )\n LIMIT 1\n ")\n$processed_posts assigned unsafely at line 713:\n $processed_posts[] = $post_id\n$post_id used without escaping.
Unescaped parameter $ptypes used in $wpdb->get_results("SELECT * FROM {$wpdb->posts} WHERE post_type IN ('" . join( "','", $ptypes ) . "')")\n$ptypes assigned unsafely at line 1113:\n $ptypes = array_keys( $sitepress->get_translatable_documents() )\n$sitepress used without escaping.
Unescaped parameter $this->utils used in $wpdb->get_results("\n SELECT x.term_id, x.term_taxonomy_id, x.taxonomy, x.parent\n FROM {$wpdb->term_taxonomy} x\n JOIN {$wpdb->prefix}icl_translations t ON x.term_taxonomy_id = t.element_id\n WHERE t.element_type LIKE 'tax\\_%'\n AND t.language_code = '" . $this->utils->_lang_map( $this->qt_default_language ) . "'\n AND x.parent > 0\n ")
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $this->wpdb->comments used in $wpdb->get_col($this->wpdb->prepare( "SELECT comment_ID FROM {$this->wpdb->comments} WHERE comment_post_ID = %d", $post['ID'] ))