UnescapedDBParameter

Unescaped parameter $build_sql used in $wpdb->get_results($build_sql . $order_sql)\n$build_sql assigned unsafely at line 1120:\n $build_sql = $build_sql . ' WHERE ' . $where_statement . $search_statement . $order_sql\n$build_sql assigned unsafely at line 1054:\n $build_sql = "SELECT $this->select FROM `$this->table_name`"\n$where_statement assigned unsafely at line 1100:\n $where_statement .= $key . ' = ' . $sprintf_identifier\n$search_statement assigned unsafely at line 1118:\n $search_statement .= ')'\n$search_statement assigned unsafely at line 1115:\n $search_statement .= " $key LIKE '%%%s%%' "\n$key assigned unsafely at line 1106:\n $key => \n$value used without escaping.

Unescaped parameter $default_statement used in $wpdb->get_results($default_statement)\n$default_statement assigned unsafely at line 1027:\n $default_statement = "SELECT * FROM {$this->table_name} ORDER BY {$this->order_by} {$this->order} LIMIT {$this->limit} OFFSET {$this->offset}"

Unescaped parameter $names used in $wpdb->query("DELETE FROM $wpdb->options WHERE option_name IN ('{$names}')")\n$names assigned unsafely at line 101:\n $names = implode( "','", $expired )\n$expired assigned unsafely at line 93:\n $expired[] = "_wp_session_{$session_id}"\n$session_id assigned unsafely at line 90:\n $session_id = addslashes( substr( $key, 20 ) )\nNote: addslashes() is not a safe escaping function.\n$key assigned unsafely at line 86:\n $key = $expiration->option_name\n$expiration->option_name used without escaping.