Unescaped parameter $column used in $wpdb->get_row($wpdb->prepare(\n\t\t\t\t"SELECT * FROM {$table} WHERE {$column} LIKE %s ORDER BY {$key_column} ASC LIMIT 1",\n\t\t\t\t$key\n\t\t\t))\n$column assigned unsafely at line 262:\n $column = 'meta_key'\n$key_column assigned unsafely at line 263:\n $key_column = 'meta_id'\n$value_column assigned unsafely at line 264:\n $value_column = 'meta_value'\n$key assigned unsafely at line 267:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT COUNT(*) FROM {$table} WHERE {$column} LIKE %s ",\n\t\t\t\t$key\n\t\t\t))\n$column assigned unsafely at line 188:\n $column = 'meta_key'\n$key assigned unsafely at line 191:\n $key = $wpdb->esc_like( $this->identifier . '_batch_' ) . '%'
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 162:\n $query = trim( $query )\n$query assigned unsafely at line 153:\n $query = "\n SELECT ID, post_content\n FROM $wpdb->posts\n WHERE `post_type` IN ({$types})\n AND `post_status` != 'inherit'\n AND `post_status` != 'trash'\n AND `post_content` REGEXP '<img.*>'; \n "\n$types assigned unsafely at line 151:\n $types = implode( ',', $types )\n$types assigned unsafely at line 145:\n $types = array_map( function ( $val ) {\n\t\t\t$val = trim( $val );\n\t\t\t$val = "'$val'";\n\n\t\t\treturn $val;\n\t\t}, $types )\n$val used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->get_var($query)\n$query assigned unsafely at line 162:\n $query = trim( $query )\n$query assigned unsafely at line 156:\n $query = "\n\t\tSELECT post_id FROM {$wpdb->postmeta} \n\t\tWHERE meta_value LIKE '%{$search}%' \n\t\tAND meta_key = '_wp_attachment_metadata' \n\t\tLIMIT 1"\n$search used without escaping.
Unescaped parameter $query used in $wpdb->get_var($wpdb->prepare( $query, $url ))\n$query assigned unsafely at line 132:\n $query = trim( $query )