Unescaped parameter $clause used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT COUNT(*) FROM {$wpdb->prefix}wc_orders_meta WHERE {$clause}",\n\t\t\t\t\array_column($where, 1)\n\t\t\t))\n$clause assigned unsafely at line 431:\n $clause = \\implode(' AND ', \\array_map(function($c) {\n\t\t\t\treturn "`{$c[0]}`={$c[2]}";\n\t\t\t}, $where))\n$c used without escaping.
Unescaped parameter $copyPts used in $wpdb->query($copyPts)\n$copyPts assigned unsafely at line 333:\n $copyPts = "UPDATE $thistoric INNER JOIN $tmeta ON $thistoric.user_id=$tmeta.user_id AND $tmeta.meta_key='lws_wr_points' SET new_total=$tmeta.meta_value"\n$thistoric assigned unsafely at line 323:\n $thistoric = $wpdb->base_prefix . 'lws_wr_historic'\n$defaultStackId used without escaping.
Unescaped parameter $icl used in $wpdb->get_col("SHOW TABLES LIKE '{$icl}'")\n$icl assigned unsafely at line 639:\n $icl = $wpdb->prefix . 'icl_strings'\n$template used without escaping.
Unescaped parameter $insert used in $wpdb->query($wpdb->prepare($insert, $args))\n$insert assigned unsafely at line 134:\n $insert = <<<EOT\nINSERT INTO $table (user_id, {$fields})\nSELECT DISTINCT pts.user_id, {$values} FROM {$wpdb->usermeta} as pts WHERE pts.meta_key=%s AND pts.meta_value=''\nEOT\n$table assigned unsafely at line 101:\n $table = self::table()\n$fields assigned unsafely at line 132:\n $fields = implode(', ', $fields)\n$fields assigned unsafely at line 130:\n $fields[] = 'order_id'\n$values assigned unsafely at line 133:\n $values = implode(', ', $values)\n$values assigned unsafely at line 130:\n $values[] = '%d'\n$values[] used without escaping.\n$args[] used without escaping.\n$reason->orderId used without escaping.