ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $query used in $wpdb->get_results($query . ' ORDER BY clickdate DESC LIMIT ' . $offset . ', ' . $items_per_page)\n$query assigned unsafely at line 16:\n $query = 'SELECT * FROM ' . $table_name

Unescaped parameter $sql used in $wpdb->get_row($sql)\n$sql assigned unsafely at line 13:\n $sql = "select * from $table_name where clickdate = '$today' order by clickdate desc limit 1 "\n$table_name assigned unsafely at line 12:\n $table_name = $wpdb->prefix . 'chatzalosw'\n$today assigned unsafely at line 9:\n $today = date("Y-m-d")

Unescaped parameter $sqlc used in $wpdb->get_var($sqlc)\n$sqlc assigned unsafely at line 21:\n $sqlc = "select sum(click) from $table_name"

Unescaped parameter $table_name used in $wpdb->query("DROP TABLE IF EXISTS $table_name")\n$table_name assigned unsafely at line 5:\n $table_name = $wpdb->prefix . 'chatzalosw'

Unescaped parameter $total_query used in $wpdb->get_var($total_query)\n$total_query assigned unsafely at line 18:\n $total_query = "SELECT COUNT(1) FROM (${query}) AS combined_table"\n$query assigned unsafely at line 16:\n $query = 'SELECT * FROM ' . $table_name

Affected Plugins

Plugins that have instances of this rule violation

Contact Zalo Report SW

button-chat-zalo-report-sw

issues

installs

F4 Total Stock Value for WooCommerce

f4-total-stock-value-for-woocommerce

issues

installs