ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

10K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 342:\n $sql = 'SELECT * FROM ' . $t. ' LIMIT '.$o.',50;'\n$t used without escaping.

Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 366:\n $sql = 'UPDATE ' . $t . ' SET ' . implode( ',', $sets ) . ' WHERE `' . $id . '`=' . $row[ $id ] . ' LIMIT 1;'\n$t used without escaping.\n$sets assigned unsafely at line 360:\n $sets[] = '`' . $k . '`="' . esc_sql( $v ) . '"'\n$id assigned unsafely at line 327:\n $id = $row['Column_name']\n$row[$id] used without escaping.\n$k assigned unsafely at line 351:\n $k => \n$v assigned unsafely at line 356:\n $v = $this->processValue( $v, $old, $new, $forceProtocol )\n$row['Column_name'] used without escaping.\n$ov assigned unsafely at line 353:\n $ov = $v\n$old used without escaping.\n$new used without escaping.\n$forceProtocol used without escaping.

Unescaped parameter $t used in $wpdb->get_results('SELECT * FROM ' . $t . ' LIMIT ' . $o . ',50;')\n$t used without escaping.

Unescaped parameter $t used in $wpdb->get_results('SELECT * FROM ' . $t . ' LIMIT '.$o.',50;')\n$t used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Automatic Domain Changer

automatic-domain-changer

issues

10K

installs