Unescaped parameter $child_table used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t\t'SELECT * FROM `' . $child_table . '` where `' . $child_id_field . '` = %d', \t\t\t\t\t$object_id\n\t\t\t\t))\n$child_table assigned unsafely at line 357:\n $child_table = $wpdb->prefix . $object_type['child_table']\n$object_type['child_table'] used without escaping.
Unescaped parameter $cnt_qry used in $wpdb->get_results($cnt_qry)\n$cnt_qry assigned unsafely at line 1445:\n $cnt_qry = $wpdb->prepare("SELECT count(%s) as %s FROM `".$wpdb->prefix.$table . "`", [$field_prefix.'_id', 'count_'.$field_prefix])
Unescaped parameter $column used in $wpdb->get_results("\n\t\t\t\tSELECT (CHAR_LENGTH({$column})*3) as bytes, `{$id}` as id\n\t\t\t\tFROM {$table}\n\t\t\t\tHAVING bytes IS NOT NULL\n\t\t\t")\n$column assigned unsafely at line 210:\n $column = $data['column']\n$id assigned unsafely at line 211:\n $id = $data['id']\n$data['column'] used without escaping.\n$data['id'] used without escaping.
Unescaped parameter $column used in $wpdb->get_results("\n\t\t\t\tSELECT (CHAR_LENGTH({$column})*3) as bytes, `{$id}` as id\n\t\t\t\tFROM {$table}\n\t\t\t\tHAVING bytes IS NULL\n\t\t\t")\n$column assigned unsafely at line 232:\n $column = $data['column']\n$id assigned unsafely at line 233:\n $id = $data['id']\n$data['column'] used without escaping.\n$data['id'] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", \t\t\t\t$action_id,\n\t\t\t\tself::POST_TYPE\n\t\t\t))