Unescaped parameter $field used in $wpdb->get_var("SELECT " . $field . " FROM " . $wpdb->prefix . constant('PHOENIX_MEDIA_RENAME_TABLE_NAME'))\n$field used without escaping.
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 295:\n $query = $wpdb->prepare('SELECT extra_info\r\n\t\t\tFROM ' . $table_name . '\r\n\t\t\tWHERE parent = %d\r\n\t\t\tOR attach_id = %d',\r\n\t\t\t$attachment_id, $attachment_id\r\n\t\t\t)\n$table_name assigned unsafely at line 293:\n $table_name = $wpdb->prefix . 'shortpixel_postmeta'\n$attachment_id used without escaping.
Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 115:\n $sql = 'CREATE TABLE IF NOT EXISTS ' . $wpdb->prefix . constant('PHOENIX_MEDIA_RENAME_TABLE_NAME') . ' (\r\n\t\t\t\tID INT NULL DEFAULT 1,\r\n\t\t\t\tbulk_filename_header VARCHAR(250) NULL DEFAULT NULL,\r\n\t\t\t\tbulk_rename_in_progress INT NULL DEFAULT NULL,\r\n\t\t\t\tbulk_rename_from_post_in_progress INT NULL DEFAULT NULL,\r\n\t\t\t\tcurrent_image_index INT NULL DEFAULT NULL\r\n\t\t\t) ' . $charset_collate
Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 73:\n $sql = 'DROP TABLE IF EXISTS ' . $wpdb->prefix . constant('PHOENIX_MEDIA_RENAME_TABLE_NAME')
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $sqlQuery used in $wpdb->query($wpdb->prepare(\r\n\t\t\t\t\t$sqlQuery, $old_filename, $new_filename, $filter\r\n\t\t\t\t))\n$sqlQuery assigned unsafely at line 102:\n $sqlQuery = "UPDATE ". $tablename ." SET image = REPLACE(image, %s, %s) WHERE image LIKE %s"\n$tablename assigned unsafely at line 98:\n $tablename = $wpdb->prefix . 'nextend2_image_storage'\n$tablename assigned unsafely at line 83:\n $tablename = $wpdb->prefix . 'nextend2_smartslider3_slides'