Unescaped parameter $cache_table_name used in $wpdb->query($wpdb->prepare(\n\t\t\t\t"UPDATE $cache_table_name\n\t\t\t\tSET cache_value = ''\n\t\t\t\tWHERE cache_key NOT IN ( 'posts_backup', 'header_backup' )\n\t\t\t\tAND feed_id IN ($feeds_ids_string)\n\t\t\t\t"\n\t\t\t))\n$cache_table_name assigned unsafely at line 82:\n $cache_table_name = $wpdb->prefix . 'sbr_feed_caches'\n$feeds_ids_string assigned unsafely at line 83:\n $feeds_ids_string = "'" . implode('\\', \\'', $feeds_ids) . "'"\n$feeds_ids used without escaping.
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", \t\t\t\t$action_id,\n\t\t\t\tself::POST_TYPE\n\t\t\t))
Unescaped parameter $constraint->TABLE_NAME used in $wpdb->query("\n ALTER TABLE {$constraint->TABLE_NAME} DROP FOREIGN KEY {$constraint->CONSTRAINT_NAME};\n ")\n$constraint->CONSTRAINT_NAME used without escaping.
Unescaped parameter $dbtable used in $wpdb->get_row($wpdb->prepare("SELECT * FROM $dbtable WHERE id = %d", [$widget_id]))\n$dbtable assigned unsafely at line 4024:\n $dbtable = $this->get_widget_tablename()
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $dbtable used in $wpdb->get_row($wpdb->prepare("SELECT * FROM $dbtable WHERE id = %d", [$widget_id]))\n$dbtable assigned unsafely at line 4052:\n $dbtable = $this->get_widget_tablename()