Unescaped parameter $field used in $wpdb->get_var("SELECT DATE_ADD(`post_{$field}_gmt`, INTERVAL '$sec' SECOND) FROM `$wpdb->posts` WHERE $where ORDER BY `post_{$field}_gmt` $order LIMIT 1")\n$field used without escaping.\n$where assigned unsafely at line 107:\n $where .= " AND $week=$w"\n$order assigned unsafely at line 111:\n $order = ( 'last' === $which ) ? 'DESC' : 'ASC'\n$week assigned unsafely at line 106:\n $week = _wp_mysql_week( 'post_date' )\n$w used without escaping.\n$timezone assigned unsafely at line 53:\n $timezone = strtolower( $timezone )\n$date assigned unsafely at line 131:\n $date = $wpdb->get_var( "SELECT DATE_ADD(`post_{$field}_gmt`, INTERVAL '$sec' SECOND) FROM `$wpdb->posts` WHERE $where ORDER BY `post_{$field}_gmt` $order LIMIT 1" )
Unescaped parameter $field used in $wpdb->get_var("SELECT `post_{$field}_gmt` FROM `$wpdb->posts` WHERE $where ORDER BY `post_{$field}_gmt` $order LIMIT 1")\n$field used without escaping.\n$where assigned unsafely at line 107:\n $where .= " AND $week=$w"\n$order assigned unsafely at line 111:\n $order = ( 'last' === $which ) ? 'DESC' : 'ASC'\n$week assigned unsafely at line 106:\n $week = _wp_mysql_week( 'post_date' )\n$w used without escaping.\n$timezone assigned unsafely at line 53:\n $timezone = strtolower( $timezone )\n$date assigned unsafely at line 122:\n $date = $wpdb->get_var( "SELECT `post_{$field}_gmt` FROM `$wpdb->posts` WHERE $where ORDER BY `post_{$field}_gmt` $order LIMIT 1" )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $field used in $wpdb->get_var("SELECT `post_{$field}` FROM `$wpdb->posts` WHERE $where ORDER BY `post_{$field}` $order LIMIT 1")\n$field used without escaping.\n$where assigned unsafely at line 107:\n $where .= " AND $week=$w"\n$order assigned unsafely at line 111:\n $order = ( 'last' === $which ) ? 'DESC' : 'ASC'\n$week assigned unsafely at line 106:\n $week = _wp_mysql_week( 'post_date' )\n$w used without escaping.\n$timezone assigned unsafely at line 53:\n $timezone = strtolower( $timezone )\n$date assigned unsafely at line 126:\n $date = $wpdb->get_var( "SELECT `post_{$field}` FROM `$wpdb->posts` WHERE $where ORDER BY `post_{$field}` $order LIMIT 1" )
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql used without escaping.
Unescaped parameter $table used in $wpdb->query("DROP TABLE $table;")\n$table assigned unsafely at line 7:\n $table = $wpdb->prefix . '410_links'