Unescaped parameter $actions_table used in $wpdb->query($wpdb->prepare( "UPDATE {$actions_table} SET group_id=%d WHERE group_id=%d OR group_id=%d", $rank_math_group_id, $workflow_group_id, $inspections_group_id ))\n$actions_table assigned unsafely at line 46:\n $actions_table = $wpdb->prefix . 'actionscheduler_actions'\n$rank_math_group_id assigned unsafely at line 38:\n $rank_math_group_id = rank_math_1_0_98_as_get_group_id( 'rank-math' )\n$workflow_group_id assigned unsafely at line 36:\n $workflow_group_id = rank_math_1_0_98_as_get_group_id( 'workflow' )\n$inspections_group_id assigned unsafely at line 37:\n $inspections_group_id = rank_math_1_0_98_as_get_group_id( 'rank_math/analytics/get_inspections_data' )
Unescaped parameter $build_sql used in $wpdb->get_results($build_sql . $order_sql)\n$build_sql assigned unsafely at line 1120:\n $build_sql = $build_sql . ' WHERE ' . $where_statement . $search_statement . $order_sql\n$build_sql assigned unsafely at line 1054:\n $build_sql = "SELECT $this->select FROM `$this->table_name`"\n$where_statement assigned unsafely at line 1100:\n $where_statement .= $key . ' = ' . $sprintf_identifier\n$search_statement assigned unsafely at line 1118:\n $search_statement .= ')'\n$search_statement assigned unsafely at line 1115:\n $search_statement .= " $key LIKE '%%%s%%' "\n$key assigned unsafely at line 1106:\n $key => \n$value used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column used in $wpdb->get_var($wpdb->prepare( "SELECT $column FROM {$wpdb->prefix}aioseo_posts WHERE post_id = %d", $post->ID ))\n$column assigned unsafely at line 109:\n $column = $type === 'twitter' ? 'twitter_image_url' : 'og_image_url'\n$post->ID used without escaping.
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", \t\t\t\t$action_id,\n\t\t\t\tself::POST_TYPE\n\t\t\t))
Unescaped parameter $days used in $wpdb->query("DELETE FROM {$wpdb->slim_seo_404} WHERE updated_at < NOW() - INTERVAL {$days} DAY")\n$days used without escaping.