Unescaped parameter $_GET['sql-table'] used in $wpdb->get_row($wpdb->prepare(\n\t\t\t'SELECT * FROM ' . $_GET['sql-table'] . ' WHERE ' . $_GET['sql-primary-column'] . ' = %d LIMIT 1', \t\t\t$_GET['sql-primary-key']\n\t\t))\n$_GET['sql-table'] used without escaping.
Unescaped parameter $_GET['sql-table'] used in $wpdb->get_row($wpdb->prepare(\n\t\t\t'SELECT * FROM ' . $_GET['sql-table'] . ' WHERE ' . $_GET['sql-primary-column'] . ' = %s LIMIT 1', \t\t\t$_GET['sql-primary-key']\n\t\t))\n$_GET['sql-table'] used without escaping.
Unescaped parameter $allowed_protected_keys_sql used in $wpdb->get_col($wpdb->prepare(\n\t\t\t\t"SELECT DISTINCT meta_key\n\t\t\t\t\tFROM {$wpdb->postmeta}\n\t\t\t\t\tWHERE meta_key NOT LIKE %s {$allowed_protected_keys_sql}\n\t\t\t\t\tLIMIT 800",\n\t\t\t\t'\_%',\n\t\t\t\t...$allowed_protected_keys\n\t\t\t))\n$allowed_protected_keys_sql assigned unsafely at line 2711:\n $allowed_protected_keys_sql = ''\n$allowed_protected_keys assigned unsafely at line 2710:\n $allowed_protected_keys = apply_filters( 'ep_prepare_meta_allowed_protected_keys', [], new \\WP_Post( (object) [] ) )
Affected Plugins
Plugins that have instances of this rule violation