Unescaped parameter $_instance->_tb used in $wpdb->get_results($wpdb->prepare(\n\t\t\t\t'SELECT url FROM `' . $_instance->_tb . '` WHERE dateline < %d ORDER BY id DESC LIMIT %d', \t\t\t\ttime() - $_instance->_conf_cache_ttl,\n\t\t\t\t(int) apply_filters( 'litespeed_avatar_limit', 30 )\n\t\t\t))\n$_instance->_tb used without escaping.
Unescaped parameter $actions_table used in $wpdb->query($wpdb->prepare( "UPDATE {$actions_table} SET group_id=%d WHERE group_id=%d OR group_id=%d", $rank_math_group_id, $workflow_group_id, $inspections_group_id ))\n$actions_table assigned unsafely at line 46:\n $actions_table = $wpdb->prefix . 'actionscheduler_actions'\n$rank_math_group_id assigned unsafely at line 38:\n $rank_math_group_id = rank_math_1_0_98_as_get_group_id( 'rank-math' )\n$workflow_group_id assigned unsafely at line 36:\n $workflow_group_id = rank_math_1_0_98_as_get_group_id( 'workflow' )\n$inspections_group_id assigned unsafely at line 37:\n $inspections_group_id = rank_math_1_0_98_as_get_group_id( 'rank_math/analytics/get_inspections_data' )
Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT DISTINCT YEAR( date_updated ) AS year, MONTH( date_updated ) AS month FROM {$wpdb->ahrefs_content} as c, {$wpdb->posts} as p WHERE snapshot_id = %d AND taxonomy = '' AND c.post_id = p.ID $additional_where ORDER BY date_updated DESC", $snapshot_id ))\n$additional_where assigned unsafely at line 66:\n $additional_where = implode( ' ', $additional_where )\n$additional_where assigned unsafely at line 57:\n $additional_where = [ 'AND ( p.post_type IN (' . Ahrefs_Seo_Data_Content::get_allowed_post_types_for_where() . ') )' ]
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT DISTINCT YEAR( date_updated ) AS year, MONTH( date_updated ) AS month FROM {$wpdb->ahrefs_content} as c, {$wpdb->posts} as p WHERE snapshot_id = %d AND taxonomy = '' AND c.post_id = p.ID {$additional_where} ORDER BY date_updated DESC", $snapshot_id ))\n$additional_where assigned unsafely at line 60:\n $additional_where = implode( ' ', $additional_where )\n$additional_where assigned unsafely at line 55:\n $additional_where = [ 'AND ( p.post_type IN (' . Ahrefs_Seo_Data_Content::get_allowed_post_types_for_where() . ') )' ]
Unescaped parameter $additional_where used in $wpdb->get_results($wpdb->prepare( "SELECT c.post_id as post_id, c.title as title, p.post_author as author, p.post_type as post_type, date(c.date_updated) as created, c.total_month as 'total', c.organic_month as 'organic', c.backlinks, c.refdomains, c.position, c.keyword, c.kw_low, kw_source, c.is_approved_keyword, c.action, c.badge, c.taxonomy as taxonomy, c.last_well_date FROM {$wpdb->ahrefs_content} c LEFT JOIN {$wpdb->posts} p ON c.post_id = p.ID AND c.taxonomy = '' WHERE snapshot_id = %d $additional_where ORDER BY post_id, taxonomy", $snapshot_id ))\n$additional_where assigned unsafely at line 976:\n $additional_where = $this->status_to_action_clause( $tab )\n$tab used without escaping.