Unescaped parameter $extra_checks used in $wpdb->get_results("SELECT DISTINCT YEAR( shipment_date_created ) AS year, MONTH( shipment_date_created ) AS month FROM $wpdb->stc_shipments WHERE 1=1 $extra_checks ORDER BY shipment_date_created DESC")\n$extra_checks assigned unsafely at line 513:\n $extra_checks = "AND shipment_status != 'auto-draft'"\n$_GET['shipment_status'] used without escaping.
Unescaped parameter $found_labels_query used in $wpdb->get_var($found_labels_query)
Unescaped parameter $found_shipments_query used in $wpdb->get_var($found_shipments_query)
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 618:\n $query = $wpdb->prepare( $query_sql, $length, $length, $width, $width, $height, $height, $weight, $threshold, $threshold, $threshold )\n$query_sql assigned unsafely at line 595:\n $query_sql = "SELECT \n\t\t\t\t\tpackaging_id,\n\t\t\t\t\tCASE\n \t\tWHEN packaging_inner_length > 0\n \t\t\tTHEN (packaging_inner_length - %f)\n \t\tELSE (packaging_length - %f)\n END as length_diff,\n \t\t\t\tCASE\n \t\tWHEN packaging_inner_width > 0\n \t\t\tTHEN (packaging_inner_width - %f)\n \t\tELSE (packaging_width - %f)\n END as width_diff,\n \t\t\t\tCASE\n \t\tWHEN packaging_inner_height > 0\n \t\t\tTHEN (packaging_inner_height - %f)\n \t\tELSE (packaging_height - %f)\n END as height_diff\n\t\t\t\t\tFROM {$wpdb->stc_packaging} \n\t\t\t\t\tWHERE ( packaging_max_content_weight = 0 OR packaging_max_content_weight >= %f ) AND packaging_type IN ( '" . implode( "','", $types ) . "' )\n\t\t\t\t\tHAVING length_diff >= %f AND width_diff >= %f AND height_diff >= %f\n\t\t\t\t\tORDER BY (length_diff+width_diff+height_diff) ASC, packaging_weight ASC, packaging_order ASC\n\t\t\t\t"\n$types assigned unsafely at line 592:\n $types = array_keys( wc_stc_get_packaging_types() )