ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

508

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $RW_VS_Load_Q_Table used in $wpdb->query($wpdb->prepare("DELETE FROM $RW_VS_Load_Q_Table WHERE RW_VS_ID=%s", $RW_VS_ID))\n$RW_VS_Load_Q_Table assigned unsafely at line 122:\n $RW_VS_Load_Q_Table = $wpdb->prefix . $RW_VS_Query_Tables[$Rich_Web_Effects[0]->slider_Vid_type] . "_loader"\n$RW_VS_ID assigned unsafely at line 112:\n $RW_VS_ID = sanitize_text_field($_POST['foobar'])\nNote: sanitize_text_field() is not a safe escaping function.\n$_POST['foobar'] used without escaping.

Unescaped parameter $charset used in $wpdb->query("ALTER TABLE `{$wpdb->prefix}h5p_contents_libraries` {$charset}")\n$charset assigned unsafely at line 561:\n $charset = self::determine_charset()

Unescaped parameter $charset used in $wpdb->query("ALTER TABLE `{$wpdb->prefix}h5p_contents` {$charset}")\n$charset assigned unsafely at line 561:\n $charset = self::determine_charset()

Unescaped parameter $charset used in $wpdb->query("ALTER TABLE `{$wpdb->prefix}h5p_libraries_languages` {$charset}")\n$charset assigned unsafely at line 561:\n $charset = self::determine_charset()

Affected Plugins

Plugins that have instances of this rule violation

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider