Unescaped parameter $query used in $wpdb->get_col($wpdb->prepare( $query, $product_id, $group_name ))\n$query assigned unsafely at line 28:\n $query .= ' AND ( `groups` LIKE %s )'\n$group_name assigned unsafely at line 30:\n $group_name = '%' . $wpdb->esc_like( $group ) . '%'\n$group used without escaping.
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 115:\n $query = $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}woocommerce_ir_sms_contacts ORDER BY $orderby $order LIMIT %d OFFSET %d", $per_page, $offset )\n$orderby assigned unsafely at line 112:\n $orderby = ! empty( $_REQUEST['orderby'] ) ? esc_sql( $_REQUEST['orderby'] ) : 'mobile'\n$order assigned unsafely at line 113:\n $order = ! empty( $_REQUEST['order'] ) ? esc_sql( $_REQUEST['order'] ) : 'asc'\n$per_page used without escaping.\n$offset used without escaping.
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 291:\n $query = $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}woocommerce_ir_sms_archive ORDER BY $orderby $order LIMIT %d OFFSET %d", $per_page, $offset )\n$orderby assigned unsafely at line 288:\n $orderby = ! empty( $_GET['orderby'] ) ? sanitize_key( $_GET['orderby'] ) : 'date'\nNote: sanitize_key() is not a safe escaping function.\n$order assigned unsafely at line 289:\n $order = ! empty( $_GET['order'] ) ? sanitize_key( $_GET['order'] ) : 'desc'\n$_GET['orderby'] used without escaping.\n$_GET['order'] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 355:\n $query = $this->get_query()
Unescaped parameter $sql used in $wpdb->get_row($sql)\n$sql assigned unsafely at line 167:\n $sql = $wpdb->prepare(\n\t\t\t"SELECT \n\t\t\t\tCOUNT(ID) as total,\n\t\t\t\tSUM(IF(meta.meta_value LIKE %s, 1, 0)) as synced,\n\t\t\t\tSUM(IF(meta.meta_value IS NULL, 1, 0)) as notSynced,\n\t\t\t\tSUM(IF(meta.meta_value = %s, 1, 0)) as skipped,\n\t\t\t\tSUM(IF(meta.meta_value = %s, 1, 0)) as error\n\t\t\tFROM $wpdb->posts AS post\n\t\t\tLEFT JOIN $wpdb->postmeta AS meta ON meta.post_id = post.ID AND meta.meta_key = %s\n\t\t\tWHERE " .\n\t\t\t\t// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared\n\t\t\t\t$this->build_where_sql_for_posts( $post_type, $post_status )\n\t\t\t\t. "\n\t\t\tGROUP by '1';\n\t\t\t",\n\t\t\t'20%',\n\t\t\tOmnisend_Sync::STATUS_SKIPPED,\n\t\t\tOmnisend_Sync::STATUS_ERROR,\n\t\t\tOmnisend_Sync::FIELD_NAME\n\t\t)\n$post_type used without escaping.\n$post_status used without escaping.
Texty – SMS Notification for WordPress, WooCommerce, Dokan and more