Unescaped parameter $new_table used in $wpdb->query("CREATE TABLE `{$new_table}` LIKE `{$table_name}`")\n$new_table assigned unsafely at line 103:\n $new_table=$this->str_replace_first($wpdb->prefix,$snapshot_id,$table_name)\n$snapshot_id assigned unsafely at line 58:\n $snapshot_id = 'wp'.$snapshot_id\n$snapshot_id assigned unsafely at line 57:\n $snapshot_id=$this->create_snapshot_uid()
Unescaped parameter $new_table used in $wpdb->query("CREATE TABLE `{$new_table}` LIKE `{$table_name}`")\n$new_table assigned unsafely at line 162:\n $new_table=$this->str_replace_first($wpdb->prefix,$snapshot_id,$table_name)\n$table_name assigned unsafely at line 157:\n $table_name=>\n$snapshot_id assigned unsafely at line 150:\n $snapshot_id=$ret['snapshot_id']\n$snapshot_table used without escaping.\n$snapshot_table['finished'] used without escaping.\n$ret['snapshot_id'] used without escaping.
Unescaped parameter $new_table used in $wpdb->query("CREATE TABLE `{$new_table}` LIKE `{$table_name}`")\n$new_table assigned unsafely at line 369:\n $new_table=$this->str_replace_first($snapshot_id,$wpdb->prefix,$table_name)\n$table_name assigned unsafely at line 367:\n $table_name=>\n$snapshot_id used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $new_table used in $wpdb->query("DROP TABLE IF EXISTS `{$new_table}`")\n$new_table assigned unsafely at line 103:\n $new_table=$this->str_replace_first($wpdb->prefix,$snapshot_id,$table_name)\n$snapshot_id assigned unsafely at line 58:\n $snapshot_id = 'wp'.$snapshot_id\n$snapshot_id assigned unsafely at line 57:\n $snapshot_id=$this->create_snapshot_uid()
Unescaped parameter $new_table used in $wpdb->query("DROP TABLE IF EXISTS `{$new_table}`")\n$new_table assigned unsafely at line 162:\n $new_table=$this->str_replace_first($wpdb->prefix,$snapshot_id,$table_name)\n$snapshot_id assigned unsafely at line 150:\n $snapshot_id=$ret['snapshot_id']\n$table_name assigned unsafely at line 157:\n $table_name=>\n$ret['snapshot_id'] used without escaping.\n$snapshot_table used without escaping.\n$snapshot_table['finished'] used without escaping.