Unescaped parameter $__in used in $wpdb->get_results("SELECT id, type, timestamp FROM " . SWIFT_PERFORMANCE_TABLE_PREFIX . "warmup WHERE id IN ({$__in})")\n$__in assigned unsafely at line 460:\n $__in = trim($__in, ',')\n$__in assigned unsafely at line 458:\n $__in .= "'" . esc_sql($id) . "',"\n$__in assigned unsafely at line 456:\n $__in = ''\n$id used without escaping.
Unescaped parameter $attachmentID used in $wpdb->get_var("SELECT posts.guid FROM {$wpdb->posts} posts WHERE posts.ID='" . $attachmentID . "'")\n$attachmentID used without escaping.
Unescaped parameter $clause used in $wpdb->query($wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id='%d' AND meta_key IN ($clause)", $keys))\n$clause assigned unsafely at line 139:\n $clause = implode(',', $values)\n$values assigned unsafely at line 135:\n $values[] = '%s'\n$keys[] used without escaping.
Unescaped parameter $custom_table_name used in $wpdb->get_row("SELECT COUNT(*) as item_count FROM {$custom_table_name}")\n$custom_table_name assigned unsafely at line 631:\n $custom_table_name = $queue_table_storage->table_name\n$queue_table_storage->table_name used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $custom_table_name used in $wpdb->query("DELETE FROM {$custom_table_name}")\n$custom_table_name assigned unsafely at line 631:\n $custom_table_name = $queue_table_storage->table_name\n$queue_table_storage->table_name used without escaping.
A2 Optimized WP – Turbocharge and secure your WordPress site