Unescaped parameter $and used in $wpdb->get_results("SELECT DISTINCT post_author FROM $wpdb->posts WHERE post_status != 'auto-draft' $and")\n$and assigned unsafely at line 1892:\n $and = 'AND ID IN ( ' . implode( ', ', $post_ids ) . ')'
Unescaped parameter $columns used in $wpdb->get_results("CREATE TABLE IF NOT EXISTS $test_table_new $columns")\n$columns assigned unsafely at line 38:\n $columns='(test_id int primary key)'\n$test_table assigned unsafely at line 39:\n $test_table = $wpdb->get_results("CREATE TABLE IF NOT EXISTS $test_table_new $columns",ARRAY_A)
Unescaped parameter $db_field used in $wpdb->get_row($wpdb->prepare(\r\n "SELECT * FROM $wpdb->users WHERE $db_field = %s LIMIT 1",\r\n $user_id\r\n ))\n$db_field assigned unsafely at line 78:\n $db_field = 'ID'\n$user_id assigned unsafely at line 76:\n $user_id = $result['user_id']\n$wpvivid_plugin->staging->log used without escaping.\n$result['user_id'] used without escaping.
Unescaped parameter $insert_query used in $wpdb->get_results($insert_query)\n$insert_query assigned unsafely at line 3142:\n $insert_query = $wpdb->prepare("INSERT INTO {$option_table} (option_name,option_value) VALUES ('siteurl',%s)", $this->new_site_url)\n$option_table assigned unsafely at line 3123:\n $option_table = $this->temp_new_prefix.'options'
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $insert_query used in $wpdb->get_results($insert_query)\n$insert_query assigned unsafely at line 3170:\n $insert_query = $wpdb->prepare("INSERT INTO {$option_table} (option_name,option_value) VALUES ('home',%s)", $this->new_home_url)\n$option_table assigned unsafely at line 3123:\n $option_table = $this->temp_new_prefix.'options'