Unescaped parameter $comment_author_sql used in $wpdb->get_results("SELECT $wpdb->posts.*, $wpdb->comments.* FROM $wpdb->comments INNER JOIN $wpdb->posts ON $wpdb->comments.comment_post_ID = $wpdb->posts.ID WHERE comment_author = '$comment_author_sql' AND comment_approved = '1' AND post_date < '".current_time('mysql')."' AND post_status = 'publish' AND post_password = '' ORDER BY comment_post_ID DESC, comment_date DESC LIMIT $offset, $perpage")\n$comment_author_sql assigned unsafely at line 529:\n $comment_author_sql = $wpdb->escape($comment_author)\n$comment_author assigned unsafely at line 379:\n $comment_author = isset( $_GET['stats_author'] ) ? urldecode(strip_tags(stripslashes(trim($_GET['stats_author'])))) : ''\n$_GET['stats_author'] used without escaping.
Unescaped parameter $comment_author_sql used in $wpdb->get_var("SELECT COUNT(comment_ID) FROM $wpdb->comments INNER JOIN $wpdb->posts ON $wpdb->comments.comment_post_ID = $wpdb->posts.ID WHERE comment_author = '$comment_author_sql' AND comment_approved = '1' AND comment_type = 'commment' AND post_date < '".current_time('mysql')."' AND post_status = 'publish' AND post_password = ''")\n$comment_author_sql assigned unsafely at line 529:\n $comment_author_sql = $wpdb->escape($comment_author)\n$comment_author assigned unsafely at line 379:\n $comment_author = isset( $_GET['stats_author'] ) ? urldecode(strip_tags(stripslashes(trim($_GET['stats_author'])))) : ''\n$_GET['stats_author'] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $limit_sql used in $wpdb->get_results("SELECT comment_author, COUNT(comment_ID) AS 'comment_total' FROM $wpdb->comments INNER JOIN $wpdb->posts ON $wpdb->comments.comment_post_ID = $wpdb->posts.ID WHERE comment_approved = '1' AND comment_type = 'comment' AND post_date < '".current_time('mysql')."' AND post_status = 'publish' AND post_password = '' GROUP BY comment_author ORDER BY comment_total DESC $limit_sql")\n$limit_sql assigned unsafely at line 275:\n $limit_sql = "LIMIT $limit"\n$limit used without escaping.
Unescaped parameter $where used in $wpdb->get_results("SELECT $wpdb->posts.*, COUNT($wpdb->comments.comment_post_ID) AS 'comment_total' FROM $wpdb->posts LEFT JOIN $wpdb->comments ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID WHERE comment_approved = '1' AND post_date < '".current_time('mysql')."' AND $where AND post_status = 'publish' AND post_password = '' GROUP BY $wpdb->comments.comment_post_ID ORDER BY comment_total DESC LIMIT $limit")\n$where assigned unsafely at line 204:\n $where = '1=1'\n$where assigned unsafely at line 202:\n $where = "post_type = '$mode'"\n$limit used without escaping.\n$mostcommenteds assigned unsafely at line 206:\n $mostcommenteds = $wpdb->get_results("SELECT $wpdb->posts.*, COUNT($wpdb->comments.comment_post_ID) AS 'comment_total' FROM $wpdb->posts LEFT JOIN $wpdb->comments ON $wpdb->posts.ID = $wpdb->comments.comment_post_ID WHERE comment_approved = '1' AND post_date < '".current_time('mysql')."' AND $where AND post_status = 'publish' AND post_password = '' GROUP BY $wpdb->comments.comment_post_ID ORDER BY comment_total DESC LIMIT $limit")\n$mode used without escaping.
Unescaped parameter $where used in $wpdb->get_results("SELECT $wpdb->users.*, $wpdb->posts.* FROM $wpdb->posts LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->posts.post_author WHERE user_activation_key = '' AND post_date < '".current_time('mysql')."' AND $where AND post_status = 'publish' AND post_password = '' ORDER BY post_date DESC LIMIT $limit")\n$where assigned unsafely at line 148:\n $where = '1=1'\n$where assigned unsafely at line 146:\n $where = "post_type = '$mode'"\n$limit used without escaping.\n$recentposts assigned unsafely at line 150:\n $recentposts = $wpdb->get_results("SELECT $wpdb->users.*, $wpdb->posts.* FROM $wpdb->posts LEFT JOIN $wpdb->users ON $wpdb->users.ID = $wpdb->posts.post_author WHERE user_activation_key = '' AND post_date < '".current_time('mysql')."' AND $where AND post_status = 'publish' AND post_password = '' ORDER BY post_date DESC LIMIT $limit")\n$mode used without escaping.