Unescaped parameter $key used in $wpdb->query("DELETE FROM {$wpdb->prefix}options WHERE option_name LIKE '{$key}%'")\n$key used without escaping.
Unescaped parameter $prepared used in $wpdb->get_results($prepared)\n$prepared assigned unsafely at line 247:\n $prepared = $wpdb->prepare( $sql, ...$params )\n$sql assigned unsafely at line 234:\n $sql = "\r\n SELECT *\r\n FROM {$table}\r\n WHERE type IN ($placeholders)\r\n AND exported = %d\r\n ORDER BY id ASC\r\n LIMIT %d\r\n "
Unescaped parameter $prepared used in $wpdb->get_row($prepared)\n$prepared assigned unsafely at line 247:\n $prepared = $wpdb->prepare( $sql, ...$params )\n$sql assigned unsafely at line 234:\n $sql = "\r\n SELECT *\r\n FROM {$table}\r\n WHERE type IN ($placeholders)\r\n AND exported = %d\r\n ORDER BY id ASC\r\n LIMIT %d\r\n "
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1030:\n $sql = $wpdb->prepare(\n "\n SELECT *\n FROM {$table}\n WHERE type IN ($in_placeholders)\n AND exported = %d\n ORDER BY id ASC\n LIMIT %d\n ",\n array_merge($types, [0, $limit])\n )
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 850:\n $sql = $wpdb->prepare(\r\n "SELECT * \r\n FROM {$table}\r\n WHERE type IN ($in_placeholders)\r\n AND exported = %d\r\n ORDER BY id ASC\r\n LIMIT %d",\r\n array_merge($types, [0, $limit])\r\n )