ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $this->user_ID used in $wpdb->get_results("SELECT `ID`, `post_title`, `post_type` FROM " . $this->wpdb->posts . " WHERE `post_author`='" . $this->user_ID . "' AND `post_type` IN ('" . implode( "', '", $post_types_to_delete ) . "')")

Unescaped parameter $this->user_ID used in $wpdb->get_results("SELECT `comment_ID` FROM " . $this->wpdb->comments . " WHERE `user_id`='" . $this->user_ID . "'")

Unescaped parameter $this->user_ID used in $wpdb->get_results("SELECT `link_id`, `link_url`, `link_name` FROM " . $this->wpdb->links . " WHERE `link_owner`='" . $this->user_ID . "'")

Affected Plugins

Plugins that have instances of this rule violation