Unescaped parameter $autoupdates used in $wpdb->query("ALTER TABLE $autoupdates CONVERT TO CHARACTER SET $db_charset")\n$autoupdates assigned unsafely at line 213:\n $autoupdates \t= $wpdb->prefix."auto_updates"\n$db_charset assigned unsafely at line 215:\n $db_charset \t= constant( 'DB_CHARSET' )\n$updateLog assigned unsafely at line 214:\n $updateLog \t\t= $wpdb->prefix."update_log"
Unescaped parameter $autoupdates used in $wpdb->query("DROP TABLE IF EXISTS $autoupdates")\n$autoupdates assigned unsafely at line 180:\n $autoupdates \t= $wpdb->prefix."auto_updates"\n$updateLog assigned unsafely at line 181:\n $updateLog \t\t= $wpdb->prefix."update_log"
Unescaped parameter $column used in $wpdb->get_results("\n\t\t\t\tSELECT (CHAR_LENGTH({$column})*3) as bytes, `{$id}` as id\n\t\t\t\tFROM {$table}\n\t\t\t\tHAVING bytes IS NOT NULL\n\t\t\t")\n$column assigned unsafely at line 210:\n $column = $data['column']\n$id assigned unsafely at line 211:\n $id = $data['id']\n$data['column'] used without escaping.\n$data['id'] used without escaping.
Unescaped parameter $column used in $wpdb->get_results("\n\t\t\t\tSELECT (CHAR_LENGTH({$column})*3) as bytes, `{$id}` as id\n\t\t\t\tFROM {$table}\n\t\t\t\tHAVING bytes IS NULL\n\t\t\t")\n$column assigned unsafely at line 232:\n $column = $data['column']\n$id assigned unsafely at line 233:\n $id = $data['id']\n$data['column'] used without escaping.\n$data['id'] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $column_name used in $wpdb->get_var($wpdb->prepare(\n\t\t\t\t"SELECT {$column_name} FROM {$wpdb->posts} WHERE ID=%d AND post_type=%s", \t\t\t\t$action_id,\n\t\t\t\tself::POST_TYPE\n\t\t\t))