ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $item_code used in $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_type = 'attachment' AND post_title = '$item_code'")\n$item_code used without escaping.

Unescaped parameter $meta_value used in $wpdb->get_results("SELECT ID FROM $wpdb->posts, $wpdb->postmeta WHERE $wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->posts.post_type = 'post' AND $wpdb->postmeta.meta_key = '_itemCode' AND $wpdb->postmeta.meta_value = '$meta_value' LIMIT 1")\n$meta_value assigned unsafely at line 294:\n $meta_value = mb_strtolower( $match[1] )\n$match[1] used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Image Uploader for Welcart

image-uploader-for-welcart

issues

installs