Unescaped parameter $table_name used in $wpdb->get_results($wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `post_id`=%s", $id))\n$table_name assigned unsafely at line 384:\n $table_name = $wpdb->prefix . 'wpchtmlp_pages'\n$results assigned unsafely at line 385:\n $results = $wpdb->get_results( \r\n $wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `post_id`=%s", $id), ARRAY_A\r\n )\n$id assigned unsafely at line 381:\n $id = $atts['id']\n$atts['id'] used without escaping.
Unescaped parameter $table_name used in $wpdb->get_results($wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `url`=%s", $query_uri))\n$table_name assigned unsafely at line 362:\n $table_name = $wpdb->prefix . 'wpchtmlp_pages'\n$results assigned unsafely at line 363:\n $results = $wpdb->get_results( \r\n $wpdb->prepare("SELECT * FROM `".$table_name."` WHERE `url`=%s", $query_uri), ARRAY_A\r\n )\n$query_uri assigned unsafely at line 359:\n $query_uri = substr($query_uri, 0, strlen($query_uri)-1)\n$query_uri assigned unsafely at line 346:\n $query_uri = $query_uri_arr[0]\n$query_uri_arr[0] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $table_name used in $wpdb->query("DROP TABLE IF EXISTS ".$table_name)\n$table_name assigned unsafely at line 42:\n $table_name = $wpdb->prefix . 'wpchtmlp_pages'