ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

120K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $by used in $wpdb->get_results('SELECT domain, page_url, COUNT(domain) as link_count\n\t\t\t\tFROM ' . SPBC_TBL_SCAN_LINKS . ' \n\t\t\tGROUP BY domain\n\t\t\t' . ($order && $by ? "ORDER BY $by $order" : '') . '\n\t\t\tLIMIT ' . $offset . ',' . $amount . ';')\n$by used without escaping.\n$order used without escaping.

Unescaped parameter $delete_query used in $wpdb->query($wpdb->prepare($delete_query, (int)$this->running_due_stage))\n$delete_query assigned unsafely at line 395:\n $delete_query = 'DELETE FROM ' . self::$completed_dirs_table_name . ' WHERE running_due_stage = %d;'\n$completed_dirs_table_name used without escaping.

Unescaped parameter $file_fast_hash used in $wpdb->get_row('SELECT * '\n . ' FROM ' . SPBC_TBL_SCAN_FILES\n . ' WHERE fast_hash="' . $file_fast_hash . '";')\n$file_fast_hash used without escaping.

Unescaped parameter $file_id used in $wpdb->get_row('SELECT *\n\t\t\tFROM ' . SPBC_TBL_SCAN_FILES . '\n\t\t\tWHERE fast_hash = "' . $file_id . '"\n\t\t\tLIMIT 1')\n$file_id used without escaping.

Unescaped parameter $insert_query used in $wpdb->query($insert_query)\n$insert_query assigned unsafely at line 357:\n $insert_query = 'INSERT INTO ' . self::$completed_dirs_table_name . ' (dir_path, running_due_stage) VALUES ' . $completed_dirs_string \n$completed_dirs_table_name used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

CloudSecure WP Security

cloudsecure-wp-security

issues

90K

installs

security-malware-firewall

issues

30K

installs