ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $db_query used in $wpdb->query($db_query)\n$db_query used without escaping.

Unescaped parameter $extra_checks used in $wpdb->get_results("SELECT DISTINCT YEAR( shipment_date_created ) AS year, MONTH( shipment_date_created ) AS month FROM $wpdb->stc_shipments WHERE 1=1 $extra_checks ORDER BY shipment_date_created DESC")\n$extra_checks assigned unsafely at line 513:\n $extra_checks = "AND shipment_status != 'auto-draft'"\n$_GET['shipment_status'] used without escaping.

Unescaped parameter $found_labels_query used in $wpdb->get_var($found_labels_query)

Unescaped parameter $found_shipments_query used in $wpdb->get_var($found_shipments_query)

Unescaped parameter $main_query used in $wpdb->query($main_query)\n$main_query used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

WooCommerce Stripe Payment Gateway

woocommerce-gateway-stripe

issues

700K

installs

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

issues

400K

installs