Unescaped parameter $source used in $wpdb->query($this->wpdb->prepare(\n "UPDATE $source\n SET hook = REPLACE(hook, 'bsl_', 'sync_basalam_')\n WHERE hook LIKE %s AND status = %s",\n '%bsl_%',\n 'pending'\n ))\n$source assigned unsafely at line 77:\n $source = $this->wpdb->prefix . 'actionscheduler_actions'
Unescaped parameter $source used in $wpdb->query($this->wpdb->prepare(\n "UPDATE $source\n SET hook = REPLACE(hook, 'bslm_', 'sync_basalam_')\n WHERE hook LIKE %s AND status = %s",\n '%bslm_%',\n 'pending'\n ))\n$source assigned unsafely at line 77:\n $source = $this->wpdb->prefix . 'actionscheduler_actions'
Unescaped parameter $sql used in $wpdb->get_row($wpdb->prepare($sql, $values))\n$sql assigned unsafely at line 54:\n $sql = "SELECT * FROM {$this->job_manager_table_name} WHERE " . implode(" AND ", $conditions) . " LIMIT 1"\n$conditions assigned unsafely at line 50:\n $conditions[] = "{$column} = %s"\n$column assigned unsafely at line 49:\n $column => \n$value used without escaping.\n$conditions[] used without escaping.
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $sql used in $wpdb->get_var($wpdb->prepare($sql, $values))\n$sql assigned unsafely at line 81:\n $sql = "SELECT COUNT(*) FROM {$this->job_manager_table_name} WHERE " . implode(" AND ", $conditions)\n$conditions assigned unsafely at line 76:\n $conditions[] = "{$column} = %s"\n$column assigned unsafely at line 70:\n $column => \n$value used without escaping.
Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 114:\n $sql = $wpdb->prepare(\n "DELETE FROM {$this->job_manager_table_name}\n WHERE status = %s\n AND started_at IS NOT NULL\n AND started_at < %d",\n 'processing',\n $timeout_timestamp\n )