ERRORsecurity

UnescapedDBParameter

PluginCheck.Security.DirectDB.UnescapedDBParameter

Affected Plugins

On this page

Total Issues

Instances found

Total Impact

400K

Active installations

Examples

Real messages found in scanned plugins

Unescaped parameter $arg used in $wpdb->get_row($wpdb->prepare(\n "SELECT * FROM %i WHERE JSON_UNQUOTE(JSON_EXTRACT(extended_args, '$[0]." . $arg . "')) = %s" . $where, $wpdb->prefix . 'actionscheduler_actions',\n $value\n ))\n$arg assigned unsafely at line 65:\n $arg = preg_replace('/[^a-zA-Z0-9_\\-]/', '', $arg)

Unescaped parameter $email used in $wpdb->get_row("SELECT * FROM `{$wpdb->prefix}wc_customer_lookup` WHERE `email` = '{$email}'")\n$email used without escaping.

Unescaped parameter $query used in $wpdb->get_results($query)\n$query used without escaping.

Unescaped parameter $query used in $wpdb->get_var($query)\n$query used without escaping.

Unescaped parameter $query used in $wpdb->query($query)\n$query used without escaping.

Affected Plugins

Plugins that have instances of this rule violation

Mailchimp for WooCommerce

mailchimp-for-woocommerce

issues

300K

installs

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories