Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1290:\n $sql = "SELECT s.id, s.status,s.object,s.parent_id, s.meta as meta,s.order_id,s.crm_id,s.link,s.time\n $sql_end\n limit $start , $per_page"\n$sql_end assigned unsafely at line 1276:\n $sql_end=$this->get_log_query()
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1414:\n $sql=$wpdb->prepare($sql,$order_id,$limit)\n$sql assigned unsafely at line 1413:\n $sql.=' order_id=%d order by id desc limit %d'\n$sql assigned unsafely at line 1411:\n $sql.='parent_id=0 and '\n$sql assigned unsafely at line 1409:\n $sql="Select * from $table_name where "\n$order_id used without escaping.\n$limit used without escaping.\n$table_name assigned unsafely at line 1408:\n $table_name = $this->get_table_name()
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1828:\n $sql.=' limit 100'\n$sql assigned unsafely at line 1826:\n $sql.=' status !=9'\n$sql assigned unsafely at line 1824:\n $sql.=' status =1'\n$sql assigned unsafely at line 1822:\n $sql='SELECT * FROM '.$table.' where'\n$results assigned unsafely at line 1829:\n $results = $wpdb->get_results( $sql ,ARRAY_A )\n$table assigned unsafely at line 1821:\n $table= $this->get_table_name('accounts')
Affected Plugins
Plugins that have instances of this rule violation
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 183:\n $sql="select * $sql_end limit 3000"\n$sql_end assigned unsafely at line 180:\n $sql_end=$this->get_log_query()
Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 708:\n $sql="SELECT meta_key FROM `$table` group by meta_key"\n$table assigned unsafely at line 707:\n $table=$wpdb->prefix.'woocommerce_order_itemmeta'