AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql, $q_params))\n$sql assigned unsafely at line 78:\n $sql = "\r\n SELECT \r\n MIN(c.created_at) AS first_at,\r\n MAX(c.created_at) AS last_at,\r\n c.session_id,\r\n c.bot_slug,\r\n COUNT(*) AS messages,\r\n MAX(c.id) AS last_id,\r\n SUM( CASE WHEN c.user_id>0 THEN 1 ELSE 0 END ) AS has_user,\r\n MAX(c.user_id) AS any_user\r\n FROM $table c\r\n $where_sql\r\n GROUP BY c.session_id, c.bot_slug\r\n ORDER BY last_at DESC\r\n LIMIT %d OFFSET %d\r\n "\n$table assigned unsafely at line 5:\n $table = $wpdb->prefix.'aichat_tool_calls'\n$where_sql assigned unsafely at line 52:\n $where_sql = $where ? ('WHERE '.implode(' AND ',$where)) : ''\n$where assigned unsafely at line 48:\n $where[] = 'c.bot_slug = %s'\n$bot_slug assigned unsafely at line 30:\n $bot_slug = isset($_GET['bot_slug']) ? sanitize_title($_GET['bot_slug']) : ''\nNote: sanitize_title() is not a safe escaping function.\n$_GET['bot_slug'] used without escaping.

Use placeholders and $wpdb->prepare(); found $sql

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$bot".

Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql, [ $per_page, $offset ] ))\n$sql assigned unsafely at line 78:\n $sql = "\r\n SELECT \r\n MIN(c.created_at) AS first_at,\r\n MAX(c.created_at) AS last_at,\r\n c.session_id,\r\n c.bot_slug,\r\n COUNT(*) AS messages,\r\n MAX(c.id) AS last_id,\r\n SUM( CASE WHEN c.user_id>0 THEN 1 ELSE 0 END ) AS has_user,\r\n MAX(c.user_id) AS any_user\r\n FROM $table c\r\n $where_sql\r\n GROUP BY c.session_id, c.bot_slug\r\n ORDER BY last_at DESC\r\n LIMIT %d OFFSET %d\r\n "\n$table assigned unsafely at line 5:\n $table = $wpdb->prefix.'aichat_tool_calls'\n$where_sql assigned unsafely at line 52:\n $where_sql = $where ? ('WHERE '.implode(' AND ',$where)) : ''\n$where assigned unsafely at line 48:\n $where[] = 'c.bot_slug = %s'\n$bot_slug assigned unsafely at line 30:\n $bot_slug = isset($_GET['bot_slug']) ? sanitize_title($_GET['bot_slug']) : ''\nNote: sanitize_title() is not a safe escaping function.\n$_GET['bot_slug'] used without escaping.

Use placeholders and $wpdb->prepare(); found $sql

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$embed_origins_raw".

Unescaped parameter $count_sql used in $wpdb->get_var($wpdb->prepare($count_sql, $where_params))\n$count_sql assigned unsafely at line 326:\n $count_sql = "SELECT COUNT(*) FROM $chunks_table c WHERE $where_sql"\n$where_sql assigned unsafely at line 323:\n $where_sql = implode(' AND ', $where_clauses)\n$where_clauses assigned unsafely at line 319:\n $where_clauses[] = '(c.title LIKE %s OR c.content LIKE %s)'\n$where_params[] used without escaping.

Unescaped parameter $sql_last used in $wpdb->get_results($wpdb->prepare($sql_last, $last_ids))\n$sql_last assigned unsafely at line 112:\n $sql_last = "SELECT id, response, message FROM $table WHERE id IN ($placeholders)"\n$table assigned unsafely at line 5:\n $table = $wpdb->prefix.'aichat_tool_calls'