| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 527:46 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql1 | 594:58 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql1 used in $wpdb->query($sql1)\n$sql1 assigned unsafely at line 589:\n $sql1 = $sql\n$sql assigned unsafely at line 590:\n $sql .= ' order by id desc limit %d,50 '\n$con1 assigned unsafely at line 587:\n $con1 = $con\n$count assigned unsafely at line 592:\n $count = $wpdb->query($sql1,ARRAY_A)\n$con assigned unsafely at line 569:\n $con[] = $session\n$session assigned unsafely at line 567:\n $session = sanitize_text_field(wp_unslash($_POST['session']))\nNote: sanitize_text_field() is not a safe escaping function. | 592:37 | Security |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$assets". | 2:1 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql,$search,$sta,$end,$type,$type2,$start,$limit))\n$sql assigned unsafely at line 533:\n $sql .= 'order by time desc limit %d,%d '\n$sql assigned unsafely at line 531:\n $sql .= 'order by num asc limit %d,%d '\n$sql assigned unsafely at line 529:\n $sql .= 'order by num desc limit %d,%d '\n$sql assigned unsafely at line 474:\n $sql .= 'and %d '\n$zhizhu assigned unsafely at line 535:\n $zhizhu = $wpdb->get_results($wpdb->prepare($sql,$search,$sta,$end,$type,$type2,$start,$limit),ARRAY_A)\n$search assigned unsafely at line 453:\n $search = '1'\n$sta assigned unsafely at line 457:\n $sta = strtotime($sta)-$timezone_offet*3600\n$end assigned unsafely at line 467:\n $end = time()+$timezone_offet*3600\n$type assigned unsafely at line 502:\n $type='头条'\n$type2 assigned unsafely at line 523:\n $type2='1'\n$orders used without escaping.\n$timezone_offet assigned unsafely at line 279:\n $timezone_offet = get_option( 'gmt_offset') | 535:26 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 535:53 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $insert_sql | 1587:38 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql1 | 592:43 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql,array_values($con)))\n$sql assigned unsafely at line 590:\n $sql .= ' order by id desc limit %d,50 '\n$con1 assigned unsafely at line 587:\n $con1 = $con\n$count assigned unsafely at line 594:\n $count = $wpdb->query($wpdb->prepare($sql1,array_values($con1)),ARRAY_A)\n$sql1 assigned unsafely at line 589:\n $sql1 = $sql\n$con assigned unsafely at line 569:\n $con[] = $session\n$session assigned unsafely at line 567:\n $session = sanitize_text_field(wp_unslash($_POST['session']))\nNote: sanitize_text_field() is not a safe escaping function.\n$_POST['session'] used without escaping. | 597:32 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 597:59 | Security |
| 15.11.2025, 12:34:15 | 43s | 1 | 12 | 1549 |