| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql1 | inc/admin/get.php:594:58 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->query($wpdb->prepare($sql,$search,$sta,$end,$type,$type2))\n$sql assigned unsafely at line 486:\n $sql .= 'and %d '\n$type assigned unsafely at line 514:\n $type='头条' | inc/admin/zhizhu.php:539:25 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | inc/admin/zhizhu.php:539:46 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql1 used in $wpdb->query($sql1)\n$sql1 assigned unsafely at line 589:\n $sql1 = $sql\n$sql assigned unsafely at line 590:\n $sql .= ' order by id desc limit %d,35 '\n$con1 assigned unsafely at line 587:\n $con1 = $con\n$count assigned unsafely at line 592:\n $count = $wpdb->query($sql1,ARRAY_A)\n$con assigned unsafely at line 569:\n $con[] = $session\n$session assigned unsafely at line 567:\n $session = sanitize_text_field(wp_unslash($_POST['session']))\nNote: sanitize_text_field() is not a safe escaping function. | inc/admin/get.php:592:37 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql1 | inc/admin/get.php:592:43 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($wpdb->prepare($sql,$search,$sta,$end,$type,$type2,$start,$limit))\n$sql assigned unsafely at line 545:\n $sql .= 'order by time desc limit %d,%d '\n$sql assigned unsafely at line 543:\n $sql .= 'order by num asc limit %d,%d '\n$sql assigned unsafely at line 541:\n $sql .= 'order by num desc limit %d,%d '\n$sql assigned unsafely at line 486:\n $sql .= 'and %d '\n$zhizhu assigned unsafely at line 547:\n $zhizhu = $wpdb->get_results($wpdb->prepare($sql,$search,$sta,$end,$type,$type2,$start,$limit),ARRAY_A)\n$search assigned unsafely at line 465:\n $search = '1'\n$sta assigned unsafely at line 288:\n $sta = sanitize_text_field($sta)\nNote: sanitize_text_field() is not a safe escaping function.\n$end assigned unsafely at line 479:\n $end = time()+$timezone_offet*3600\n$type assigned unsafely at line 514:\n $type='头条'\n$type2 assigned unsafely at line 535:\n $type2='1'\n$orders used without escaping.\n$timezone_offet assigned unsafely at line 291:\n $timezone_offet = get_option( 'gmt_offset') | inc/admin/zhizhu.php:547:26 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | inc/admin/zhizhu.php:547:53 | Security |
| ERROR | WordPress.DateTime.RestrictedFunctions.date_date | date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead. | inc/admin/cron_zhizhu.php:57:45 | — |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $insert_sql | inc/admin/post.php:1851:38 | Security |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$assets". | inc/admin/assets.php:2:1 | Plugin Repo |
| 18.12.2025, 07:32:16 | 34s | 1 | 13 | 1536 |
| 15.11.2025, 12:34:15 | 43s | 1 | 12 | 1549 |