Convert tables using utf8mb4_unicode_520_ci or utf8_unicode_520_ci collation to a more portable Collation Algorithm.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_col($sql)\n$sql assigned unsafely at line 148:\n $sql = 'ALTER DATABASE `' . DB_NAME . '` COLLATE=' . ($force ? $force_algorithm : $this->_collation)\n$force_algorithm assigned unsafely at line 131:\n $force_algorithm = $_POST['force-collation-algorithm']\n$this->_collation assigned unsafely at line 132:\n $this->_collation = $force_algorithm\n$_POST['force-collation-algorithm'] used without escaping. | 158:17 | Security |
| ERROR | WordPress.WP.AlternativeFunctions.unlink_unlink | unlink() is discouraged. Use wp_delete_file() to delete a file. | 82:5 | Plugin Repo |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 219:\n $sql = "ALTER TABLE `{$table}` DROP INDEX `{$idx_name}`"\n$idx_name assigned unsafely at line 207:\n $idx_name = substr($idx_name, 0, $end_quote)\n$idx_name assigned unsafely at line 205:\n $idx_name = substr($create_table, $pos + 14)\n$end_quote assigned unsafely at line 206:\n $end_quote = strpos($idx_name, '`')\n$create_table assigned unsafely at line 191:\n $create_table = $create_table_res['Create Table']\n$pos assigned unsafely at line 199:\n $pos = stripos($create_table, 'FULLTEXT KEY', $offset)\n$create_table_res['Create Table'] used without escaping.\n$offset assigned unsafely at line 213:\n $offset += $pos + 13 + strlen($idx_name) + strlen($col_names)\n$col_names assigned unsafely at line 210:\n $col_names = substr($col_names, 0, $close_paren + 1)\n$col_names assigned unsafely at line 208:\n $col_names = substr($create_table, $pos + 15 + strlen($idx_name) + 1) | 221:11 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 221:17 | Security |
| ERROR | WordPress.WP.I18n.MissingTranslatorsComment | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 247:36 | General |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->query($sql)\n$sql assigned unsafely at line 251:\n $sql = "ALTER TABLE `{$table}` COLLATE={$new_coll}"\n$new_coll assigned unsafely at line 246:\n $new_coll = $force ? $force_algorithm : $this->_collation\n$force_algorithm used without escaping. | 253:20 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 253:26 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 262:\n $sql = "SHOW FULL COLUMNS FROM `{$table}`" | 263:25 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 263:37 | Security |
| ERROR | WordPress.WP.I18n.MissingTranslatorsComment | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 285:44 | General |
| 15.11.2025, 05:14:41 | 10s | 80 | 45 | 32 |