By default WordPress in WP-admin allows users to search only by username or email id.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $pieces[0] used in $wpdb->get_results("SELECT DISTINCT user_id FROM $wpdb->usermeta WHERE (meta_key='first_name' AND LOWER(meta_value) LIKE '%".$pieces[0]."%')")\n$pieces[0] used without escaping. | 35:34 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $flsiwa_add | 42:146 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $qstr | 42:192 | Security |
| ERROR | WordPress.WP.I18n.TextDomainMismatch | Mismatched text domain. Expected 'extended-user-search-in-wp-admin' but got 'extended-user-search-in-WP-admin'. | 17:95 | General |
| ERROR | WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "extend_user_search". | 26:5 | Plugin Repo |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $qstr | 48:151 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $pieces | 35:152 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $flsiwa_add used in $wpdb->get_results("SELECT DISTINCT user_id FROM $wpdb->usermeta WHERE (meta_key='first_name' OR meta_key='last_name'".$flsiwa_add.") AND LOWER(meta_value) LIKE '%".$qstr."%'") | 42:34 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $qstr | 55:129 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $qstr | 55:169 | Security |
| 15.11.2025, 10:57:47 | 10s | 91 | 14 | 16 |