Create beautiful carrousel, with any contents (image, text, video...)
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 599:31 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $great_caroussel_contents_table | 613:21 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | 185:15 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $great_caroussel_contents_table used in $wpdb->get_row($wpdb->prepare( "SELECT MAX(`order`) as max_order FROM ".$great_caroussel_contents_table." WHERE id_caroussel = %d", $_POST['id'] ))\n$great_caroussel_contents_table assigned unsafely at line 441:\n $great_caroussel_contents_table = $wpdb->prefix . "great_caroussels_contents"\n$_POST['id'] used without escaping.\n$_POST['content'] used without escaping.\n$max_order assigned unsafely at line 449:\n $max_order = $wpdb->get_row( $wpdb->prepare( "SELECT MAX(`order`) as max_order FROM ".$great_caroussel_contents_table." WHERE id_caroussel = %d", $_POST['id'] )) | 449:24 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 299:\n $query = $wpdb->prepare( "UPDATE ".$great_caroussel_table." SET `name` = %s WHERE id = %d",\r\n\r\n\t\t\t\t\tstripslashes_deep($_POST['name']), $_POST['id'] )\n$great_caroussel_table assigned unsafely at line 243:\n $great_caroussel_table = $wpdb->prefix . "great_caroussels"\n$great_caroussel_contents_table assigned unsafely at line 245:\n $great_caroussel_contents_table = $wpdb->prefix . "great_caroussels_contents"\n$_GET['id'] used without escaping.\n$caroussel assigned unsafely at line 255:\n $caroussel = $wpdb->get_row("SELECT * FROM ".$great_caroussel_table." WHERE id=".$_GET['id']) | 303:13 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 609:\n $query = $wpdb->prepare( \r\n\r\n\r\n\r\n\t\t\t\t\t"DELETE FROM ".$great_caroussel_contents_table."\r\n\r\n\t\t\t\t\t WHERE id=%d", $_POST['id']\r\n\r\n\r\n\r\n\t\t\t\t)\n$great_caroussel_contents_table assigned unsafely at line 575:\n $great_caroussel_contents_table = $wpdb->prefix . "great_caroussels_contents"\n$_POST['id'] used without escaping. | 623:19 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 303:19 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $great_caroussel_contents_table | 449:90 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 625:6 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $great_caroussel_contents_table | 637:16 | Security |
| 16.11.2025, 04:12:40 | 10s | 55 | 66 | 115 |