| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | great-caroussel.php:599:31 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $great_caroussel_contents_table | great-caroussel.php:613:21 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $sql | great-caroussel.php:185:15 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $great_caroussel_contents_table used in $wpdb->get_row($wpdb->prepare( "SELECT MAX(`order`) as max_order FROM ".$great_caroussel_contents_table." WHERE id_caroussel = %d", $_POST['id'] ))\n$great_caroussel_contents_table assigned unsafely at line 441:\n $great_caroussel_contents_table = $wpdb->prefix . "great_caroussels_contents"\n$_POST['id'] used without escaping.\n$_POST['content'] used without escaping.\n$max_order assigned unsafely at line 449:\n $max_order = $wpdb->get_row( $wpdb->prepare( "SELECT MAX(`order`) as max_order FROM ".$great_caroussel_contents_table." WHERE id_caroussel = %d", $_POST['id'] )) | great-caroussel.php:449:24 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 299:\n $query = $wpdb->prepare( "UPDATE ".$great_caroussel_table." SET `name` = %s WHERE id = %d",\r\n\r\n\t\t\t\t\tstripslashes_deep($_POST['name']), $_POST['id'] )\n$great_caroussel_table assigned unsafely at line 243:\n $great_caroussel_table = $wpdb->prefix . "great_caroussels"\n$great_caroussel_contents_table assigned unsafely at line 245:\n $great_caroussel_contents_table = $wpdb->prefix . "great_caroussels_contents"\n$_GET['id'] used without escaping.\n$caroussel assigned unsafely at line 255:\n $caroussel = $wpdb->get_row("SELECT * FROM ".$great_caroussel_table." WHERE id=".$_GET['id']) | great-caroussel.php:303:13 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 609:\n $query = $wpdb->prepare( \r\n\r\n\r\n\r\n\t\t\t\t\t"DELETE FROM ".$great_caroussel_contents_table."\r\n\r\n\t\t\t\t\t WHERE id=%d", $_POST['id']\r\n\r\n\r\n\r\n\t\t\t\t)\n$great_caroussel_contents_table assigned unsafely at line 575:\n $great_caroussel_contents_table = $wpdb->prefix . "great_caroussels_contents"\n$_POST['id'] used without escaping. | great-caroussel.php:623:19 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | great-caroussel.php:303:19 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $great_caroussel_contents_table | great-caroussel.php:449:90 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | great-caroussel.php:625:6 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $great_caroussel_contents_table | great-caroussel.php:637:16 | Security |
| 02.12.2025, 14:32:17 | 7s | 55 | 63 | 115 |
| 16.11.2025, 04:12:40 | 10s | 55 | 66 | 115 |