Name: No unsafe-inline
Rating: 5
Author: Giuseppe

Issues Details

568 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $table	`1958:33`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter with_prefix( $table ) . ' '\n\t\t\t\t\t. 'GROUP BY `whitelist`, `tagname`, `directive` '\n\t\t\t\t\t. 'ORDER BY `nonceable` DESC, `directive` ASC, `tagname` ASC, `num` ASC, `whitelist` ASC;'\n\t\t\t\t) used in $wpdb->get_results('SELECT `directive`, `tagname`, '\n\t\t\t\t\t. 'CASE '\n\t\t\t\t\t. 'WHEN `tagname` =\'script\' THEN \'Yes\' '\n\t\t\t\t\t. 'WHEN `tagname` =\'styles\' THEN \'Yes\' '\n\t\t\t\t\t. 'ELSE \'No\' '\n\t\t\t\t\t. 'END AS \'nonceable\', '\n\t\t\t\t\t. 'CASE '\n\t\t\t\t\t. 'WHEN `directive` =\'script-src\' THEN `whitelist` '\n\t\t\t\t\t. 'WHEN `directive` =\'style-src\' THEN `whitelist` '\n\t\t\t\t\t. 'WHEN `directive` =\'worker-src\' THEN `whitelist` '\n\t\t\t\t\t. 'ELSE \'--\' '\n\t\t\t\t\t. 'END AS \'whitelist\', '\n\t\t\t\t\t. 'COUNT(`ID`) AS \'num\' FROM ' . self::with_prefix( $table ) . ' '\n\t\t\t\t\t. 'GROUP BY `whitelist`, `tagname`, `directive` '\n\t\t\t\t\t. 'ORDER BY `nonceable` DESC, `directive` ASC, `tagname` ASC, `num` ASC, `whitelist` ASC;')	`1102:22`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->get_var('SELECT COUNT(*) FROM ( ' . $query . ' ) AS total_logs ')\n$query assigned unsafely at line 587:\n $query = self::get_logs_query( $order_by, $order_asc, $search, $level, $date )\n$order_asc used without escaping.\n$search used without escaping.\n$level used without escaping.\n$date used without escaping.	`590:25`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1953:\n $sql = $wpdb->prepare(\n\t\t\t'SELECT ' . self::with_prefix( $table ) . '.`ID`, `clustername`, MaxLastseen, `pageurl` FROM '\n\t\t\t. self::with_prefix( $table ) . ' LEFT JOIN ('\n\t\t\t. 'SELECT `dbtable`, `itemid`, `pageurl`, MAX(`lastseen`) AS MaxLastseen FROM ' . self::occurences_table()\n\t\t\t. ' WHERE `dbtable` = %s GROUP BY `itemid` ) AS occurences '\n\t\t\t. 'ON ' . self::with_prefix( $table ) . '.`ID` = occurences.`itemid` WHERE `clustername` = %s ORDER BY MaxLastseen ASC '\n\t\t\t. 'LIMIT %d;',\n\t\t\t$table,\n\t\t\t$clustername,\n\t\t\t$limit\n\t\t)	`1964:17`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`1964:30`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found self	`1980:26`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found external_scripts_table	`1980:32`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`590:62`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found self	`1115:41`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1979:\n $sql = $wpdb->prepare(\n\t\t\t'SELECT `ID` FROM ' . self::external_scripts_table() . ' WHERE '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s;',\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-fix-style$suffix.js?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-prefilter-override$suffix.js?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-admin$suffix.css?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-admin$suffix.js?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-mutation-observer$suffix.js?ver=" . $ver )\n\t\t)	`1992:17`	Security

568 total row(s)

External Connections

Hosts referenced or contacted during the latest scan (runtime attempts + static URLs)

Hosts: 25Runtime: 0Static: 73

Source	Host	URL	Plugin File / Stack	Captured
Static	profiles.wordpress.org	https://profiles.wordpress.org/mociofiletto/	uninstall.php:21	11/17/2025, 9:21:00 AM
Static	github.com	https://github.com/MocioF/No-unsafe-inline	no-unsafe-inline.php:16	11/17/2025, 9:21:00 AM
Static	profiles.wordpress.org	https://profiles.wordpress.org/mociofiletto/	no-unsafe-inline.php:20	11/17/2025, 9:21:00 AM
Static	profiles.wordpress.org	https://profiles.wordpress.org/mociofiletto/	public/class-no-unsafe-inline-public.php:5	11/17/2025, 9:21:00 AM
Static	www.php.net	https://www.php.net/manual/en/reserved.keywords.php	public/class-no-unsafe-inline-public.php:12	11/17/2025, 9:21:00 AM
Static	profiles.wordpress.org	https://profiles.wordpress.org/mociofiletto/	public/partials/no-unsafe-inline-public-display.php:7	11/17/2025, 9:21:00 AM
Static	docs.rubixml.com	https://docs.rubixml.com/2.0/clusterers/dbscan.html	src/Nunil_Admin_Help_Tabs.php:371	11/17/2025, 9:21:00 AM
Static	developers.google.com	https://developers.google.com/machine-learning/clustering/overview	src/Nunil_Admin_Help_Tabs.php:376	11/17/2025, 9:21:00 AM
Static	wikipedia.org	https://wikipedia.org/wiki/DBSCAN	src/Nunil_Admin_Help_Tabs.php:384	11/17/2025, 9:21:00 AM
Static	wikipedia.org	https://wikipedia.org/wiki/Nilsimsa_Hash	src/Nunil_Admin_Help_Tabs.php:390	11/17/2025, 9:21:00 AM

73 total row(s)

No unsafe-inline

Security554

Plugin Repository7

General5