Name: No unsafe-inline
Rating: 5
Author: Giuseppe

Issues Details

568 issues found in latest scan

	Code	Message	Location	Category
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $table	`src/Nunil_Lib_Db.php:1958:33`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter with_prefix( $table ) . ' '\n\t\t\t\t\t. 'GROUP BY `whitelist`, `tagname`, `directive` '\n\t\t\t\t\t. 'ORDER BY `nonceable` DESC, `directive` ASC, `tagname` ASC, `num` ASC, `whitelist` ASC;'\n\t\t\t\t) used in $wpdb->get_results('SELECT `directive`, `tagname`, '\n\t\t\t\t\t. 'CASE '\n\t\t\t\t\t. 'WHEN `tagname` =\'script\' THEN \'Yes\' '\n\t\t\t\t\t. 'WHEN `tagname` =\'styles\' THEN \'Yes\' '\n\t\t\t\t\t. 'ELSE \'No\' '\n\t\t\t\t\t. 'END AS \'nonceable\', '\n\t\t\t\t\t. 'CASE '\n\t\t\t\t\t. 'WHEN `directive` =\'script-src\' THEN `whitelist` '\n\t\t\t\t\t. 'WHEN `directive` =\'style-src\' THEN `whitelist` '\n\t\t\t\t\t. 'WHEN `directive` =\'worker-src\' THEN `whitelist` '\n\t\t\t\t\t. 'ELSE \'--\' '\n\t\t\t\t\t. 'END AS \'whitelist\', '\n\t\t\t\t\t. 'COUNT(`ID`) AS \'num\' FROM ' . self::with_prefix( $table ) . ' '\n\t\t\t\t\t. 'GROUP BY `whitelist`, `tagname`, `directive` '\n\t\t\t\t\t. 'ORDER BY `nonceable` DESC, `directive` ASC, `tagname` ASC, `num` ASC, `whitelist` ASC;')	`src/Nunil_Lib_Db.php:1102:22`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $query used in $wpdb->get_var('SELECT COUNT(*) FROM ( ' . $query . ' ) AS total_logs ')\n$query assigned unsafely at line 587:\n $query = self::get_logs_query( $order_by, $order_asc, $search, $level, $date )\n$order_asc used without escaping.\n$search used without escaping.\n$level used without escaping.\n$date used without escaping.	`src/Nunil_Lib_Db.php:590:25`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1953:\n $sql = $wpdb->prepare(\n\t\t\t'SELECT ' . self::with_prefix( $table ) . '.`ID`, `clustername`, MaxLastseen, `pageurl` FROM '\n\t\t\t. self::with_prefix( $table ) . ' LEFT JOIN ('\n\t\t\t. 'SELECT `dbtable`, `itemid`, `pageurl`, MAX(`lastseen`) AS MaxLastseen FROM ' . self::occurences_table()\n\t\t\t. ' WHERE `dbtable` = %s GROUP BY `itemid` ) AS occurences '\n\t\t\t. 'ON ' . self::with_prefix( $table ) . '.`ID` = occurences.`itemid` WHERE `clustername` = %s ORDER BY MaxLastseen ASC '\n\t\t\t. 'LIMIT %d;',\n\t\t\t$table,\n\t\t\t$clustername,\n\t\t\t$limit\n\t\t)	`src/Nunil_Lib_Db.php:1964:17`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $sql	`src/Nunil_Lib_Db.php:1964:30`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found self	`src/Nunil_Lib_Db.php:1980:26`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found external_scripts_table	`src/Nunil_Lib_Db.php:1980:32`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found $query	`src/Nunil_Lib_Db.php:590:62`	Security
ERROR	`WordPress.DB.PreparedSQL.NotPrepared`	Use placeholders and $wpdb->prepare(); found self	`src/Nunil_Lib_Db.php:1115:41`	Security
ERROR	`PluginCheck.Security.DirectDB.UnescapedDBParameter`	Unescaped parameter $sql used in $wpdb->get_results($sql)\n$sql assigned unsafely at line 1979:\n $sql = $wpdb->prepare(\n\t\t\t'SELECT `ID` FROM ' . self::external_scripts_table() . ' WHERE '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s OR '\n\t\t\t. '`src_attrib` LIKE %s;',\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-fix-style$suffix.js?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-prefilter-override$suffix.js?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-admin$suffix.css?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-admin$suffix.js?ver=" . $ver ),\n\t\t\t$wild . $wpdb->esc_like( "no-unsafe-inline-mutation-observer$suffix.js?ver=" . $ver )\n\t\t)	`src/Nunil_Lib_Db.php:1992:17`	Security

568 total row(s)


04.12.2025, 22:00:33	29s	12	234	334
20.11.2025, 07:18:40	30s	12	234	334
17.11.2025, 09:20:56	26s	12	234	334

No unsafe-inline

Security554

Plugin Repository7

General6

src/Nunil_Lib_Db.php374 issues in this fileTotal: 374Errors: 230Warnings: 144

admin/class-no-unsafe-inline-admin.php40 issues in this fileTotal: 40Warnings: 40

admin/partials/class-no-unsafe-inline-admin-logs-table.php38 issues in this fileTotal: 38Warnings: 38

admin/partials/class-no-unsafe-inline-external-list.php27 issues in this fileTotal: 27Warnings: 27

admin/partials/class-no-unsafe-inline-events-list.php25 issues in this fileTotal: 25Warnings: 25

admin/partials/class-no-unsafe-inline-inline-list.php25 issues in this fileTotal: 25Warnings: 25

admin/partials/no-unsafe-inline-whitelist-tables.php16 issues in this fileTotal: 16Warnings: 16

uninstall.php6 issues in this fileTotal: 6Errors: 1Warnings: 5

src/Nunil_Lib_Utils.php4 issues in this fileTotal: 4Warnings: 4

src/Nunil_Admin_Support_Box.php3 issues in this fileTotal: 3Warnings: 3