Create easily maps with OpenStreetMap
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $maps_table used in $wpdb->get_results("SELECT * FROM ".$maps_table." ORDER BY name")\n$maps_table assigned unsafely at line 178:\n $maps_table = $wpdb->prefix . "wp_openstreetmap"\n$maps_markers_table assigned unsafely at line 180:\n $maps_markers_table = $wpdb->prefix . "wp_openstreetmap_markers"\n$_GET['task'] used without escaping.\n$_REQUEST['_wpnonce'] used without escaping.\n$_POST used without escaping.\n$query assigned unsafely at line 220:\n $query = $wpdb->prepare( $query, $_POST['id'], stripslashes_deep(sanitize_text_field($_POST['name'])), sanitize_text_field($_POST['width']), sanitize_text_field($_POST['height']), intval($_POST['zoom']), floatval($_POST['latitude']), floatval($_POST['longitude']) )\nNote: sanitize_text_field() is not a safe escaping function.\n$query assigned unsafely at line 214:\n $query = "REPLACE INTO ".$maps_table." (`id`, `name`, `width`, `height`, `zoom`, `latitude`, `longitude`)\r\n\r\n\t\t\t\t\t\t\tVALUES (%d, %s, %s, %s, %d, %f, %f)" | 240:23 | Security |
| ERROR | plugin_header_invalid_network | The "Network" header in the plugin file is not valid. Can only be set to true, and should be left out when not needed. | — | Plugin Repo |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $q | 400:32 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 220:\n $query = $wpdb->prepare( $query, $_POST['id'], stripslashes_deep(sanitize_text_field($_POST['name'])), sanitize_text_field($_POST['width']), sanitize_text_field($_POST['height']), intval($_POST['zoom']), floatval($_POST['latitude']), floatval($_POST['longitude']) )\nNote: sanitize_text_field() is not a safe escaping function.\n$query assigned unsafely at line 214:\n $query = "REPLACE INTO ".$maps_table." (`id`, `name`, `width`, `height`, `zoom`, `latitude`, `longitude`)\r\n\r\n\t\t\t\t\t\t\tVALUES (%d, %s, %s, %s, %d, %f, %f)"\n$maps_table assigned unsafely at line 178:\n $maps_table = $wpdb->prefix . "wp_openstreetmap"\n$maps_markers_table assigned unsafely at line 180:\n $maps_markers_table = $wpdb->prefix . "wp_openstreetmap_markers"\n$_GET['task'] used without escaping.\n$_REQUEST['_wpnonce'] used without escaping.\n$_POST used without escaping. | 224:15 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $query used in $wpdb->query($query)\n$query assigned unsafely at line 400:\n $query = $wpdb->prepare( $q, intval($_GET['id']))\n$q assigned unsafely at line 398:\n $q = "DELETE FROM ".$maps_markers_table." WHERE id_map = %d"\n$maps_markers_table assigned unsafely at line 180:\n $maps_markers_table = $wpdb->prefix . "wp_openstreetmap_markers"\n$_GET['task'] used without escaping.\n$_REQUEST['_wpnonce'] used without escaping.\n$_POST used without escaping.\n$maps_table assigned unsafely at line 178:\n $maps_table = $wpdb->prefix . "wp_openstreetmap" | 402:14 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $query | 402:21 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $q | 302:32 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $maps_table | 240:52 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $q | 408:32 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $q | 334:35 | Security |
| 11/14/2025, 3:18:21 PM | 12s | 60 | 51 | 99 |