Path: exporter.php Line: 224
Sink: get_results Source:
Taint: HTTP Code Summary
A code quality issue was detected in line 224 of the file exporter.php in the function p4_px_single_post_authors_list().

$wpdb->get_results(sprintf("SELECT DISTINCT post_author FROM {$wpdb->posts} WHERE ID IN( %s ) AND post_status != 'auto- draft'", $post_ids));

A SQL query is constructed dynamically by concatenation. This can lead to SQL injection attacks. It is recommended to use prepared statements for all SQL queries. The prepared statement itself should only use placeholders for data and never concatenate data directly into the query.