Line ~77 of /includes/profile.php on

[mrwpress]

This query should be reworked to:

$query = "DELETE FROM {$wpdb->prefix}oauth_access_tokens WHERE user_id = %d AND ap_generated = %d"; $query = $wpdb->prepare( $query, $user_id, 1 ); $wpdb->query( $query );

It is VERY important to use the prepare() method. I am not going to put further reviews about it. You should check the plugin throughout and refactor.