From e7bd0e6e1e171a041ac17b8b11abc812585f7645 Mon Sep 17 00:00:00 2001
From: grogou <eriktadevosyan07@gmail.com>
Date: Fri, 20 Aug 2021 16:53:56 +0400
Subject: [PATCH] Escape statuses for sql query

Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com>
---
 src/StoreApi/Utilities/ProductQueryFilters.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/StoreApi/Utilities/ProductQueryFilters.php b/src/StoreApi/Utilities/ProductQueryFilters.php
index 249e872a7f0..ba957489592 100644
--- a/src/StoreApi/Utilities/ProductQueryFilters.php
+++ b/src/StoreApi/Utilities/ProductQueryFilters.php
@@ -102,7 +102,7 @@ private function generate_stock_status_count_query( $status, $product_query_sql,
 			return false;
 		}
 		global $wpdb;
-
+		$status = esc_sql( $status );
 		return "
 			SELECT COUNT( DISTINCT posts.ID ) as status_count
 			FROM {$wpdb->posts} as posts