diff --git a/WordPress-Plugin-Security-Testing-Cheat-Sheet.md b/WordPress-Plugin-Security-Testing-Cheat-Sheet.md
index 9b62956..97a2e36 100644
--- a/WordPress-Plugin-Security-Testing-Cheat-Sheet.md
+++ b/WordPress-Plugin-Security-Testing-Cheat-Sheet.md
@@ -95,6 +95,8 @@ Note: Before WordPress 3.5 ```$wpdb->prepare``` could be used insecurely as you
 
 ```$wpdb->query( $wpdb->prepare( "INSERT INTO table (user, pass) VALUES ('$user', '$pass')" ) );```
 
+Example regex: `wpdb->(query|get_var|get_row|get_col|get_results|replace)\((?!.*prepare).*\);`
+
 ### SQL Injection Tips
 
 Unsafe escaping ('securing') API methods: