Escape the U2F key handle during lookup (#351)

providers/class.two-factor-fido-u2f.php

@@ -367,7 +367,12 @@ public static function delete_security_key( $user_id, $keyHandle = null ) {
 		$query = $wpdb->prepare( "SELECT umeta_id FROM $table WHERE meta_key = '%s' AND user_id = %d", self::REGISTERED_KEY_USER_META_KEY, $user_id );
 
 		if ( $keyHandle ) {
-			$query .= $wpdb->prepare( ' AND meta_value LIKE %s', '%:"' . $keyHandle . '";s:%' );
+			$key_handle_lookup = sprintf( ':"%s";s:', $keyHandle ); // phpcs:ignore WordPress.NamingConventions.ValidVariableName.VariableNotSnakeCase
+
+			$query .= $wpdb->prepare(
+				' AND meta_value LIKE %s',
+				'%' . $wpdb->esc_like( $key_handle_lookup ) . '%'
+			);
 		}
 
 		$meta_ids = $wpdb->get_col( $query );