Use the %i placeholder to escape identifiers (eg. table names, fields, etc.) #397
Description
Since WordPress 6.2 it's possible to escape identifiers such as table names, fields, etc. in queries, see Escaping Table and Field names with wpdb::prepare() in WordPress.
This should help improve security in the unlikely scenario that someone somehow manages to inject malicious code in $wpdb->prefix or $wpdb->table_name for example.
This will require bumping the minimum required WordPress version to 6.2 and also possibly revising some WPCS exclusion rules as well.