The solution is simple, remove the $wpdb->prepare( ) part. Keep what’s inside.
So instead of…
$wpdb->get_col( $wpdb->prepare( 'SELECT blah blah' ) );
$wpdb->get_col( 'SELECT blah blah' );
There’s no need for the prepare since nothing in there is a user submitted data, no need for the security measure.
But contact me on email please. Since it’s not a WP theme from TF i’m just wondering about the code and is it just that part or more. You have nothing to worry about.