PluginCheck.Security.DirectDB.UnescapedDBParameter

Database parameter is not escaped

A value is passed into database-related code without escaping, preparation, or strict allowlisting.

critical weight

Why It Shows Up

Plugin Check found a database parameter that appears to come from dynamic input without the usual `$wpdb->prepare()` protection.

Why It Matters

Database parameters often influence queries directly. Unsafe values can corrupt data access or create SQL injection risk.

How to Fix

  • Use `$wpdb->prepare()` for values.
  • Use explicit allowlists for table names, column names, order fields, and directions.
  • Sanitize and validate request data before it reaches query construction.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#251NotifSMS – SMS Notifications OTP & 2FA for WordPress & WooCommerce221,3531,4122k+Non-prefixed global variable
#252User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration222871,43220k+Non-prefixed global variable
#253WPBITS Addons For Elementor Page Builder229961,3992k+Non-prefixed global variable
#254WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell225,9962,7905k+Text Domain Mismatch
#255ShopWP22430225700Text Domain Mismatch
#256WPSSO Core – Complete Schema Markup and Meta Tags221,4074125k+Missing Translators Comment
#257WUPO Group Attributes for WooCommerce225921,391400Non-prefixed global variable
#258YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports2265443510k+Exception output is not escaped
#259YITH WooCommerce Ajax Search224081,65930k+Non-prefixed global variable
#260ЮKassa для WooCommerce225901689k+Short PHP open tag found
#261Recipe Cards For Your Food Blog from Zip Recipes221,1261,7311k+Non-prefixed global variable
#262Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce231,1851,0271k+Text Domain Mismatch
#263Gutenberg Blocks – ACF Blocks Suite231,0971,449400Non-prefixed global variable
#264Advanced Custom Fields: Extended231,885329100k+Text Domain Mismatch
#265Custom WooCommerce Checkout Fields Editor237551,3862k+Non-prefixed global variable
#266Admin and Site Enhancements (ASE)23136330200k+Nonce verification recommended
#267Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily235451,397500Non-prefixed global variable
#268Advanced Product Labels for WooCommerce2392155920k+Text Domain Mismatch
#269AI Engine – The Chatbot, AI Framework & MCP for WordPress23411544100k+error log error log
#270Fullscreen Menu235371,2872k+Non-prefixed global variable
#271AR for WordPress23149508400Non-prefixed global variable
#272Autocomplete Address and Location Picker for WooCommerce236301,2992k+Non-prefixed global variable
#273BA Book Everything231,1841,08610k+Output is not escaped
#274Kadence Security – Password, Two Factor Authentication, and Brute Force Protection231,053967700k+Missing Translators Comment
#275Booking calendar, Appointment Booking System231,0791,1254k+Output is not escaped
#276Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content2323829420k+error log print r
#277BSK PDF Manager231,5766257k+Text Domain Mismatch
#278BuddyDrive237221,5971k+Non-prefixed global variable
#279Announcement & Notification Banner – Bulletin239301,5762k+Non-prefixed global variable
#280Business Directory Plugin – Easy Listing Directories for WordPress236111,05810k+Non-prefixed global variable
#281Captivate Sync231745571k+Non-prefixed global variable
#282Geo Controller232035441k+Non-prefixed global variable
#283All In One Login — Login Page Security and Customization for WordPress with Google reCAPTCHA, Social Login, Temporary Login, 2FA, and more.237501,35960k+Non-prefixed global variable
#284Church Admin231,6434,202900Direct Query
#285Classified Listing – AI-Powered Classified ads & Business Directory231552,0749k+Non-prefixed global variable
#286CLUEVO LMS, E-Learning Platform231,8431,176400Text Domain Mismatch
#287Content Aware Sidebars – Fastest Widget Area Plugin239931,73830k+Non-prefixed global variable
#288Content Egg – Affiliate Product Importer & Price Comparison231,2311,25710k+Non-prefixed global variable
#289Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)23306587100k+Dynamic hook name
#290Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe239,31026,642900Non-prefixed global variable
#291Free Theme Builder for Elementor – CRT Addons (Header, Footer, Archive, WooCommerce & 50+ Widgets)237912,331400Non-prefixed global variable
#292Auto Post Cleaner237151,3781k+Non-prefixed global variable
#293Disable Bloat for WordPress & WooCommerce238631,32510k+Non-prefixed global variable
#294Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy2317082140k+Non-prefixed global variable
#295Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification236756431k+Unsafe printing function
#296Easy Age Verify231,1382,6311k+Non-prefixed global variable
#297Easy Digital Downloads – eCommerce Payments and Subscriptions made easy233,72310,28340k+Non-prefixed namespace
#298Marijuana Age Verify231,1542,6301k+Non-prefixed global variable
#299EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder233561,5152k+Non-prefixed global variable
#300ElementsReady Addons for Elementor232316663k+Non-prefixed global variable