PluginScore

WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

References

WordPress database access

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#1BulletProof Security05,0484,94920k+2026-05-20Output Not Escaped
#2Plugin Check (PCP)012813210k+2026-05-29Exception Not Escaped
#3JetBackup – Backup, Restore & Migrate101,559145100k+2026-05-03Exception Not Escaped
#4Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more1532163500k+2026-04-01Direct Query
#5Visual Composer Website Builder168232040k+2025-08-06Non Prefixed Variable Found
#6JetFormBuilder — Dynamic Blocks Form Builder172,0941,58890k+2026-06-17Text Domain Mismatch
#7wpForo Forum174,0332,92220k+2026-05-31Unsafe Printing Function
#8WPtouch – Make your WordPress Website Mobile-Friendly171,46632550k+2025-12-04Text Domain Mismatch
#9Prime Slider Addons for Elementor183,500230100k+2026-06-15Text Domain Mismatch
#10WP Import Export Lite1873897940k+2025-08-04Non Prefixed Variable Found
#11Element Pack – Widgets, Templates & Addons for Elementor199,448517100k+2026-06-16Text Domain Mismatch
#12Download Monitor194251,36480k+2026-06-16Non Prefixed Hookname Found
#13Event Organiser191,10654420k+2024-10-10Text Domain Mismatch
#14Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution191,218901100k+2026-06-09Exception Not Escaped
#15Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)193,2753,22810k+2025-12-05Output Not Escaped
#16Matomo Analytics – Powerful, Privacy-First Insights for WordPress191,909878100k+2026-06-16Exception Not Escaped
#17Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization191,2952,6799k+2026-06-15Output Not Escaped
#18Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)195413853m+2026-06-17Missing Translators Comment
#19Membership Plugin – Kadence Memberships195,0822,9829k+2026-05-26Text Domain Mismatch
#20SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments195261,11990k+2026-06-16Non Prefixed Variable Found
#21BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot205081,40630k+2026-06-18Non Prefixed Variable Found
#22Brizy – Page Builder2058972070k+2026-06-09Output Not Escaped
#23Filter Everything — WordPress & WooCommerce Filters2056873050k+2026-06-18Output Not Escaped
#24GiveWP – Donation Plugin and Fundraising Platform203,4353,580100k+2026-06-15Output Not Escaped
#25Link Library201,9411,39710k+2026-04-26Unsafe Printing Function
#26Brevo – Email, SMS, Web Push, Chat, and more.20460646100k+2026-04-10Missing Unslash
#27Microthemer Lite – Visual Editor to Customize CSS201,0041,69910k+2026-04-15Non Prefixed Variable Found
#28Nimble Page Builder201,5911,68430k+2025-03-24Missing Arg Domain
#29Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF20557541100k+2026-05-19Output Not Escaped
#30Razorpay for WooCommerce20974855100k+2026-06-19Non Prefixed Function Found
#31Store Locator WordPress212,3721,57210k+2026-06-03Text Domain Mismatch
#32Backup Migration219811,09380k+2026-06-05Non Prefixed Variable Found
#33bbPress219293,672100k+2025-07-02Non Prefixed Function Found
#34CartFlows – Funnel Builder & Checkout Plugin for WooCommerce21461614200k+2026-06-02Text Domain Mismatch
#35Smart Grid-Layout Design for Contact Form 7211,12673410k+2026-05-08Output Not Escaped
#36Comet Cache2185724520k+2025-07-02Output Not Escaped
#37Cost Calculator Builder2132276530k+2026-06-19Non Prefixed Variable Found
#38Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+2026-05-22Output Not Escaped
#39Envo Extra2187860020k+2026-05-27Text Domain Mismatch
#40eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams211864379k+2026-04-13Non Prefixed Variable Found
#41Feeds for YouTube (YouTube video, channel, and gallery plugin)21558978100k+2026-06-10Output Not Escaped
#42Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More21521,959300k+2026-06-16Non Prefixed Variable Found
#43Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)214188511m+2026-06-01Non Prefixed Variable Found
#44Modular DS: Monitor, update, and backup multiple websites211618140k+2026-05-22Exception Not Escaped
#45MotoPress Hotel Booking213,0611,03710k+2026-06-15Text Domain Mismatch
#46Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred211,4693,33310k+2026-06-18Non Prefixed Variable Found
#47Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages211,1732,9839k+2026-06-02Non Prefixed Variable Found
#48Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction211,9185,06510k+2026-06-02Non Prefixed Hookname Found
#49User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor216961,48350k+2026-06-10Recommended
#50Five Star Restaurant Reservations – WordPress Booking Plugin211,0991,14710k+2026-06-19Output Not Escaped