WordPress.DB.DirectDatabaseQuery.DirectQuery
Direct Query
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #901 | AForms — Form Builder for Price Calculator & Cost Estimation | 28 | 564 | 95 | 3k+ | Text Domain Mismatch | ||
| #902 | Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms | 28 | 649 | 357 | 9k+ | Text Domain Mismatch | ||
| #903 | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | 28 | 465 | 338 | 30k+ | Text Domain Mismatch | ||
| #904 | Maspik – Ultimate Spam Protection | 28 | 212 | 862 | 30k+ | Missing nonce verification | ||
| #905 | Deposits & Partial Payments for WooCommerce – Bayna | 28 | 593 | 336 | 1k+ | Output is not escaped | ||
| #906 | Dynamic User Directory | 28 | 403 | 256 | 1k+ | Output is not escaped | ||
| #907 | Discount Rules and Dynamic Pricing for WooCommerce | 28 | 182 | 334 | 10k+ | Output is not escaped | ||
| #908 | easy.jobs – AI powered Job Listing, Job Board, Career Page, Recruitment & Hiring Solution | 28 | 405 | 810 | 5k+ | Missing nonce verification | ||
| #909 | Embedder for Google Reviews | 28 | 529 | 1,323 | 6k+ | Non-prefixed global variable | ||
| #910 | Fluent Support – Helpdesk & Customer Support Ticket System | 28 | 50 | 271 | 10k+ | Direct Query | ||
| #911 | Reviews and Rating – Google Reviews | 28 | 343 | 219 | 20k+ | Text Domain Mismatch | ||
| #912 | گیتلند | درگاه پرداخت هوشمند گیتلند | 28 | 327 | 235 | 2k+ | Output is not escaped | ||
| #913 | Geo Mashup | 28 | 775 | 232 | 1k+ | Text Domain Mismatch | ||
| #914 | HootKit | 28 | 429 | 1,295 | 8k+ | Non-prefixed global variable | ||
| #915 | Kadence Starter Templates — Predesigned Website Templates | 28 | 312 | 215 | 300k+ | Missing Arg Domain | ||
| #916 | Kama Thumbnail | 28 | 80 | 47 | 9k+ | Output is not escaped | ||
| #917 | Maven Algolia | 28 | 148 | 89 | 6k+ | Non Singular String Literal Domain | ||
| #918 | Media Hygiene: Remove or Delete Unused Images and More! | 28 | 654 | 309 | 5k+ | Non Singular String Literal Domain | ||
| #919 | My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu) | 28 | 161 | 400 | 100k+ | Non-prefixed global variable | ||
| #920 | Notification for Telegram | 28 | 189 | 93 | 4k+ | Output is not escaped | ||
| #921 | Store Hours for WooCommerce | 28 | 525 | 60 | 2k+ | Output is not escaped | ||
| #922 | Order Tracking – WordPress Status Tracking Plugin | 28 | 619 | 772 | 3k+ | Unsafe printing function | ||
| #923 | Perfect Brands for WooCommerce | 28 | 112 | 143 | 40k+ | Non-prefixed constant | ||
| #924 | ووکامرس فارسی | 28 | 157 | 215 | 90k+ | Output is not escaped | ||
| #925 | افزونه حمل و نقل ووکامرس | پست پیشتاز، تیپاکس و پیک موتوری | 28 | 131 | 190 | 20k+ | Missing nonce verification | ||
| #926 | Podcast Importer SecondLine | 28 | 356 | 169 | 4k+ | Text Domain Mismatch | ||
| #927 | Redis Object Cache | 28 | 151 | 103 | 400k+ | Exception output is not escaped | ||
| #928 | Responsive Lightbox & Gallery | 28 | 139 | 513 | 100k+ | Non-prefixed hook name | ||
| #929 | Praison AI SEO | 28 | 643 | 306 | 1k+ | Text Domain Mismatch | ||
| #930 | Transliterator – Multilingual and Multi-script Text Conversion | 28 | 305 | 320 | 3k+ | Output is not escaped | ||
| #931 | Slider Pro | 28 | 583 | 527 | 4k+ | Unsafe printing function | ||
| #932 | Sparkle Demo Importer | 28 | 307 | 166 | 6k+ | Text Domain Mismatch | ||
| #933 | Tab – Accordion, FAQ | 28 | 104 | 542 | 1k+ | Non-prefixed global variable | ||
| #934 | Temporary Login Without Password | 28 | 128 | 131 | 100k+ | wp function not compatible with requires wp | ||
| #935 | Themesflat Addons For Elementor | 28 | 714 | 227 | 40k+ | Output is not escaped | ||
| #936 | Ultimate FAQ Accordion Plugin | 28 | 386 | 227 | 30k+ | Unsafe printing function | ||
| #937 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | Missing nonce verification | ||
| #938 | WC Fields Factory | 28 | 194 | 369 | 7k+ | Nonce verification recommended | ||
| #939 | 10WebSocial | 28 | 584 | 185 | 10k+ | Unsafe printing function | ||
| #940 | Product Gallery Slider, Additional Variation Images for WooCommerce | 28 | 552 | 316 | 20k+ | Output is not escaped | ||
| #941 | Dynamic Product Gallery for WooCommerce | 28 | 414 | 303 | 1k+ | Output is not escaped | ||
| #942 | Product Sort and Display for WooCommerce | 28 | 199 | 235 | 2k+ | Output is not escaped | ||
| #943 | WP ADA Compliance Check Basic | 28 | 785 | 177 | 3k+ | Text Domain Mismatch | ||
| #944 | WPS Bidouille | 28 | 472 | 215 | 10k+ | Output is not escaped | ||
| #945 | WP Synchro – The Ultimate WordPress Migration Tool | 28 | 243 | 244 | 2k+ | Missing Translators Comment | ||
| #946 | YITH WooCommerce Product Bundles | 28 | 404 | 1,480 | 3k+ | Non-prefixed global variable | ||
| #947 | Accordion Slider | 29 | 391 | 444 | 2k+ | Unsafe printing function | ||
| #948 | Adminimize | 29 | 296 | 691 | 200k+ | Non-prefixed global variable | ||
| #949 | AI Copilot – Content Generator | 29 | 166 | 161 | 1k+ | wp function not compatible with requires wp | ||
| #950 | AL Pack | 29 | 13 | 816 | 2k+ | Non-prefixed global variable |
