WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
Keep schema changes in activation or upgrade routines and make them idempotent.

References

WordPress database access

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1001	Dynamic Pricing With Discount Rules for WooCommerce	30	136	131	5k+	2 months ago	Output Not Escaped
#1002	Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site Performance	30	164	439	100k+	21 days ago	Interpolated Not Prepared
#1003	PublishPress Blocks – Block Controls, Block Visibility, Block Permissions	30	251	340	20k+	5 days ago	Unsafe Printing Function
#1004	Analytics Insights – Google Analytics Dashboard for WordPress	30	241	170	10k+	29 days ago	Unsafe Printing Function
#1005	ApplyOnline – Application Form Builder and Manager	30	354	260	2k+	24 days ago	Output Not Escaped
#1006	Contact Form 7 Connector	30	324	196	5k+	11 months ago	Text Domain Mismatch
#1007	aThemes Starter Sites	30	259	195	40k+	18 days ago	Text Domain Mismatch
#1008	Private groups	30	583	316	1k+	1 month ago	Unsafe Printing Function
#1009	Buy Me a Coffee – Button and Widget Plugin	30	139	140	6k+	5 days ago	Output Not Escaped
#1010	Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster	30	306	434	30k+	13 days ago	Non Prefixed Variable Found
#1011	Contact Form 7 – PayPal & Stripe Add-on	30	385	233	8k+	26 days ago	Unsafe Printing Function
#1012	Custom Field Template	30	521	618	30k+	2 months ago	Recommended
#1013	DethemeKit for Elementor	30	335	228	30k+	1 year ago	Output Not Escaped
#1014	Easy Affiliate Links	30	186	198	7k+	1 month ago	missing direct file access protection
#1015	Element Invader – Template Kits for Elementor	30	274	130	3k+	5 months ago	Output Not Escaped
#1016	Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant	30	264	221	4k+	1 year ago	Missing Unslash
#1017	Kargo Takip, Kargo SMS, İlçe Mahalle Sözleşme by Hezarfen	30	69	276	2k+	16 days ago	Non Prefixed Variable Found
#1018	Import WooCommerce Suite	30	80	434	4k+	1 month ago	Interpolated Not Prepared
#1019	Invisible reCaptcha for WordPress	30	90	185	80k+	6 years ago	Input Not Sanitized
#1020	Jetpack Protect	30	657	217	100k+	2 months ago	Text Domain Mismatch
#1021	Mailrelay	30	318	170	2k+	11 months ago	Text Domain Mismatch
#1022	Meow Gallery	30	111	182	10k+	23 days ago	Direct Query
#1023	MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor	30	63	227	600k+	13 days ago	Non Prefixed Variable Found
#1024	PayU CommercePro Plugin	30	95	270	7k+	1 month ago	Text Domain Mismatch
#1025	Popularis Extra	30	237	141	7k+	7 months ago	Output Not Escaped
#1026	Popup Builder – Create highly converting, mobile friendly marketing popups.	30	26	722	200k+	26 days ago	Non Prefixed Variable Found
#1027	QA Assistants – Driven by data	30	4	867	2k+	2 months ago	Non Prefixed Variable Found
#1028	Qi Blocks	30	47	344	60k+	7 days ago	Non Prefixed Variable Found
#1029	Real Cookie Banner: GDPR & ePrivacy Cookie Consent	30	9	496	100k+	26 days ago	Unescaped DBParameter
#1030	Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates	30	60	387	3k+	14 days ago	Non Prefixed Variable Found
#1031	SmartCrawl SEO checker, analyzer & optimizer	30	347	1,307	20k+	4 days ago	Non Prefixed Variable Found
#1032	SMTP for Amazon SES – YaySMTP	30	197	122	3k+	1 month ago	Exception Not Escaped
#1033	Subscriptions for WooCommerce	30	1	1,190	10k+	today	Non Prefixed Variable Found
#1034	Taboola	30	89	147	1k+	8 months ago	Output Not Escaped
#1035	User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress	30	484	280	3k+	7 months ago	Text Domain Mismatch
#1036	Waitlist Woocommerce ( Back in stock notifier )	30	272	311	4k+	1 month ago	Output Not Escaped
#1037	Checkout with Cash App on WooCommerce	30	122	308	2k+	5 months ago	Non Prefixed Variable Found
#1038	Dropify	30	130	252	2k+	5 months ago	Recommended
#1039	FOX – Currency Switcher Professional for WooCommerce	30	211	1,022	50k+	10 days ago	Non Prefixed Variable Found
#1040	WooCommerce Stripe Payment Gateway	30	173	591	700k+	7 days ago	Non Prefixed Hookname Found
#1041	WooPayments: Integrated WooCommerce Payments	30	177	298	900k+	1 month ago	Exception Not Escaped
#1042	WCPOS – Point of Sale (POS) plugin for WooCommerce	30	77	228	5k+	5 days ago	Recommended
#1043	WooCommerce Tax (formerly WooCommerce Shipping & Tax)	30	103	198	600k+	today	Non Prefixed Class Found
#1044	WP 2FA – Two-factor authentication for WordPress	30	269	380	100k+	1 month ago	Exception Not Escaped
#1045	WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar	30	113	419	1k+	1 month ago	Non Prefixed Variable Found
#1046	WP Inventory Manager	30	856	233	1k+	12 days ago	Output Not Escaped
#1047	WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA	30	484	222	2k+	5 months ago	Unsafe Printing Function
#1048	WPS Cleaner	30	430	491	20k+	12 months ago	Output Not Escaped
#1049	YayPricing – WooCommerce Dynamic Pricing & Discounts	30	174	186	3k+	1 month ago	Non Prefixed Variable Found
#1050	YASR – Yet Another Star Rating Plugin for WordPress	30	252	378	10k+	1 year ago	Output Not Escaped