WordPress.DB.DirectDatabaseQuery.DirectQuery
Direct Query
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1251 | Rating by BestWebSoft | 28 | 509 | 218 | 500 | Text Domain Mismatch | ||
| #1252 | ReDi Restaurant Reservation – Instant Availability & Confirmation | 28 | 1,013 | 239 | 800 | Unsafe printing function | ||
| #1253 | Redis Object Cache | 28 | 151 | 103 | 400k+ | Exception output is not escaped | ||
| #1254 | Responsive Lightbox & Gallery | 28 | 139 | 513 | 100k+ | Non-prefixed hook name | ||
| #1255 | Secure Downloads | 28 | 616 | 406 | 600 | Output is not escaped | ||
| #1256 | Praison AI SEO | 28 | 643 | 306 | 1k+ | Text Domain Mismatch | ||
| #1257 | Transliterator – Multilingual and Multi-script Text Conversion | 28 | 305 | 320 | 3k+ | Output is not escaped | ||
| #1258 | Slider Pro | 28 | 583 | 527 | 4k+ | Unsafe printing function | ||
| #1259 | Sparkle Demo Importer | 28 | 307 | 166 | 6k+ | Text Domain Mismatch | ||
| #1260 | Tab – Accordion, FAQ | 28 | 104 | 542 | 1k+ | Non-prefixed global variable | ||
| #1261 | Temporary Login Without Password | 28 | 128 | 131 | 100k+ | wp function not compatible with requires wp | ||
| #1262 | Terms descriptions | 28 | 222 | 423 | 1k+ | Non-prefixed function | ||
| #1263 | Themesflat Addons For Elementor | 28 | 714 | 227 | 40k+ | Output is not escaped | ||
| #1264 | Ultimate FAQ Accordion Plugin | 28 | 386 | 227 | 30k+ | Unsafe printing function | ||
| #1265 | Jetpack VaultPress | 28 | 71 | 362 | 10k+ | Missing nonce verification | ||
| #1266 | VG WORT METIS | 28 | 150 | 317 | 900 | Nonce verification recommended | ||
| #1267 | WC Fields Factory | 28 | 194 | 369 | 7k+ | Nonce verification recommended | ||
| #1268 | 10WebSocial | 28 | 584 | 185 | 10k+ | Unsafe printing function | ||
| #1269 | PayZen for WooCommerce | 28 | 258 | 214 | 600 | Output is not escaped | ||
| #1270 | Product Gallery Slider, Additional Variation Images for WooCommerce | 28 | 552 | 316 | 20k+ | Output is not escaped | ||
| #1271 | Dynamic Product Gallery for WooCommerce | 28 | 414 | 303 | 1k+ | Output is not escaped | ||
| #1272 | Email Inquiry & Cart Options for WooCommerce | 28 | 194 | 291 | 800 | Output is not escaped | ||
| #1273 | Product Sort and Display for WooCommerce | 28 | 199 | 235 | 2k+ | Output is not escaped | ||
| #1274 | WP ADA Compliance Check Basic | 28 | 785 | 177 | 3k+ | Text Domain Mismatch | ||
| #1275 | WP GoToWebinar | 28 | 207 | 207 | 700 | Non-prefixed function | ||
| #1276 | WhyDonate – FREE Donate button – Crowdfunding – Fundraising | 28 | 216 | 328 | 800 | Non-prefixed global variable | ||
| #1277 | WPS Bidouille | 28 | 472 | 215 | 10k+ | Output is not escaped | ||
| #1278 | WP Synchro – The Ultimate WordPress Migration Tool | 28 | 243 | 244 | 2k+ | Missing Translators Comment | ||
| #1279 | WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买 | 28 | 57 | 138 | 500 | Request data is not unslashed | ||
| #1280 | YITH WooCommerce Product Bundles | 28 | 404 | 1,480 | 3k+ | Non-prefixed global variable | ||
| #1281 | Accordion Slider | 29 | 391 | 444 | 2k+ | Unsafe printing function | ||
| #1282 | Accordion Slider Gallery | 29 | 379 | 142 | 1k+ | Text Domain Mismatch | ||
| #1283 | Advance coupon for WooCommerce | 29 | 472 | 241 | 900 | Text Domain Mismatch | ||
| #1284 | Adminimize | 29 | 296 | 691 | 200k+ | Non-prefixed global variable | ||
| #1285 | AI Copilot – Content Generator | 29 | 166 | 161 | 1k+ | wp function not compatible with requires wp | ||
| #1286 | AL Pack | 29 | 13 | 816 | 2k+ | Non-prefixed global variable | ||
| #1287 | Alt Text AI – Automatically generate image alt text for SEO and accessibility | 29 | 72 | 280 | 20k+ | Non-prefixed global variable | ||
| #1288 | AppPresser – Mobile App Framework | 29 | 262 | 214 | 1k+ | Text Domain Mismatch | ||
| #1289 | aThemeArt Theme Helper | 29 | 206 | 151 | 2k+ | Non-prefixed global variable | ||
| #1290 | Attribute Stock for WooCommerce – Shared Stock & Variable Quantities (Lite Version) | 29 | 481 | 313 | 2k+ | Text Domain Mismatch | ||
| #1291 | Better Google Analytics | 29 | 376 | 869 | 2k+ | Non-prefixed global variable | ||
| #1292 | Bitcoin Payments – Blockonomics | 29 | 208 | 227 | 3k+ | Output is not escaped | ||
| #1293 | Plugin BlueX for WooCommerce | 29 | 431 | 216 | 2k+ | Text Domain Mismatch | ||
| #1294 | Branded Social Images – Open Graph Images with logo and extra text layer | 29 | 254 | 92 | 900 | Non Singular String Literal Domain | ||
| #1295 | Businessx Extensions | 29 | 337 | 529 | 1k+ | Non-prefixed function | ||
| #1296 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | 29 | 236 | 369 | 2k+ | Non-prefixed global variable | ||
| #1297 | Chained Quiz | 29 | 1,132 | 721 | 1k+ | Text Domain Mismatch | ||
| #1298 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #1299 | Countdown, Coming Soon, Maintenance – Countdown & Clock | 29 | 1,735 | 143 | 10k+ | Non Singular String Literal Domain | ||
| #1300 | Database Cleaner | 29 | 135 | 297 | 10k+ | Direct Query |
