WordPress.DB.DirectDatabaseQuery.DirectQuery
Direct Query
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1301 | Businessx Extensions | 29 | 337 | 529 | 1k+ | Non-prefixed function | ||
| #1302 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms | 29 | 236 | 369 | 2k+ | Non-prefixed global variable | ||
| #1303 | Chained Quiz | 29 | 1,132 | 721 | 1k+ | Text Domain Mismatch | ||
| #1304 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | Request data is not unslashed | ||
| #1305 | Countdown, Coming Soon, Maintenance – Countdown & Clock | 29 | 1,735 | 143 | 10k+ | Non Singular String Literal Domain | ||
| #1306 | Custom Field Template | 29 | 568 | 530 | 30k+ | wp function not compatible with requires wp | ||
| #1307 | Di Themes Demo Site Importer | 29 | 343 | 183 | 1k+ | Text Domain Mismatch | ||
| #1308 | Display Tweets | 29 | 135 | 135 | 900 | Non-prefixed global variable | ||
| #1309 | Document Gallery | 29 | 183 | 98 | 8k+ | Output is not escaped | ||
| #1310 | DoLogin Security | 29 | 312 | 305 | 7k+ | Output is not escaped | ||
| #1311 | Interactive Image Map Plugin – Draw Attention | 29 | 620 | 227 | 20k+ | Output is not escaped | ||
| #1312 | Everest Toolkit | 29 | 145 | 141 | 1k+ | Missing Translators Comment | ||
| #1313 | Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules | 29 | 185 | 504 | 2k+ | Non-prefixed global variable | ||
| #1314 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | 29 | 74 | 78 | 600k+ | Missing Translators Comment | ||
| #1315 | Getwid – Gutenberg Blocks | 29 | 139 | 173 | 50k+ | Non-prefixed global variable | ||
| #1316 | Gianism | 29 | 395 | 154 | 700 | Text Domain Mismatch | ||
| #1317 | reCaptcha by BestWebSoft | 29 | 474 | 272 | 100k+ | Text Domain Mismatch | ||
| #1318 | Image Hover Effects Ultimate ( Image Gallery, Effects, Lightbox, Comparison & Magnifier ) | 29 | 20 | 825 | 20k+ | Non-prefixed namespace | ||
| #1319 | Jetpack Boost – Website Speed, Performance and Critical CSS | 29 | 659 | 247 | 200k+ | Text Domain Mismatch | ||
| #1320 | Wishlist for WooCommerce | 29 | 610 | 296 | 600 | Output is not escaped | ||
| #1321 | Kits, Templates and Patterns | 29 | 380 | 91 | 5k+ | Text Domain Mismatch | ||
| #1322 | Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress | 29 | 86 | 233 | 500 | Nonce verification recommended | ||
| #1323 | Meow Gallery | 29 | 113 | 182 | 10k+ | Direct Query | ||
| #1324 | Music Player for WooCommerce | 29 | 106 | 155 | 1k+ | Non-prefixed global variable | ||
| #1325 | MyWorks Sync for WooCommerce & Xero | 29 | 1 | 1,080 | 800 | Non-prefixed global variable | ||
| #1326 | Offload Media – Cloud Storage | 29 | 126 | 80 | 1k+ | unlink unlink | ||
| #1327 | Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization | 29 | 80 | 162 | 200k+ | Nonce verification recommended | ||
| #1328 | Page Restrict for WooCommerce | 29 | 579 | 374 | 700 | Text Domain Mismatch | ||
| #1329 | Page View Count | 29 | 108 | 247 | 10k+ | Dynamic hook name | ||
| #1330 | pCloud WP Backup | 29 | 120 | 73 | 1k+ | Exception output is not escaped | ||
| #1331 | Post Timeline | 29 | 91 | 200 | 800 | Missing nonce verification | ||
| #1332 | Post Views Counter | 29 | 179 | 398 | 200k+ | Non-prefixed hook name | ||
| #1333 | Recipe Card Blocks Lite | 29 | 151 | 408 | 10k+ | Non-prefixed global variable | ||
| #1334 | Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft | 29 | 487 | 262 | 800 | Text Domain Mismatch | ||
| #1335 | SamedayCourier Shipping | 29 | 336 | 269 | 4k+ | Non Singular String Literal Domain | ||
| #1336 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | Direct Query | ||
| #1337 | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | 29 | 148 | 246 | 5k+ | Unsafe printing function | ||
| #1338 | Shiptastic for WooCommerce | 29 | 154 | 662 | 10k+ | Non-prefixed global variable | ||
| #1339 | Slider by BestWebSoft | 29 | 478 | 336 | 400 | Text Domain Mismatch | ||
| #1340 | Social Engine | 29 | 133 | 90 | 600 | Exception output is not escaped | ||
| #1341 | SQLite Database Integration | 29 | 161 | 89 | 3k+ | Exception output is not escaped | ||
| #1342 | SureForms – Drag & Drop Contact Form & Form Builder, Payment Form, Survey, Quiz & Calculator | 29 | 336 | 198 | 500k+ | Text Domain Mismatch | ||
| #1343 | ووسلام – همگام سازی ووکامرس و باسلام | 29 | 192 | 611 | 4k+ | Non-prefixed global variable | ||
| #1344 | Themify – WooCommerce Product Filter | 29 | 643 | 145 | 20k+ | Output is not escaped | ||
| #1345 | Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX | 29 | 135 | 400 | 40k+ | Non-prefixed global variable | ||
| #1346 | Ultimate Auction for WooCommerce – Excellent WP Auction Plugin | 29 | 52 | 523 | 2k+ | Non-prefixed global variable | ||
| #1347 | User Verification by PickPlugins | 29 | 41 | 314 | 5k+ | Request data is not unslashed | ||
| #1348 | Visualizer – Tables & Charts Manager with Built-in AI Generator | 29 | 348 | 331 | 20k+ | Output is not escaped | ||
| #1349 | Custom Post Types and Custom Fields creator – WCK | 29 | 1,300 | 143 | 10k+ | Text Domain Mismatch | ||
| #1350 | weMail – Email Marketing, Newsletter Builder & Email Automations for WooCommerce | 29 | 276 | 68 | 10k+ | Missing direct file access protection |
