WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1501Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification312888422k+Missing nonce verification
#1502Web Push Notifications – Webpushr3116929310k+Output is not escaped
#1503Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker31639356k+Interpolated SQL is not prepared
#1504Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets31837295100k+Unsafe printing function
#1505Return Refund and Exchange For WooCommerce31247134k+Non-prefixed global variable
#1506WooCommerce Legacy REST API31324177400k+Missing Translators Comment
#1507Tooltips for WordPress313122525k+Output is not escaped
#1508Worldline Global Online Pay for WooCommerce3116086500Missing direct file access protection
#1509WPGatsby31125553k+Text Domain Mismatch
#1510HireZoot – Job Listings, Career Page & Recruitment Tool311455540k+Non-prefixed global variable
#1511WP Simple Booking Calendar3133738020k+Output is not escaped
#1512WP Visitor Statistics (Real Time Traffic)3135369120k+Nonce verification recommended
#1513WP ULike – Like & Dislike Buttons for Engagement and Feedback3126935860k+Output is not escaped
#1514WP125311781843k+Unsafe printing function
#1515Hosting Benchmark tool312021154k+rand rand
#1516One to one user Chat by WPGuppy3174187700Non-prefixed global variable
#1517WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite31133438600Non-prefixed global variable
#1518YITH Color and Label Variations for WooCommerce313931,4289k+Non-prefixed global variable
#1519YITH WooCommerce Brands Add-On313931,4259k+Non-prefixed global variable
#1520YITH WooCommerce Catalog Mode313801,41860k+Non-prefixed global variable
#1521YITH WooCommerce Featured Video313831,4343k+Non-prefixed global variable
#1522YITH Frequently Bought Together for WooCommerce313891,4528k+Non-prefixed global variable
#1523YITH WooCommerce Order & Shipment Tracking313801,4207k+Non-prefixed global variable
#1524YITH Request a Quote for WooCommerce314081,48110k+Non-prefixed global variable
#1525YITH WooCommerce Tab Manager313951,4294k+Non-prefixed global variable
#1526Zendesk Support for WordPress31195882k+Output is not escaped
#1527PayPal Zettle POS for WooCommerce31302444k+Exception output is not escaped
#1528ActiveDEMAND321571611k+Output is not escaped
#1529Advanced Access Manager – Access Governance for WordPress3284962100k+Output is not escaped
#1530AI Alt Text Generator3276241k+Missing Translators Comment
#1531All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier32325102600Missing Arg Domain
#1532annasta Filters for WooCommerce321,0734412k+Text Domain Mismatch
#1533APCu Manager3215112610k+Output is not escaped
#1534Author Avatars List/Block32851354k+Non-prefixed hook name
#1535Auto YouTube Importer323381731k+Text Domain Mismatch
#1536Better Chat Support for Messenger32731031k+Interpolated SQL is not prepared
#1537Better Robots.txt – AI-Ready Crawl Control & Bot Governance3255835k+error log error log
#1538Blog2Social: Social Media Auto Post & Scheduler32795750k+Direct Query
#1539BuddyPress for LearnDash321902841k+Output is not escaped
#1540Quantity Discounts, Breaks & Product Bundles for Woocommerce By Bundler32147319400Direct Query
#1541Code Manager32217261500Nonce verification recommended
#1542Vimeotheque – Vimeo WordPress Plugin & Video Gallery326422642k+Unsafe printing function
#1543Ultimate WooCommerce Filters32322207600Unsafe printing function
#1544Contact Form Block326477500Non Singular String Literal Domain
#1545Cooked – Recipe Management324622753k+Output is not escaped
#1546CSV Import and Exporter32831381k+Non-prefixed global variable
#1547Currency Switcher for WooCommerce3235726310k+Text Domain Mismatch
#1548Download Attachments32691888k+Non-prefixed hook name
#1549Enter Addons – Ultimate Template Builder for Elementor3282721k+Output is not escaped
#1550Fable Extra32792824k+Non-prefixed global variable