WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1701Textmetrics33324163400Output is not escaped
#1702White Label CMS33409207200k+Unsafe printing function
#1703Rich Showcase for Google Reviews33213278100k+Output is not escaped
#1704Wonder Slider Lite332731878k+Output is not escaped
#1705Product Addons for Woocommerce – Product Options with Custom Fields3312411430k+Output is not escaped
#1706Min Max Control – Min Max Quantity & Step Control for WooCommerce339621510k+Non-prefixed global variable
#1707Hyyan WooCommerce Polylang Integration331412208k+Nonce verification recommended
#1708CartBounty – Save and recover abandoned carts for WooCommerce3337039910k+Output is not escaped
#1709CatalogX – Catalog Mode, Enquiry & Quotes for WooCommerce332291055k+Text Domain Mismatch
#1710Pay. Payment Methods for WooCommerce333161043k+Non Singular String Literal Domain
#1711PDF Invoices Italian Add-on for WooCommerce333252005k+Non Singular String Literal Domain
#1712WOW Slider331761013k+Output is not escaped
#1713Books Gallery – Book Showcase, Library & Affiliate Plugin331,7531782k+Output is not escaped
#1714WP Edit3333713740k+Unsafe printing function
#1715WP EXtra – One Click Optimize334141017k+Missing Arg Domain
#1716WP Social AutoConnect33290144500Output is not escaped
#1717Connector for Gravity Forms and Google Sheets336921553k+Text Domain Mismatch
#1718WP Multilang – Translation and Multilingual Plugin335111810k+Database parameter is not escaped
#1719WP-UserOnline3311116110k+Output is not escaped
#1720WPReplace内容字符替换插件33209195800Non Singular String Literal Domain
#1721XML Sitemaps3365622k+Output is not escaped
#1722Zita Site Library for Elementor331071351k+Text Domain Mismatch
#1723Advanced Coupons for WooCommerce Coupons & Store Credit347421420k+Non-prefixed global variable
#1724Advanced Shipping Validation for WooCommerce34331127400Text Domain Mismatch
#1725AI WP Writer – SEO content generator, chatGPT, Gemini345815093k+Text Domain Mismatch
#1726All-in-One WP Migration and Backup3447695m+Missing nonce verification
#1727Assistant – Every Day Productivity Apps34124974k+Exception output is not escaped
#1728Audit Trail349010710k+Unsafe printing function
#1729AyeCode Connect3417825310k+Nonce verification recommended
#1730Beeketing for WooCommerce – Marketing Automation to Boost Sales34113123600SQL query is not prepared
#1731Blog-in-Blog346493800Non-prefixed function
#1732BoldGrid Easy SEO – Simple and Effective SEO3414910440k+Text Domain Mismatch
#1733Buckets346876500Output is not escaped
#1734BuddyPress & BuddyBoss Member Profile Forms34154121400Text Domain Mismatch
#1735Campi Moduli Italiani3472363500Unquoted Complex Placeholder
#1736CM Search And Replace – Optimize content edits with a powerful search and replace tool342861112k+Output is not escaped
#1737Contact Form 7 – PayPal & Stripe Add-on34932337k+Exception output is not escaped
#1738Cornerstone3416117430k+Nonce verification recommended
#1739CSS JS Manager, Async JavaScript, Defer Render Blocking CSS34761061k+Input is not validated
#1740Custom Post Type Attachment3415349800wp function not compatible with requires wp
#1741Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager3432307100k+Non-prefixed global variable
#1742Datafeedr API34307486k+Output is not escaped
#1743DD Last Viewed34193132500Output is not escaped
#1744Debug Log Manager Tool34441433k+Nonce verification recommended
#1745Document Library Lite34149854k+Text Domain Mismatch
#1746Download After Email – Subscribe & Download Form Plugin34223567k+Input is not validated
#1747Dr. Flex3483511k+Output is not escaped
#1748Easy Social Sharing34162401k+Non-prefixed global variable
#1749EasyIndex34741351k+Missing nonce verification
#1750Einsatzverwaltung341521281k+Output is not escaped