WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1751ECS – Ele Custom Skin for Elementor3499205100k+Text Domain Mismatch
#1752Empik for Woocommerce3470259400Missing nonce verification
#1753ePayco Plugin for WooCommerce341551363k+Text Domain Mismatch
#1754Event Post34329991k+Output is not escaped
#1755Meta for WooCommerce3466186400k+Non-prefixed hook name
#1756Fancy Comments WordPress34359392k+Unsafe printing function
#1757Featured Video Plus349910510k+Non-prefixed global variable
#1758Flash Toolkit3415924210k+Non-prefixed global variable
#1759Floating Side Tab3494153600Non-prefixed global variable
#1760FluentAuth – The Ultimate Authorization & Security Plugin for WordPress344422910k+Nonce verification recommended
#1761FV Gravatar Cache345042700Output is not escaped
#1762Geolocation IP Detection3422716720k+Output is not escaped
#1763APG Google Video Sitemap Feed349645800Output is not escaped
#1764Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program34131352600Missing nonce verification
#1765Signature Add-On for Gravity Forms34161481k+Text Domain Mismatch
#1766Greenshift – animation and page builder blocks343327270k+Non-prefixed global variable
#1767HollerBox — Fast & Effective Popups & Lead-Generation3478922k+Output is not escaped
#1768우커머스 포트원 플러그인 (국내 모든 PG를 한 번에)3436181700Nonce verification recommended
#1769Image Cleanup3452941k+Nonce verification recommended
#1770Import XML and RSS Feeds34260852k+Unsafe printing function
#1771Inavii Social Feed – Live Social Proof Gallery345321809k+Text Domain Mismatch
#1772JS Archive List3499313k+Output is not escaped
#1773Lenix Leads Collector3441424210k+Text Domain Mismatch
#1774Login with Vipps and MobilePay34263174900Output is not escaped
#1775MailChimp Forms by MailMunch341205510k+Output is not escaped
#1776Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin34364593k+Input is not sanitized
#1777MantraBrain Starter Sites | MantraBrain Theme Demo Importer34117611k+Output is not escaped
#1778Mass Ping Tool for SEO – WordPress ping list to get indexed faster on Google, Yandex, …347796500Output is not escaped
#1779Media Vault34115150800Output is not escaped
#1780Melhor Envio342427610k+Nonce verification recommended
#1781Meow Analytics (Google Analytics)348054400Output is not escaped
#1782Meow Lightbox34775210k+Non Singular String Literal Domain
#1783Montonio for WooCommerce344425710k+Non-prefixed global variable
#1784Multi Step Form342771369k+Output is not escaped
#1785My Tickets – Accessible Event Ticketing34314566700Nonce verification recommended
#1786Ni WooCommerce Custom Order Status342561392k+Text Domain Mismatch
#1787One User Avatar | User Profile Picture3468190100k+Non-prefixed global variable
#1788Optima Express IDX347123710k+Non-prefixed class
#1789Child Theme Creator by Orbisius34863910k+Output is not escaped
#1790OwnerRez347956700Unsafe printing function
#1791Payoneer Checkout34168415k+Exception output is not escaped
#1792PhonePe Payment Solutions347710610k+Missing direct file access protection
#1793PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget34462989k+Missing nonce verification
#1794PW WooCommerce Bulk Edit3421914920k+Unsafe printing function
#1795QuadLayers Telegram Button34149711k+Text Domain Mismatch
#1796Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers3426186320k+Non-prefixed global variable
#1797Redirection34322942m+Non-prefixed class
#1798Responsive Menu – Create Mobile-Friendly Menu34684070k+Nonce verification recommended
#1799Event Timeline – Vertical Timeline34266841k+Non-prefixed global variable
#1800RTMKit341038050k+Non-prefixed global variable