WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1951Lead Form Builder & Contact Form354003459k+Output is not escaped
#1952Lead Generation Form352163600Non-prefixed global variable
#1953Log HTTP Requests357182k+Interpolated SQL is not prepared
#1954Login Page Styler – Custom WordPress Login Page Customizer & Security351251682k+Missing Arg Domain
#1955Mail Queue352277900Direct Query
#1956MapSVG – Vector maps, Image maps, Google Maps3574471k+Missing direct file access protection
#1957Mark Posts3530341k+Output is not escaped
#1958Marquee image crawler35168136700Non-prefixed global variable
#1959Mechanic Visitor Counter35240667k+Output is not escaped
#1960Media Credit3528351k+Non-prefixed global variable
#1961MeetingHub – Webinar & Meeting Plugin for Zoom, Google Meet, Webex, Microsoft Teams, & Jitsi Meet3533289400Non-prefixed global variable
#1962Restaurant Menu – Food Ordering System – Table Reservation353171868k+Unsafe printing function
#1963MONEI Payments for WooCommerce351565500Non-prefixed hook name
#1964AI Product Search for WooCommerce – Motive Commerce Search357082400Missing direct file access protection
#1965Moyasar35436128700Text Domain Mismatch
#1966Hide from Search35583k+Missing direct file access protection
#1967Never Let Me Go353447400Non-prefixed global variable
#1968NGG Smart Image Search35298155400Output is not escaped
#1969Nginx Cache Controller3579961k+Text Domain Mismatch
#1970Ni WooCommerce Sales Report35236256500Text Domain Mismatch
#1971Nooz35287108500Text Domain Mismatch
#1972Noted!355221k+Non-prefixed global variable
#1973NS Cloner – Site Copier3529167k+Missing direct file access protection
#1974Fonts Plugin | Google Fonts, Adobe Fonts & Upload Fonts35418200k+Missing direct file access protection
#1975One Page Express Companion351326510k+Output is not escaped
#1976ONet Regenerate Thumbnails35190641k+Text Domain Mismatch
#1977OPcache Manager35155751k+Output is not escaped
#1978Orderable – Restaurant & Food Ordering System35123245k+Non-prefixed global variable
#1979Paybox WooCommerce Payment Gateway3516588500Non Singular String Literal Domain
#1980Paytm Payment Gateway35921043k+Missing Arg Domain
#1981Perfecty Push Notifications352042134k+SQL query is not prepared
#1982Pixeline's Email Protector35775800Unsafe printing function
#1983Accept Cryptocurrencies with Plisio3537471k+Text Domain Mismatch
#1984Popular Posts3516671900Unsafe printing function
#1985Popup with fancybox351961681k+Unsafe printing function
#1986Post Content Shortcodes35205562k+Output is not escaped
#1987Post Draft Preview354969700Text Domain Mismatch
#1988Posts Table with Search & Sort35143333k+Text Domain Mismatch
#1989Presto Player353777100k+Missing Arg Domain
#1990Product Input Fields for WooCommerce3518844k+Non-prefixed function
#1991Min Max Step Quantity Limits Manager for WooCommerce35671583k+Non-prefixed global variable
#1992Protect the Children!352341k+Missing nonce verification
#1993Quran multilanguage Text & Audio35177166500Output is not escaped
#1994ReactPress – Create React App for WordPress3526433k+Request data is not unslashed
#1995Real Time Validation for Gravity Forms35185302k+Output is not escaped
#1996Related Posts by Taxonomy351319710k+Output is not escaped
#1997Related Posts for WordPress3520718010k+Output is not escaped
#1998ReOrder Posts within Categories35392077k+Non-prefixed global variable
#1999Reseller Store3556341k+Output is not escaped
#2000WP Responsive Tabs horizontal vertical and accordion Tabs355982122k+Output is not escaped