WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2051Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices35225220k+Direct Query
#2052Wooplatnica352724400Non-prefixed class
#2053Access Areas for WordPress351795400Direct Query
#2054WP Associate Post R235259863k+Output is not escaped
#2055WP Cassify35106143700Missing nonce verification
#2056Custom Body Class353910110k+Non-prefixed global variable
#2057WP Dark Mode – Improve Accessibility with AI Powered Dark Theme352016020k+Non-prefixed global variable
#2058WP Datepicker352251817k+Output is not escaped
#2059Database Backup for WordPress351288870k+Output is not escaped
#2060Mail logging – WP Mail Catcher3523215720k+Text Domain Mismatch
#2061WP Open Street Map35591113k+Input is not validated
#2062WP-PageNavi358495500k+Non Singular String Literal Domain
#2063WP-Persian35144377k+Unsafe printing function
#2064WP-PostViews3513264100k+Unsafe printing function
#2065WP All Import – Property Import for WP Residence354132700Output is not escaped
#2066video carousel slider with lightbox353501361k+Output is not escaped
#2067WP Store Locator35261450k+wp function not compatible with requires wp
#2068WP System Information3523730700Text Domain Mismatch
#2069Integration for WooCommerce and QuickBooks352631251k+Output is not escaped
#2070WPCore Plugin Manager35118389k+Text Domain Mismatch
#2071WP Views Counter3581422k+Output is not escaped
#2072WPFront User Role Editor3533357830k+Output is not escaped
#2073wpLingua – Automatic translation – Translate and make website multilingual35791672k+Nonce verification recommended
#2074WPPerformanceTester3594441k+Output is not escaped
#2075WPZOOM Addons for Elementor – Starter Templates & Widgets3516013020k+Output is not escaped
#2076WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress357410910k+Nonce verification recommended
#2077WPZOOM Portfolio Lite – Filterable Portfolio Plugin35429220k+Non-prefixed global variable
#2078xili-tidy-tags352241571k+Output is not escaped
#2079Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts35481145k+Non-prefixed hook name
#2080Yes/No Chart351361392k+Unsafe printing function
#2081Year Make Model Search for WooCommerce351881621k+Output is not escaped
#2082Yotpo: Product & Photo Reviews for WooCommerce35241892k+Non-prefixed function
#2083Embeds for YouTube3525530710k+Non-prefixed global variable
#2084Ziina3510252k+Input is not sanitized
#2085Product Labels For Woocommerce (Sale Badges)36904810k+Output is not escaped
#2086Advanced Export for WP & WPMU3612455700Output is not escaped
#2087SOOZ – AI for SEO – Bulk Generate Focus Keyphrases, Metadata, Alt Text (SEO Autopilot)3643422k+Nonce verification recommended
#2088Bard Extra3615975700Text Domain Mismatch
#2089Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder36332210k+Nonce verification recommended
#2090Blaze Demo Importer36101948k+Output is not escaped
#2091BlockStrap Page Builder – Bootstrap Blocks3681892k+Missing direct file access protection
#2092BP Disable Activation Reloaded3614728800Output is not escaped
#2093BP Group Documents3627195600Non-prefixed global variable
#2094BP Profile Search36321855k+Output is not escaped
#2095WOLF – WordPress Posts Bulk Editor and Manager Professional3615744k+Request data is not unslashed
#2096Bulk Post Update Date36966610k+Unsafe printing function
#2097Better WordPress Recent Comments3631969600Text Domain Mismatch
#2098Carousel Horizontal Posts Content Slider36271592k+Text Domain Mismatch
#2099Simple SEO3616411310k+Non Singular String Literal Domain
#2100Multi Step for Contact Form 7366110610k+Missing nonce verification