WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2101Conditional Payments for WooCommerce3629218410k+Text Domain Mismatch
#2102Conditional Shipping for WooCommerce369319610k+Non-prefixed global variable
#2103Continuous Image Carousel With Lightbox362551291k+Output is not escaped
#2104CP Blocks3646381k+wp function not compatible with requires wp
#2105Crelly Slider3642118510k+Unsafe printing function
#2106CSH Login3612641500Output is not escaped
#2107Custom Category Post Order368083500Text Domain Mismatch
#2108Dashboard Widgets Suite362061244k+Output is not escaped
#2109Database Collation Fix3650321k+Output is not escaped
#2110Desktop Mode3615872k+Direct Query
#2111Doneren met Mollie364203514k+SQL query is not prepared
#2112Duplicate Post – duplicate pages, copy content, clone posts3671815k+wp function not compatible with requires wp
#2113Dynamic Copyright Year3697243800Output is not escaped
#2114Dynamic Front-End Heartbeat Control362171111k+Text Domain Mismatch
#2115Dynamic Visibility for Elementor36568950k+Non-prefixed hook name
#2116WP CTA – Call Now Button, Sticky Button & Call to Action Builder3614332k+Non-prefixed global variable
#2117Easy Support Videos – Embed videos in the admin3616095500Output is not escaped
#2118Enhanced Media Library3636111760k+Unsafe printing function
#2119Enormail Sign Up Forms36133126400Output is not escaped
#2120Events Manager and WPML Compatibility361011771k+Direct Query
#2121FreePay for WooCommerce36114102400Output is not escaped
#2122Friendly Functions for Welcart36311831k+Non Singular String Literal Domain
#2123Genesis Sandbox Featured Content Widget36229241k+Text Domain Mismatch
#2124GetPaid > Wallet36149174700Text Domain Mismatch
#2125Google SEO Pressor for Rich snippets3651160400Missing nonce verification
#2126Google Webfont Optimizer364549700Output is not escaped
#2127Header Footer Script Adder – Insert Code in Header, Body & Footer36203781k+Text Domain Mismatch
#2128Header Footer Code Manager3681180600k+Non-prefixed global variable
#2129Optimize Social Share36203613k+Unsafe printing function
#2130HTML Forms – Simple WordPress Forms Plugin3623116610k+Output is not escaped
#2131HTTP Requests Manager3698901k+Output is not escaped
#2132IntelliWidget Per Page Custom Menus and Dynamic Content36586162600Output is not escaped
#2133Italy Cookie Choices (for EU Cookie Law & Cookie Notice)361157710k+Unsafe printing function
#2134Lara's Google Analytics (GA4)36303579k+Unsafe printing function
#2135Legal Text Connector of the IT-Recht Kanzlei36454610k+Exception output is not escaped
#2136Libro de Reclamaciones y Quejas362661244k+Text Domain Mismatch
#2137LONG URL MAKER3639711k+Direct Query
#2138LocalWeb All In One36342975k+Non-prefixed global variable
#2139MailMunch – Grow your Email List36102496k+Output is not escaped
#2140Manage Notification E-mails3612998100k+Non-prefixed function
#2141Materialis Companion36129676k+Unsafe printing function
#2142Media Deduper3660999k+Missing Arg Domain
#2143Microsoft Clarity3648163200k+Nonce verification recommended
#2144Multiple Sidebars3610975600Non Singular String Literal Domain
#2145News Manager3613457600Output is not escaped
#2146NextGEN Custom Fields362151311k+SQL query is not prepared
#2147MailerLite – Signup forms (official)36430158100k+Output is not escaped
#2148We’re Open!362731875k+Unsafe printing function
#2149Order Status History for WooCommerce362101711k+Output is not escaped
#2150Ovation Elements362339910k+Non-prefixed global variable