WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2201WP Header Images361741336k+Unsafe printing function
#2202WP Mail36202201500Output is not escaped
#2203WP Hardening (discontinued)362308510k+Text Domain Mismatch
#2204WP Sort Order361342116k+Direct Query
#2205WP Super Edit36351852k+Nonce verification recommended
#2206WPAvatar3642545700Unsafe printing function
#2207WP fail2ban Blocklist3661633k+SQL query is not prepared
#2208WPLMS H5P361111061k+Text Domain Mismatch
#2209Wppao Sitemap36128219k+Output is not escaped
#2210wpShopGermany IT-RECHT KANZLEI363747500Input is not sanitized
#2211Database Snapshots – WPvivid36661081k+Direct Query
#2212YayExtra – WooCommerce Extra Product Options36114721k+Non-prefixed global variable
#2213Visual CSS Style Editor3628323340k+Output is not escaped
#2214Custom Product Tabs for WooCommerce36878180k+Output is not escaped
#2215Zeno – AI-Powered Chatbot36311131500Text Domain Mismatch
#2216Redirectioner372344101k+Output is not escaped
#2217Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs37403610k+Missing direct file access protection
#2218AJAX Hits Counter + Popular Posts Widget37247441k+Output is not escaped
#2219Anything Popup371641852k+Non-prefixed global variable
#2220Async JavaScript373577970k+Unsafe printing function
#2221avalex – Automatisch sichere Rechtstexte3725851k+Direct Query
#2222Avatar Privacy3782361k+Missing direct file access protection
#2223Random Posts and Pages Widget37322151k+Output is not escaped
#2224Banhammer – Monitor Site Traffic, Block Bad Users and Bots371041741k+Output is not escaped
#2225bunny.net – WordPress CDN Plugin3716515910k+Output is not escaped
#2226Contact Zalo Report SW374439900Missing Arg Domain
#2227Call Now Button – The #1 Click to Call Button for WordPress371,2735200k+Exception output is not escaped
#2228Carousel Upsells and Related Product for Woocommerce37173351k+Output is not escaped
#2229ClickRank – Ai SEO Automation37102261k+Direct Query
#2230CodePeople Post Map for Google Maps37257313k+Unsafe printing function
#2231Lightweight Subscribe To Comments37105701k+Unsafe printing function
#2232Constant Contact Forms by MailMunch37147532k+wp function not compatible with requires wp
#2233CookieAdmin – Cookie Consent Banner374386400k+Nonce verification recommended
#2234CorvusPay WooCommerce Payment Gateway37291411k+Missing nonce verification
#2235Crafty Social Buttons37279271k+Non Singular String Literal Domain
#2236Simple Custom CSS and JS3716869600k+Output is not escaped
#2237Customer Email Verification for WooCommerce371651642k+Nonce verification recommended
#2238Debug Log Viewer3726831k+Missing nonce verification
#2239Disclaimer Popup37313531k+Text Domain Mismatch
#2240Donation Block For PayPal3723106600Input is not validated
#2241Pricing Table WordPress Plugin – Easy Pricing Tables3733216110k+Output is not escaped
#2242Easy Testimonial Slider and Form3714144700Request data is not unslashed
#2243Eazy CF Captcha379354500Text Domain Mismatch
#2244Encyclopedia / Glossary / Wiki37263481k+Output is not escaped
#2245Excerpt Editor37170142500Unsafe printing function
#2246Exploit Scanner37251308k+Non-prefixed global variable
#2247Favorites3720412110k+Unsafe printing function
#2248Get Custom Field Values3740441k+Output is not escaped
#2249果果推送3731561k+Nonce verification recommended
#2250GHL Gravity Bridge – Send Gravity Forms leads to GHL CRM3759269600Direct Query