WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2251Get Custom Field Values3740441k+Output is not escaped
#2252果果推送3731561k+Nonce verification recommended
#2253GHL Gravity Bridge – Send Gravity Forms leads to GHL CRM3759269600Direct Query
#2254Google for WooCommerce37328121800k+Exception output is not escaped
#2255XML Sitemap Generator for Google3743791m+Input is not validated
#2256GoPay for WooCommerce37661031k+Non-prefixed global variable
#2257GS Portfolio for Envato37155754k+Text Domain Mismatch
#2258Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder378311320k+SQL query is not prepared
#2259HandL UTM Grabber / Tracker372714110k+Missing nonce verification
#2260Horizontal scrolling announcements372151408k+Output is not escaped
#2261Humans TXT3715986400Output is not escaped
#2262Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs37371021k+Non-prefixed global variable
#2263JS Help Desk – AI-Powered Support & Ticketing System37174067k+Missing nonce verification
#2264Language Switcher37811051k+Missing Translators Comment
#2265LearnPress – Course Review37674320k+Output is not escaped
#2266Lightbox with PhotoSwipe371792420k+Output is not escaped
#2267LiveJournal Importer3786678k+Output is not escaped
#2268MailMunch – Grow your Email List3782846k+Output is not escaped
#2269Maintenance Page3762333k+Output is not escaped
#2270Media Sweep – WordPress Media Cleaner37561371k+Interpolated SQL is not prepared
#2271Metorik – Reports & Email Automation for WooCommerce37757010k+Output is not escaped
#2272CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor37469540k+Dynamic hook name
#2273My Post Order37100114400Output is not escaped
#2274news ticker benaceur371,097311k+Output is not escaped
#2275NextGEN Scroll Gallery3733281k+Output is not escaped
#2276Ninja Van (MY)37212581k+Non-prefixed global variable
#2277Sendle Shipping Plugin379164800wp function not compatible with requires wp
#2278Oliver POS – WooCommerce POS for iPhone, iPad & Android3715242800Interpolated SQL is not prepared
#2279WP All Export – Order Export for WooCommerce371091113k+Text Domain Mismatch
#2280OSM – OpenStreetMap371306410k+Output is not escaped
#2281Page scroll to id3738120100k+Missing nonce verification
#2282Panda Pods Repeater Field379260600Non-prefixed global variable
#2283Phoenix Media Rename3717510450k+Output is not escaped
#2284PNG to JPG371301739k+Interpolated SQL is not prepared
#2285Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales3759642k+SQL query is not prepared
#2286Product Image Hover Effects WOOC – WPSHARE2473716194800Output is not escaped
#2287Publish to Schedule37195434k+Text Domain Mismatch
#2288Quentn WP374251500Nonce verification recommended
#2289Recent Posts Widget With Thumbnails3722246100k+Output is not escaped
#2290RSS Image Feed37147162k+Output is not escaped
#2291Ryviu – Review Importer & Product Reviews3772951k+Output is not escaped
#2292Invoice1233713898400Text Domain Mismatch
#2293Send PDF for Contact Form 737223089k+Non-prefixed global variable
#2294Sensei LMS Certificates37973624k+Non-prefixed global variable
#2295Sezzle Woocommerce Payment371081051k+Text Domain Mismatch
#2296Snippet Shortcodes373591334k+Non Singular String Literal Domain
#2297Simple Image XML Sitemap37119161k+Output is not escaped
#2298Lightbox slider – Responsive Lightbox Gallery37361733k+Non-prefixed global variable
#2299Time Clock – A WordPress Employee & Volunteer Time Clock Plugin37166107500Output is not escaped
#2300Tracking Code Manager37554290k+Output is not escaped