WordPress.DB.DirectDatabaseQuery.DirectQuery
Direct Query
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2801 | Debug Bar Console | 44 | 23 | 9 | 1k+ | Missing Arg Domain | ||
| #2802 | ELEX WooCommerce Role Based Pricing | 44 | 213 | 196 | 2k+ | Non-prefixed global variable | ||
| #2803 | Github Embed | 44 | 18 | 35 | 1k+ | Non-prefixed global variable | ||
| #2804 | I Order Terms | 44 | 40 | 24 | 1k+ | Output is not escaped | ||
| #2805 | Narrative Publisher | 44 | 28 | 37 | 1k+ | Text Domain Mismatch | ||
| #2806 | Simple Full Screen Background Image | 44 | 23 | 13 | 10k+ | Output is not escaped | ||
| #2807 | Smart Archive Page Remove | 44 | 82 | 5 | 7k+ | Output is not escaped | ||
| #2808 | Smart Attachment Page Remove | 44 | 82 | 3 | 900 | Output is not escaped | ||
| #2809 | UiChemy — Figma Converter for Elementor, Gutenberg and Bricks | 44 | 7 | 85 | 9k+ | Nonce verification recommended | ||
| #2810 | Calculadora de Frete e Campos Checkout para o Brasil | 44 | 19 | 166 | 5k+ | Missing nonce verification | ||
| #2811 | WP Club Manager – WordPress Sports Club Plugin | 44 | 171 | 682 | 600 | Non-prefixed global variable | ||
| #2812 | Ajax Archive Calendar | 45 | 40 | 18 | 1k+ | date date | ||
| #2813 | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro | 45 | 26 | 117 | 20k+ | Non-prefixed hook name | ||
| #2814 | Extended Post Status | 45 | 27 | 27 | 1k+ | Output is not escaped | ||
| #2815 | Icons Font Loader – Load Web Fonts and Icon Libraries | 45 | 47 | 33 | 2k+ | Text Domain Mismatch | ||
| #2816 | Inazo's flamingo automatically delete old messages | 45 | 33 | 20 | 4k+ | Output is not escaped | ||
| #2817 | Evergreen Countdown Timer | 45 | 193 | 35 | 2k+ | wp function not compatible with requires wp | ||
| #2818 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #2819 | Jetpack Search | 45 | 925 | 426 | 5k+ | Text Domain Mismatch | ||
| #2820 | Passwords Evolved | 45 | 26 | 17 | 1k+ | Output is not escaped | ||
| #2821 | Popup Box – Easily Create WordPress Popups | 45 | 7 | 151 | 7k+ | Non-prefixed global variable | ||
| #2822 | Product Visibility by User Role for WooCommerce | 45 | 36 | 35 | 6k+ | Missing Translators Comment | ||
| #2823 | Related Posts By PickPlugins | 45 | 4 | 84 | 4k+ | Non-prefixed global variable | ||
| #2824 | Super Blank | 45 | 131 | 56 | 10k+ | Missing direct file access protection | ||
| #2825 | ARI Stream Quiz – WordPress Quizzes Builder | 46 | 21 | 239 | 2k+ | Non-prefixed global variable | ||
| #2826 | Display Featured Image for Genesis | 46 | 64 | 59 | 1k+ | Non-prefixed global variable | ||
| #2827 | Easy Basic Authentication – Add basic auth to site or admin area | 46 | 14 | 28 | 600 | Input is not sanitized | ||
| #2828 | Easy Subscribe | 46 | 132 | 700 | Direct Query | |||
| #2829 | GetAutoSEO AI Tool | 46 | 10 | 250 | 1k+ | Direct Query | ||
| #2830 | Gravity Forms Constant Contact | 46 | 36 | 27 | 3k+ | Non-prefixed class | ||
| #2831 | Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress | 46 | 16 | 247 | 10k+ | Non-prefixed global variable | ||
| #2832 | Podcast Player – Your Podcasting Companion | 46 | 14 | 133 | 10k+ | Non-prefixed global variable | ||
| #2833 | Repeater Fields for Gravity Forms | 46 | 134 | 41 | 1k+ | wp function not compatible with requires wp | ||
| #2834 | RY Tools for WooCommerce | 46 | 295 | 5k+ | Non-prefixed class | |||
| #2835 | Stars Rating | 46 | 13 | 34 | 1k+ | Missing nonce verification | ||
| #2836 | Updater by BestWebSoft | 46 | 494 | 219 | 2k+ | Text Domain Mismatch | ||
| #2837 | SX User Name Security | 46 | 42 | 9 | 900 | Output is not escaped | ||
| #2838 | Widget Disable | 46 | 19 | 19 | 10k+ | Output is not escaped | ||
| #2839 | WP All Import – Import SEO Settings for Yoast SEO | 46 | 19 | 26 | 20k+ | Nonce verification recommended | ||
| #2840 | 404 Image Redirection (Replace Broken Images) | 47 | 118 | 85 | 600 | Text Domain Mismatch | ||
| #2841 | Delete Duplicate Posts | 47 | 9 | 50 | 10k+ | Direct Query | ||
| #2842 | DPO Pay for WooCommerce | 47 | 28 | 41 | 1k+ | Non Singular String Literal Text | ||
| #2843 | Show IDs by Echo | 47 | 21 | 13 | 2k+ | Output is not escaped | ||
| #2844 | Extended CRM for Users Insights | 47 | 11 | 23 | 400 | Missing nonce verification | ||
| #2845 | Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator | 47 | 44 | 83 | 10k+ | Missing direct file access protection | ||
| #2846 | Log Emails | 47 | 19 | 29 | 6k+ | Non-prefixed global variable | ||
| #2847 | Real Media Library: Media Library Folder & File Manager | 47 | 1 | 365 | 100k+ | Direct Query | ||
| #2848 | Security Ninja For MainWP | 47 | 246 | 71 | 500 | Text Domain Mismatch | ||
| #2849 | Tabby Checkout | 47 | 33 | 46 | 4k+ | Non-prefixed class | ||
| #2850 | Taxonomy Switcher | 47 | 23 | 36 | 2k+ | Nonce verification recommended |
