WordPress.DB.DirectDatabaseQuery.DirectQuery

Direct Query

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#2801Debug Bar Console442391k+Missing Arg Domain
#2802ELEX WooCommerce Role Based Pricing442131962k+Non-prefixed global variable
#2803Github Embed4418351k+Non-prefixed global variable
#2804I Order Terms4440241k+Output is not escaped
#2805Narrative Publisher4428371k+Text Domain Mismatch
#2806Simple Full Screen Background Image44231310k+Output is not escaped
#2807Smart Archive Page Remove448257k+Output is not escaped
#2808Smart Attachment Page Remove44823900Output is not escaped
#2809UiChemy — Figma Converter for Elementor, Gutenberg and Bricks447859k+Nonce verification recommended
#2810Calculadora de Frete e Campos Checkout para o Brasil44191665k+Missing nonce verification
#2811WP Club Manager – WordPress Sports Club Plugin44171682600Non-prefixed global variable
#2812Ajax Archive Calendar4540181k+date date
#2813Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro452611720k+Non-prefixed hook name
#2814Extended Post Status4527271k+Output is not escaped
#2815Icons Font Loader – Load Web Fonts and Icon Libraries4547332k+Text Domain Mismatch
#2816Inazo's flamingo automatically delete old messages4533204k+Output is not escaped
#2817Evergreen Countdown Timer45193352k+wp function not compatible with requires wp
#2818JetHost Total Care – Security & Enhancements451085800Direct Query
#2819Jetpack Search459254265k+Text Domain Mismatch
#2820Passwords Evolved4526171k+Output is not escaped
#2821Popup Box – Easily Create WordPress Popups4571517k+Non-prefixed global variable
#2822Product Visibility by User Role for WooCommerce4536356k+Missing Translators Comment
#2823Related Posts By PickPlugins454844k+Non-prefixed global variable
#2824Super Blank451315610k+Missing direct file access protection
#2825ARI Stream Quiz – WordPress Quizzes Builder46212392k+Non-prefixed global variable
#2826Display Featured Image for Genesis4664591k+Non-prefixed global variable
#2827Easy Basic Authentication – Add basic auth to site or admin area461428600Input is not sanitized
#2828Easy Subscribe46132700Direct Query
#2829GetAutoSEO AI Tool46102501k+Direct Query
#2830Gravity Forms Constant Contact4636273k+Non-prefixed class
#2831Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress461624710k+Non-prefixed global variable
#2832Podcast Player – Your Podcasting Companion461413310k+Non-prefixed global variable
#2833Repeater Fields for Gravity Forms46134411k+wp function not compatible with requires wp
#2834RY Tools for WooCommerce462955k+Non-prefixed class
#2835Stars Rating4613341k+Missing nonce verification
#2836Updater by BestWebSoft464942192k+Text Domain Mismatch
#2837SX User Name Security46429900Output is not escaped
#2838Widget Disable46191910k+Output is not escaped
#2839WP All Import – Import SEO Settings for Yoast SEO46192620k+Nonce verification recommended
#2840404 Image Redirection (Replace Broken Images)4711885600Text Domain Mismatch
#2841Delete Duplicate Posts4795010k+Direct Query
#2842DPO Pay for WooCommerce4728411k+Non Singular String Literal Text
#2843Show IDs by Echo4721132k+Output is not escaped
#2844Extended CRM for Users Insights471123400Missing nonce verification
#2845Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator47448310k+Missing direct file access protection
#2846Log Emails4719296k+Non-prefixed global variable
#2847Real Media Library: Media Library Folder & File Manager471365100k+Direct Query
#2848Security Ninja For MainWP4724671500Text Domain Mismatch
#2849Tabby Checkout4733464k+Non-prefixed class
#2850Taxonomy Switcher4723362k+Nonce verification recommended