WordPress.DB.DirectDatabaseQuery.DirectQuery
Direct Query
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #3101 | Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini | 65 | 6 | 33 | 7k+ | Interpolated SQL is not prepared | ||
| #3102 | Slider Revolution Search Replace | 65 | 5 | 14 | 900 | Input is not validated | ||
| #3103 | SQL Buddy – Database Management Made Easy | 65 | 12 | 16 | 5k+ | SQL query is not prepared | ||
| #3104 | AC Advanced Flamingo Settings | 66 | 6 | 32 | 700 | Nonce verification recommended | ||
| #3105 | CP Media Player – Audio Player and Video Player | 66 | 224 | 48 | 3k+ | Text Domain Mismatch | ||
| #3106 | Easy PHP Settings | 66 | 34 | 48 | 1k+ | Missing Translators Comment | ||
| #3107 | FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration | 66 | 26 | 30 | 6k+ | Missing direct file access protection | ||
| #3108 | Leadpages | 66 | 6 | 62 | 10k+ | Direct Query | ||
| #3109 | Plugin Compatibility Checker | 66 | 73 | 18 | 9k+ | Text Domain Mismatch | ||
| #3110 | Product Code for WooCommerce | 66 | 13 | 54 | 1k+ | Missing direct file access protection | ||
| #3111 | Safe Redirect Manager | 66 | 9 | 60 | 40k+ | Non-prefixed hook name | ||
| #3112 | Ajax add to cart for WooCommerce | 66 | 67 | 31 | 10k+ | Text Domain Mismatch | ||
| #3113 | Frenet Shipping Gateway for WooCommerce – Correios, Etiquetas e Rastreio | 66 | 22 | 31 | 4k+ | Non-prefixed global variable | ||
| #3114 | WP Multisite User Sync/Unsync | 66 | 15 | 31 | 700 | Missing Arg Domain | ||
| #3115 | WP Redis | 66 | 11 | 25 | 9k+ | Interpolated SQL is not prepared | ||
| #3116 | Caddy – WooCommerce Side Cart & Free Shipping Bar | 67 | 38 | 199 | 3k+ | Non-prefixed global variable | ||
| #3117 | Editoria11y Accessibility Checker | 67 | 69 | 55 | 1k+ | Text Domain Mismatch | ||
| #3118 | Flexible Product Fields (WooCommerce Product Addons) – WooCommerce Product Page Editor | 67 | 57 | 98 | 10k+ | Non-prefixed global variable | ||
| #3119 | Missed Schedule Post Publisher | 67 | 11 | 10 | 7k+ | Output is not escaped | ||
| #3120 | Multilingual Forms for Fluent Forms with WPML | 67 | 52 | 16 | 1k+ | Text Domain Mismatch | ||
| #3121 | Per Page Sidebars | 67 | 12 | 11 | 900 | Input is not validated | ||
| #3122 | Printful Integration for WooCommerce | 67 | 218 | 76 | 50k+ | Text Domain Mismatch | ||
| #3123 | Product Specifications for Woocommerce | 67 | 12 | 80 | 1k+ | Non-prefixed global variable | ||
| #3124 | Recurio – Ultimate Subscription for WooCommerce | 67 | 311 | 1k+ | Direct Query | |||
| #3125 | wp-Typography | 67 | 91 | 33 | 20k+ | Missing direct file access protection | ||
| #3126 | Book Previewer for Woocommerce | 68 | 23 | 40 | 1k+ | Non-prefixed global variable | ||
| #3127 | Booter – Bots & Crawlers Manager | 68 | 81 | 7k+ | Non-prefixed global variable | |||
| #3128 | Member Swipe for BuddyPress | 68 | 9 | 13 | 500 | Missing direct file access protection | ||
| #3129 | Collapsing Categories | 68 | 29 | 8 | 4k+ | Missing direct file access protection | ||
| #3130 | Desert Companion | 68 | 412 | 837 | 20k+ | Non-prefixed global variable | ||
| #3131 | Export media with selected content (by DKZR) | 68 | 10 | 14 | 40k+ | Direct Query | ||
| #3132 | Faire for WooCommerce | 68 | 4 | 86 | 800 | Direct Query | ||
| #3133 | Free Assets Library – Openverse/Pixabay 600+ Million Images | 68 | 44 | 36 | 4k+ | Text Domain Mismatch | ||
| #3134 | 简数采集器 | 68 | 5 | 25 | 1k+ | Request data is not unslashed | ||
| #3135 | News Magazine X Core | 68 | 63 | 30 | 5k+ | Missing Translators Comment | ||
| #3136 | One Stop Shop for WooCommerce | 68 | 23 | 83 | 10k+ | Input is not sanitized | ||
| #3137 | PagBank for WooCommerce | 68 | 8 | 36 | 3k+ | Input is not sanitized | ||
| #3138 | Hide Title | 68 | 13 | 6 | 900 | Output is not escaped | ||
| #3139 | Reusable Gutenberg Blocks Widget | 68 | 24 | 9 | 500 | Output is not escaped | ||
| #3140 | Russian Post and EMS for WooCommerce | 68 | 16 | 47 | 1k+ | Non-prefixed global variable | ||
| #3141 | Shiptastic Integration for DHL | 68 | 54 | 36 | 10k+ | Missing Translators Comment | ||
| #3142 | Thank You Page for WooCommerce | 68 | 6 | 27 | 10k+ | Non-prefixed global variable | ||
| #3143 | WiserReview Product Reviews for WooCommerce | 68 | 21 | 110 | 900 | Non-prefixed global variable | ||
| #3144 | Ever Accounting – Accounting & Invoicing Solution for Small Businesses | 68 | 69 | 661 | 1k+ | Non-prefixed hook name | ||
| #3145 | WP Sanitize Accented Uploads | 68 | 15 | 16 | 800 | Quoted Simple Placeholder | ||
| #3146 | AdOpt | Easy Multi-Regulations Cookie Banner. | 69 | 22 | 27 | 7k+ | Missing direct file access protection | ||
| #3147 | Ambrosite Next/Previous Post Link Plus | 69 | 12 | 24 | 5k+ | Interpolated SQL is not prepared | ||
| #3148 | Auto Update Post Date | 69 | 11 | 23 | 1k+ | Input is not validated | ||
| #3149 | Bulk menu creator | 69 | 27 | 4 | 1k+ | Text Domain Mismatch | ||
| #3150 | Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) | 69 | 33 | 379 | 200k+ | Direct Query |