WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#751Xagio SEO – AI Powered SEO2921,27310k+Direct Query
#752Xpro Addons — 140+ Widgets for Elementor292782630k+Non-prefixed global variable
#753Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site Performance30164439100k+Interpolated SQL is not prepared
#754AI Product Tools – Bulk Product Content Generator & AI Toolkit for WooCommerce30502560400SQL query is not prepared
#755AutoWP – AI Content Writer & Rewriter305483701k+Text Domain Mismatch
#756Sliding Cart for WooCommerce by FunnelKit – Skip Cart & Reach WooCommerce Checkout Faster3030643430k+Non-prefixed global variable
#757Cryptocurrency Donation Box – Bitcoin & Crypto Donations30334284500Output is not escaped
#758EasyParcel Shipping– All-in-one Shipping Solution, Real-Time Shipping Rates3031610600Non-prefixed global variable
#759FormLift for Keap (Legacy) Web Forms30162315400Request data is not unslashed
#760Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant302642214k+Non Singular String Literal Text
#761Mailrelay303181701k+Text Domain Mismatch
#762PayU CommercePro Plugin30952707k+Text Domain Mismatch
#763Popup Builder – Create highly converting, mobile friendly marketing popups.3026722200k+Non-prefixed global variable
#764QA Assistants – Driven by data3048672k+Non-prefixed global variable
#765Real Cookie Banner: GDPR & ePrivacy Cookie Consent309496100k+Database parameter is not escaped
#766Rublon Multi-Factor Authentication (MFA)30216160500Output is not escaped
#767Webling30147313500Input is not validated
#768FOX – Currency Switcher Professional for WooCommerce302111,02250k+Non-prefixed global variable
#769Photo Gallery Slideshow & Masonry Tiled Gallery308063521k+Output is not escaped
#770YASR – Yet Another Star Rating Plugin for WordPress3025237810k+Output is not escaped
#771Zoho CRM Lead Magnet301011,0253k+Request data is not unslashed
#772Advanced Woo Search – Product Search for WooCommerce3122837770k+Nonce verification recommended
#773Asgaros Forum3116741210k+Output is not escaped
#774AI ChatBot with ChatGPT and Content Generator by AYS31170378400Non-prefixed global variable
#775SEO合集(支持百度/Google/Bing/头条推送)31131,407800Direct Query
#776Buy Me a Coffee – Button and Widget Plugin311381406k+Output is not escaped
#777CleverReach® WP31103934k+Non-prefixed global variable
#778MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions316642732k+Text Domain Mismatch
#779Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)311132332k+Non-prefixed namespace
#780افزونه پیامک حرفه ای فراز اس ام اس31891802k+wp function not compatible with requires wp
#781WP Gravity Forms Constant Contact Plugin31684164600Text Domain Mismatch
#782GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets314021561k+Text Domain Mismatch
#783Image Hotspot – Map Image Annotation31952873k+Non-prefixed global variable
#784ImgSEO – AI Image Alt Text Generator & Image SEO Tools311677400Direct Query
#785Interactive Image Map Builder311603811k+Non-prefixed global variable
#786Active Products Tables for WooCommerce. Use constructor to create tables313644241k+Output is not escaped
#787Raffle Play Woocommerce31151199800Output is not escaped
#788Rank Math SEO – AI SEO Tools to Dominate SEO Rankings31453734m+Non-prefixed global variable
#789Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification312848302k+Missing nonce verification
#790Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker31639356k+Interpolated SQL is not prepared
#791Worldline Global Online Pay for WooCommerce3116086500Missing direct file access protection
#792WP Simple Booking Calendar3133738020k+Output is not escaped
#793WP Visitor Statistics (Real Time Traffic)3135369120k+Nonce verification recommended
#794WP ULike – Like & Dislike Buttons for Engagement and Feedback3126935860k+Output is not escaped
#795WP125311781843k+Unsafe printing function
#796Hosting Benchmark tool312021154k+rand rand
#797One to one user Chat by WPGuppy3174187700Non-prefixed global variable
#798WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite31133438600Non-prefixed global variable
#799PayPal Zettle POS for WooCommerce31302444k+Exception output is not escaped
#800ActiveDEMAND321571611k+Output is not escaped