WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#851Books Gallery – Book Showcase, Library & Affiliate Plugin331,7531782k+Output is not escaped
#852Connector for Gravity Forms and Google Sheets336921553k+Text Domain Mismatch
#853WP-UserOnline3311116110k+Output is not escaped
#854WPReplace内容字符替换插件33209195800Non Singular String Literal Domain
#855Advanced Coupons for WooCommerce Coupons & Store Credit347421420k+Non-prefixed global variable
#856Audit Trail349010710k+Unsafe printing function
#857Campi Moduli Italiani3472363500Unquoted Complex Placeholder
#858CSS JS Manager, Async JavaScript, Defer Render Blocking CSS34761061k+Input is not validated
#859Download After Email – Subscribe & Download Form Plugin34223567k+Input is not validated
#860Dr. Flex3483511k+Output is not escaped
#861Easy Social Sharing34162401k+Non-prefixed global variable
#862Reviews Widgets for Google, Yelp & TripAdvisor3427421210k+Output is not escaped
#863FluentAuth – The Ultimate Authorization & Security Plugin for WordPress344422910k+Nonce verification recommended
#864FV Gravatar Cache345042700Output is not escaped
#865HollerBox — Fast & Effective Popups & Lead-Generation3478922k+Output is not escaped
#866Inavii Social Feed – Live Social Proof Gallery345321809k+Text Domain Mismatch
#867Lenix Leads Collector3441424210k+Text Domain Mismatch
#868Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin34364593k+Input is not sanitized
#869Mass Ping Tool for SEO – WordPress ping list to get indexed faster on Google, Yandex, …347796500Output is not escaped
#870Montonio for WooCommerce344425710k+Non-prefixed global variable
#871PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget34462989k+Missing nonce verification
#872PW WooCommerce Bulk Edit3421914920k+Unsafe printing function
#873Redirection34322932m+Non-prefixed class
#874Search Meter341919420k+Output is not escaped
#875Student Result or Employee Database3489981k+Direct Query
#876SuperFrete34842421k+Request data is not unslashed
#877TaxJar – Sales Tax Automation for WooCommerce342361705k+Text Domain Mismatch
#878Testimonial Slider344482623k+Unsafe printing function
#879Throws SPAM Away3432712310k+Missing Arg Domain
#880Tools for Twitter34135871k+Output is not escaped
#881Visual Form Builder348232920k+Direct Query
#882Simple Discount Rules for Woocommerce341752145k+Nonce verification recommended
#883Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin342301542k+Output is not escaped
#884WP-Cron Status Checker342771115k+Text Domain Mismatch
#885Wp Default Sender Email by IT Pixelz3468225500Output is not escaped
#886WP Mail Logging3476258300k+Nonce verification recommended
#887WP Popup Builder – Popup Forms and Marketing Lead Generation343571433k+Text Domain Mismatch
#888Thumbnail Slider With Lightbox34244141700Output is not escaped
#889Live Visitor Counter341081144k+Interpolated SQL is not prepared
#890Xml Sitemap Generator347247400SQL query is not prepared
#891Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades34571195100k+Output is not escaped
#892Zero Spam for WordPress347939320k+Non-prefixed global variable
#893Abandoned Checkout Recovery & Order Notifications for WooCommerce3510877800Text Domain Mismatch
#894SOOZ – AI for SEO – Bulk Generate Focus Keyphrases, Metadata, Alt Text (SEO Autopilot)35443942k+Nonce verification recommended
#895Tuskcode Map Pro for Bing Maps3559359600Direct Query
#896Automatic Internal Links for SEO by Pagup35342151k+error log error log
#897Automatic YouTube Gallery3583599k+Output is not escaped
#898BORICA Payments by BORICA AD35537196500Text Domain Mismatch
#899BotWriter – AI Writer & SEO Content Generator35165033k+Direct Query
#900BSK Forms Blacklist358315501k+Output is not escaped