WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1051Stock Ticker3992492k+Output is not escaped
#1052Easy Category Icons395043600Text Domain Mismatch
#1053Traffic Monitor3961431k+Direct Query
#1054Eurobank WooCommerce Payment Gateway3962632k+Non Singular String Literal Domain
#1055Wallet for WooCommerce393652420k+Non-prefixed hook name
#1056WP Limit Login Attempts39266710k+Direct Query
#1057WP Most Popular3950352k+Output is not escaped
#1058Zotpress39804032k+Non-prefixed global variable
#1059404 Notifier403941700Output is not escaped
#1060Atomic Edge Security – Firewall, Malware Scan and Login Security4012184700Non-prefixed global variable
#1061AxiaChat AI – Free AI Chatbot (Answers Customers Automatically)4021352k+Interpolated SQL is not prepared
#1062Broken Link Notifier40111931k+Non-prefixed global variable
#1063Copyscape Premium40148133800SQL query is not prepared
#1064Country State City Dropdown CF74035545k+Direct Query
#1065Cron Logger4049361k+Output is not escaped
#1066Cryptocurrency Widgets Pack4022252700Unsafe printing function
#1067Eventer4061551k+Output is not escaped
#1068LLM Bot Tracker – AI Crawler Detection & Analytics401890700Database parameter is not escaped
#1069Random Banner40591251k+Output is not escaped
#1070Role Based Redirect4020962k+Non-prefixed global variable
#1071Simple Statistics for Feeds4064131800Nonce verification recommended
#1072Payment Gateway – nexi Alpha Bank for WooCommerce4028451k+Missing nonce verification
#1073Database for CF74137322k+Text Domain Mismatch
#1074SNORDIAN's H5PxAPIkatchu4111988500SQL query is not prepared
#1075Native Emoji4154375k+Unsafe printing function
#1076Page & Post Notes4112771k+Non-prefixed global variable
#1077Simple Product Options for WooCommerce4162413k+Output is not escaped
#1078Smoove connector for Elementor forms412260600Nonce verification recommended
#1079StifLi Flex MCP – MCP Server with undo for ChatGPT, Claude & Gemini4121111k+Interpolated SQL is not prepared
#1080Abandoned Cart Recovery for WooCommerce41202024k+Request data is not unslashed
#1081WP Media folders4119743k+Direct Query
#1082Agoda Affiliate Partners Text Link Generator42440500Interpolated SQL is not prepared
#1083Comment Reply Email422123500Unsafe printing function
#1084Custom Taxonomy Order42205650k+Output is not escaped
#1085FormCraft – Form Builder421861562k+Text Domain Mismatch
#1086Geo Blocker – Control Site Access by Region and IP421064800Direct Query
#1087WP Email Log – PostBox42281700Nonce verification recommended
#1088Sendcloud Shipping4278565k+Output is not escaped
#1089Simple Googlebot Visit4232671k+Non Singular String Literal Domain
#1090Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)422,5831,82310k+Text Domain Mismatch
#1091I Order Terms4440241k+Output is not escaped
#1092Super Blank451315610k+Missing direct file access protection
#1093Easy Subscribe46132700Direct Query
#1094GetAutoSEO AI Tool46102501k+Direct Query
#1095Gravity Forms Constant Contact4636273k+Non-prefixed class
#1096Updater by BestWebSoft464942192k+Text Domain Mismatch
#1097Delete Duplicate Posts4795010k+Direct Query
#1098Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator47448310k+Missing direct file access protection
#1099Real Media Library: Media Library Folder & File Manager471365100k+Direct Query
#1100AffiliateWP – Store Credit484721400Output is not escaped