WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1101Simple Custom Post Order481077300k+Direct Query
#1102FlexStock – Product Stock Sync with Google Sheets for WooCommerce48241700Direct Query
#1103wp-Monalisa485694700Direct Query
#1104WS Action Scheduler Cleaner4813802k+error log error log
#1105Anti-Spam Protection – No API Key, GDPR Friendly4921061k+Direct Query
#1106ReCrawler4910404k+Direct Query
#1107Simple MyISAM to InnoDB4911221k+Output is not escaped
#1108REST API Log5144955k+Non-prefixed hook name
#1109Easy Quotes551131700Direct Query
#1110ProductFrame – Curated products from affiliate feeds55385400Direct Query
#1111Fluent Connect – Connect ThriveCart with your WordPress and FluentCRM563754600curl curl setopt
#1112WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance5657691m+Non-prefixed global variable
#1113Remove admin menus by role575548k+Input is not validated
#1114Contact Form DB for Enfold582114700Output is not escaped
#1115Social Media Auto Poster – Schedule & Publish to Buffer58232108k+Dynamic hook name
#1116UltraPress – AI Assistant, Chatbot & SEO591238800Non-prefixed global variable
#1117Hide Posts5997020k+Direct Query
#1118Product Labels, Quick View, Buy Now, Pre-Orders, Frequently Bought Together & More for WooCommerce – Merchant601174010k+Non-prefixed global variable
#1119CommerceBird – AI Command Center, ERP Integrations & B2B for WooCommerce (Zoho, Exact Online).613162500Direct Query
#1120Powerkit – Supercharge your WordPress Site616711510k+Non-prefixed global variable
#1121WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce6122741k+Non-prefixed global variable
#1122Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages628110040k+Missing direct file access protection
#1123exovia GDPR Google Maps624064k+Output is not escaped
#1124Proofreading6211745k+Direct Query
#1125MooWoodle – WordPress Moodle LMS Integration, Sell Moodle Courses via WooCommerce631045800No Caching
#1126Contact Form to Chat Apps | Click to Chat to Order – FormyChat63301363k+Direct Query
#1127DoFollow Case by Case644601k+Direct Query
#1128Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini646346k+Interpolated SQL is not prepared
#1129Stancer for WooCommerce642108400Non-prefixed global variable
#1130JTL-Connector for WooCommerce6471661k+Direct Query
#1131WP REST Cache641111310k+Direct Query
#1132Editoria11y Accessibility Checker6769551k+Text Domain Mismatch
#1133Recurio – Ultimate Subscription for WooCommerce673111k+Direct Query
#1134Booter – Bots & Crawlers Manager68817k+Non-prefixed global variable
#1135Faire for WooCommerce68486800Direct Query
#1136Ever Accounting – Accounting & Invoicing Solution for Small Businesses68696611k+Non-prefixed hook name
#1137Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative)6933379200k+Direct Query
#1138Contact Form 769563910m+Missing direct file access protection
#1139FAZ Cookie Manager701311600Non-prefixed hook name
#1140Privyr CRM – Instant Lead Alerts for Contact Forms712254k+Non-prefixed function
#1141SmartSMTP718422k+Nonce verification recommended
#1142Templ Optimizer726631k+Direct Query
#1143TOCHAT.BE73271800Request data is not unslashed
#1144Intuitive Custom Post Order751996400k+Direct Query
#1145Ukrposhta7524226500Non-prefixed global variable
#1146CiviCRM Member Sync76870800Non-prefixed global variable
#1147FluentPlayer – Video Player With Forms & Lead Capture765401k+Database parameter is not escaped
#1148StoreAgent – WooCommerce AI Chatbot & AI Content Tools76202400Non-prefixed global variable
#1149Bit Flows: AI Agent Automation & Integrations for Forms, CRM, eCommerce, Google Sheets, and More7718202k+wp function not compatible with requires wp
#1150Dual Currency Display77124900Direct Query