WordPress.DB.DirectDatabaseQuery.SchemaChange
Schema Change
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #201 | Finpose – Accounting for WooCommerce | 23 | 1,649 | 1,307 | 400 | Non-prefixed global variable | ||
| #202 | Image Photo Gallery Final Tiles Grid | 23 | 578 | 1,502 | 20k+ | Non-prefixed global variable | ||
| #203 | Five-Star Ratings Shortcode | 23 | 604 | 1,317 | 600 | Non-prefixed global variable | ||
| #204 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | Non Singular String Literal Domain | ||
| #205 | Freshdesk (official) | 23 | 194 | 386 | 900 | Non-prefixed function | ||
| #206 | Front End PM | 23 | 978 | 2,264 | 5k+ | Non-prefixed global variable | ||
| #207 | Tracking and Consent Manager – WP Full Picture | 23 | 1,280 | 3,223 | 3k+ | Non-prefixed global variable | ||
| #208 | Fuse Social Floating Sidebar | 23 | 1,840 | 1,573 | 10k+ | Non-prefixed global variable | ||
| #209 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | Output is not escaped | ||
| #210 | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | 23 | 3,662 | 2,971 | 10k+ | Output is not escaped | ||
| #211 | Anti-Malware Security and Brute-Force Firewall | 23 | 543 | 965 | 100k+ | Output is not escaped | ||
| #212 | Gmedia Photo Gallery | 23 | 350 | 1,121 | 7k+ | Non-prefixed global variable | ||
| #213 | Groundhogg — CRM, Newsletters, and Marketing Automation | 23 | 136 | 911 | 2k+ | Non-prefixed global variable | ||
| #214 | Interactive Content – H5P | 23 | 565 | 380 | 40k+ | Non Singular String Literal Domain | ||
| #215 | Houzez Property Feed | 23 | 1,464 | 1,615 | 1k+ | Text Domain Mismatch | ||
| #216 | Iks Menu – WordPress Category Accordion Menu & FAQs | 23 | 615 | 1,293 | 10k+ | Non-prefixed global variable | ||
| #217 | Image Carousel For Divi | 23 | 569 | 1,309 | 1k+ | Non-prefixed global variable | ||
| #218 | Payment forms, Buy now buttons, and Invoicing System | GetPaid | 23 | 387 | 1,258 | 5k+ | Non-prefixed global variable | ||
| #219 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #220 | Joli FAQ SEO – WordPress FAQ Plugin | 23 | 1,083 | 1,526 | 700 | Non-prefixed global variable | ||
| #221 | Justified Gallery | 23 | 589 | 1,417 | 8k+ | Non-prefixed global variable | ||
| #222 | Kenta Companion | 23 | 657 | 1,419 | 2k+ | Non-prefixed global variable | ||
| #223 | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | 23 | 1,831 | 3,878 | 10k+ | Non-prefixed global variable | ||
| #224 | KiviCare – Clinic & Patient Management System (EHR) | 23 | 206 | 850 | 2k+ | Direct Query | ||
| #225 | Masteriyo LMS – LMS Course Builder, Quizzes & Certificates | 23 | 192 | 2,123 | 5k+ | Non-prefixed global variable | ||
| #226 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #227 | Like Button Rating ♥ LikeBtn | 23 | 1,231 | 617 | 4k+ | Unsafe printing function | ||
| #228 | Link Whisper Free | 23 | 3,882 | 5,303 | 30k+ | Text Domain Mismatch | ||
| #229 | Custom Login Page Customizer | 23 | 687 | 1,408 | 90k+ | Non-prefixed global variable | ||
| #230 | MailPoet – Newsletters, Email Marketing, and Automation | 23 | 931 | 719 | 500k+ | Exception output is not escaped | ||
| #231 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | 23 | 525 | 1,541 | 30k+ | Non-prefixed global variable | ||
| #232 | Master Slider – Responsive Touch Slider | 23 | 800 | 408 | 60k+ | Output is not escaped | ||
| #233 | Media Library File Download | 23 | 615 | 1,286 | 1k+ | Non-prefixed global variable | ||
| #234 | Menu Image, Icons made easy | 23 | 591 | 1,406 | 100k+ | Non-prefixed global variable | ||
| #235 | Restaurant Menu and Food Ordering | 23 | 385 | 853 | 2k+ | Non-prefixed global variable | ||
| #236 | MultiParcels Shipping For WooCommerce | 23 | 179 | 356 | 4k+ | Request data is not unslashed | ||
| #237 | MPG – Multiple Page Generator, Bulk Landing Pages & Programmatic SEO | 23 | 488 | 580 | 2k+ | Missing nonce verification | ||
| #238 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | Non-prefixed global variable | ||
| #239 | NicheTable – Responsive Comparison Table Block | 23 | 683 | 1,307 | 700 | Non-prefixed global variable | ||
| #240 | Ninja Forms – The Contact Form Builder That Grows With You | 23 | 754 | 1,525 | 600k+ | Nonce verification recommended | ||
| #241 | Ocean Extra | 23 | 1,494 | 2,106 | 500k+ | Non-prefixed global variable | ||
| #242 | Issues and Series for Newspapers, Magazines, Publishers, Writers | 23 | 346 | 710 | 2k+ | Nonce verification recommended | ||
| #243 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | Missing nonce verification | ||
| #244 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | 23 | 4,159 | 1,553 | 100k+ | Output is not escaped | ||
| #245 | Gallery PhotoBlocks | 23 | 904 | 1,345 | 3k+ | Non-prefixed global variable | ||
| #246 | Post to Google My Business (Google Business Profile) | 23 | 845 | 1,452 | 10k+ | Non-prefixed global variable | ||
| #247 | Pricing Table by Supsystic | 23 | 1,299 | 447 | 10k+ | Non Singular String Literal Domain | ||
| #248 | Primary Addon for Elementor | 23 | 765 | 1,306 | 7k+ | Non-prefixed global variable | ||
| #249 | Print Anywhere & Create PDFs of Order Receipts, Invoices, Labels & More. | 23 | 1,485 | 444 | 1k+ | Text Domain Mismatch | ||
| #250 | Print My Blog – Print, PDF, & eBook Converter WordPress Plugin | 23 | 1,077 | 1,660 | 8k+ | Non-prefixed global variable |
