WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#301WPCal.io – Easy Meeting Scheduler23694595900Direct Query
#302Photo Engine (Media Organizer & Lightroom)232526502k+Direct Query
#303Masonry Gallery & Posts For Divi (WP Tools)237541,450700Non-prefixed global variable
#304WSW – Shopify WooCommerce / WordPress Integration and Migration231,4491,612600Non-prefixed global variable
#305XT Ajax Add To Cart for WooCommerce231,0031,6901k+Non-prefixed global variable
#306XT Quick View for WooCommerce231,0791,829400Non-prefixed global variable
#307XT Variation Swatches for WooCommerce231,0511,834600Non-prefixed global variable
#308Yatra – Travel Booking & Tour Operator Software232,2113,994600Non-prefixed global variable
#309Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress232,3171,7145k+Output is not escaped
#310Zephyr Project Manager236672,4541k+Non-prefixed global variable
#311404 Solution244861,33810k+Non-prefixed class
#312Academy LMS – WordPress LMS Plugin for Complete eLearning Solution241627872k+Non-prefixed global variable
#313Anti Spam and list cleaner – AcyChecker2446288400Output is not escaped
#314AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress245,2301,4647k+Output is not escaped
#315Ad Inserter – Ad Manager & AdSense Ads244,241811300k+Output is not escaped
#316Ivory Search – WordPress Search Plugin241,1731,688100k+Non-prefixed global variable
#317Advanced Contact form 7 DB247641,96070k+Non-prefixed global variable
#318All Embed – Multi-Source Embed Widgets for Elementor247271,310500Non-prefixed global variable
#319Multi Page Auto Advance for Gravity Forms246531,3352k+Non-prefixed global variable
#320Auto-Install Free SSL – Generate & Install Free SSL Certificates249911,4958k+Non-prefixed global variable
#321AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress241,7051,3937k+Text Domain Mismatch
#322Popup Box – Create Countdown, Coupon, Video, Contact Form Popups244821,25350k+Non-prefixed global variable
#323bBlocks – Essential Gutenberg Blocks & Patterns Collection246561,511700Non-prefixed global variable
#324Banner Management For WooCommerce248651,8622k+Non-prefixed global variable
#325Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More243429306k+Non-prefixed global variable
#326Arigato Autoresponder and Newsletter241,318769500Text Domain Mismatch
#327BlockMeister – Block Pattern Builder245801,4051k+Non-prefixed global variable
#328Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News246991,69330k+Non-prefixed global variable
#329Bookit — Booking & Appointment Calendar245661,4564k+Non-prefixed global variable
#330WOLF – WordPress Posts Bulk Editor and Manager Professional244856234k+Output is not escaped
#331Buttonizer – Floating Menus, Sticky Buttons, & Popup Builder245761,34470k+Non-prefixed global variable
#332Calculated Fields Form2428359940k+Non-prefixed global variable
#333Event Calendar – Calendar241,1111,2622k+Text Domain Mismatch
#334Categorify – WordPress Media Library Category & File Manager245731,3851k+Non-prefixed global variable
#335Message Filter for Contact Form 7241,0571,5941k+Non-prefixed global variable
#336WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms245341,5593k+Non-prefixed global variable
#337Kognetiks Chatbot for WordPress246511,486600Non-prefixed global variable
#338CleanTalk Anti-Spam. Spam Firewall & Bot protection248251,079200k+Missing nonce verification
#339Smart Online Order for Clover241,7461,2461k+Text Domain Mismatch
#340Complianz – GDPR/CCPA Cookie Consent244874031m+Missing Arg Domain
#341CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7241,0341,396300k+Non-prefixed global variable
#342Contact Form by Supsystic241,9136336k+Non Singular String Literal Domain
#343Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress245293571k+Text Domain Mismatch
#344Contact Widgets For Elementor all the contact links you need in one place249081,188500Non-prefixed global variable
#345CRM Perks Forms – WordPress Form Builder248195771k+Output is not escaped
#346Custom Twitter Feeds – A Tweets Widget or X Feed Widget24446922100k+Output is not escaped
#347Customer Reviews for WooCommerce242,2062,44380k+Output is not escaped
#348Defender Security – Malware Scanner, Login Security & Firewall2430651880k+Non-prefixed namespace
#349WP Comment Cleaner – Delete All Comments, Disable Comments, Bulk Delete & Remove Comments245871,43020k+Non-prefixed global variable
#350WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes)248452,6654k+Non-prefixed global variable