WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#351Democracy Poll243874367k+Short PHP open tag found
#352Deployer for Git245411,336500Non-prefixed global variable
#353Digital License Manager24295670700Non-prefixed hook name
#354Drop Shadow Boxes246421,2904k+Non-prefixed global variable
#355Easy Form Builder by WhiteStudio — Drag & Drop Form Builder241943831k+Nonce verification recommended
#356Easy Modal245642997k+Unsafe printing function
#357ELEX WooCommerce Request a Quote243982662k+Request data is not unslashed
#358Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress246521,49560k+Non-prefixed hook name
#359EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more246691,550100k+Output is not escaped
#360Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels241071,46110k+Non-prefixed global variable
#361Event Tickets and Registration243,4114,21790k+Non-prefixed global variable
#362Etsy Integration For WooCommerce241,2464,643900Non-prefixed global variable
#363F12 Profiler24282451500Direct Query
#364Fast Velocity Minify2428225640k+Unsafe printing function
#365Fattura2424312333400Output is not escaped
#366FeedWordPress244963199k+Missing Arg Domain
#367FileBird – WordPress Media Library Folders & File Manager24239377200k+wp function not compatible with requires wp
#368Fix Alt Text245443461k+Non Singular String Literal Domain
#369FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution2419375380k+Direct Query
#370Food Store – Online Food Delivery & Pickup248621,9411k+Non-prefixed global variable
#371Football Pool241,0857331k+Output is not escaped
#372Formidable PRO2PDF242184771k+Non-prefixed global variable
#373FV Player 8243231,3831k+Non-prefixed function
#374GD Mail Queue24502582700Output is not escaped
#375Cookie Banner for GDPR / CCPA – WPLP Cookie Consent241,2091,9319k+Non-prefixed global variable
#376Genealogical Tree – Family Tree & Ancestry for WordPress245601,641600Non-prefixed global variable
#377GEO my WP245542,0893k+Non-prefixed hook name
#378Connector Wizard (formerly LC Wizard)242484641k+Non-prefixed function
#379ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)24118442300k+Nonce verification recommended
#380Easy Google Maps241,76438920k+Non Singular String Literal Domain
#381GS Behance Portfolio – Display Projects, Gallery & Slider248551,617400Non-prefixed global variable
#382Hide Shipping Method For WooCommerce249461,44710k+Non-prefixed global variable
#383InstaWP Connect – 1-click WP Staging & Migration2425381140k+Non-prefixed global variable
#384Joli Table Of Contents246531,7557k+Non-prefixed global variable
#385Kenta Blocks – Responsive Blocks and block templates library245641,4052k+Non-prefixed global variable
#386Koko Analytics – Privacy-Friendly WordPress Analytics2416128060k+Short PHP open tag found
#387LatePoint – Calendar Booking Plugin for Appointments and Events241,841937100k+Output is not escaped
#388LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes244141,17610k+Non-prefixed global variable
#389Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms245635484k+Text Domain Mismatch
#390Local Delivery Drivers for WooCommerce241,8321,483900Non-prefixed global variable
#391Local Pickup for WooCommerce245501,3881k+Non-prefixed global variable
#392Generate Images (AI) – Magic Post Thumbnail241,9401,7616k+Non-prefixed global variable
#393Mailchimp for WooCommerce24523663200k+Non-prefixed global variable
#394MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails247723,8531k+Direct Query
#395Mang Board WP241,2494,7209k+Non-prefixed global variable
#396Mass Pages/Posts Creator247361,3641k+Non-prefixed global variable
#397miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)243,70290210k+wp function not compatible with requires wp
#398Receive customer payments on Woocommerce245491,4191k+Non-prefixed global variable
#399MT Addons for Elementor243,0731,4422k+Text Domain Mismatch
#400Music Player for Elementor – Audio Player & Podcast Player246081,30210k+Non-prefixed global variable