WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQuery

Like Wildcards In Query

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

Keep placeholders in the SQL string and pass dynamic values as separate arguments.
Use the placeholder that matches the value type.
Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

References

WordPress database access

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#51	Media Cleaner: Clean your WordPress!	25	151	391	90k+	22 days ago	Direct Query
#52	Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management	25	387	935	10k+	9 days ago	Not Prepared
#53	Pay with Vipps and MobilePay for WooCommerce	25	845	509	5k+	4 days ago	Output Not Escaped
#54	WP Google Review Slider	25	1,367	2,582	30k+	9 days ago	Non Prefixed Variable Found
#55	Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF	25	154	118	60k+	22 days ago	Non Prefixed Variable Found
#56	WPCargo Track & Trace	25	239	557	10k+	5 days ago	Non Prefixed Variable Found
#57	Open User Map – Interactive Leaflet Maps	26	893	986	10k+	12 days ago	Non Prefixed Variable Found
#58	SP Move Login	26	881	215	6k+	7 months ago	Text Domain Mismatch
#59	Jetpack VaultPress	28	71	362	10k+	2 months ago	Missing
#60	Database Cleaner	29	135	297	10k+	22 days ago	Direct Query
#61	Form Vibes – Database Manager for Forms	31	176	284	10k+	3 months ago	Text Domain Mismatch
#62	Thrive Automator	32	84	84	10k+	1 year ago	Not Prepared
#63	SEOPress – AI SEO Plugin & On-site SEO	32	138	429	300k+	3 days ago	Non Prefixed Variable Found
#64	ThumbPress – Compress Images, Manage Thumbnails, Detect Image Issues, WebP/AVIF, Lazy Loading, Hotlinking & More	33	101	289	30k+	4 days ago	Non Prefixed Variable Found
#65	ReOrder Posts within Categories	35	39	207	7k+	3 years ago	Non Prefixed Variable Found
#66	Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts	35	48	114	5k+	3 months ago	Non Prefixed Hookname Found
#67	Product Labels For Woocommerce (Sale Badges)	36	90	48	10k+	20 days ago	Output Not Escaped
#68	Optimize Database after Deleting Revisions	36	644	127	60k+	1 month ago	Output Not Escaped