WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder

Quoted Simple Placeholder

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

  • Keep placeholders in the SQL string and pass dynamic values as separate arguments.
  • Use the placeholder that matches the value type.
  • Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#51Asset CleanUp: Page Speed Booster222,0302,485100k+Non-prefixed global variable
#52WP Umbrella: Update Backup Restore & Monitoring2291891670k+Exception output is not escaped
#53WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell225,9962,7905k+Text Domain Mismatch
#54Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce231,1851,0271k+Text Domain Mismatch
#55Gutenberg Blocks – ACF Blocks Suite231,0971,449400Non-prefixed global variable
#56BA Book Everything231,1841,08610k+Output is not escaped
#57Booking calendar, Appointment Booking System231,0791,1254k+Output is not escaped
#58WPBot – AI ChatBot for Live Support, Lead Generation, AI Services234741,1535k+Non-prefixed global variable
#59Content Aware Sidebars – Fastest Widget Area Plugin239931,73830k+Non-prefixed global variable
#60Content Egg – Affiliate Product Importer & Price Comparison231,2311,25710k+Non-prefixed global variable
#61Easy Digital Downloads – eCommerce Payments and Subscriptions made easy233,72310,28340k+Non-prefixed namespace
#62Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light23386999400Non-prefixed global variable
#63Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder234,7461,27930k+Non Singular String Literal Domain
#64FV Flowplayer Video Player231,3111,45420k+Output is not escaped
#65GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress233,6212,74410k+Output is not escaped
#66The GDPR Framework By Data443231,28751710k+Short PHP open tag found
#67Groundhogg — CRM, Newsletters, and Marketing Automation231369142k+Non-prefixed global variable
#68Interactive Content – H5P2356538040k+Non Singular String Literal Domain
#69Payment forms, Buy now buttons, and Invoicing System | GetPaid233871,2585k+Non-prefixed global variable
#70Link Whisper Free233,8825,30330k+Text Domain Mismatch
#71Media Library Assistant231,1443,94370k+Nonce verification recommended
#72Restaurant Menu and Food Ordering233858532k+Non-prefixed global variable
#73MStore API – Create Native Android & iOS Apps On The Cloud236187643k+SQL query is not prepared
#74MultiParcels Shipping For WooCommerce231793564k+Request data is not unslashed
#75Issues and Series for Newspapers, Magazines, Publishers, Writers233467102k+Nonce verification recommended
#76Patchstack – WordPress & Plugins Security2310748940k+Missing nonce verification
#77Photo Gallery by 10Web – Mobile-Friendly Image Gallery234,1591,553100k+Output is not escaped
#78AI Popup231,224636400Text Domain Mismatch
#79Schema231,17324540k+Text Domain Mismatch
#80SecuPress with Simple SSL – Simple and Performant Security231,6971,60140k+Non-prefixed global variable
#81Seraphinite Post .DOCX Source231,156110900Output is not escaped
#82Seriously Simple Podcasting2354862730k+Non-prefixed hook name
#83Local Google Analytics for WordPress – caches external requests235511993k+Output is not escaped
#84Image Optimizer, Resizer and CDN – Sirv236161,0041k+Output is not escaped
#85Slider Hero with Video Background, Animation231,5651,2533k+Text Domain Mismatch
#86Slider by 10Web – Responsive Image Slider235,81497610k+Output is not escaped
#87UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP236942,43920k+Non-prefixed hook name
#88Predictive Search for WooCommerce23530644700Output is not escaped
#89WP-CRM System – Manage Clients and Projects232971,094800Non-prefixed global variable
#90FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce239412,17920k+SQL query is not prepared
#91WP STAGING – WordPress Backup, Restore, Migration & Clone231,4941,550100k+Non-prefixed global variable
#92Track, Analyze & Optimize by WP Tao23895756600Output is not escaped
#93WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel231,1583,64220k+Interpolated SQL is not prepared
#94Photo Engine (Media Organizer & Lightroom)232526502k+Direct Query
#95Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress232,3171,7145k+Output is not escaped
#96Ivory Search – WordPress Search Plugin241,1731,688100k+Non-prefixed global variable
#97Popup Box – Create Countdown, Coupon, Video, Contact Form Popups244821,25350k+Non-prefixed global variable
#98BlockMeister – Block Pattern Builder245801,4051k+Non-prefixed global variable
#99RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress248283,665500Request data is not unslashed
#100WPBot – ChatBot Conversational Forms241,2541,2262k+Text Domain Mismatch