WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder

Quoted Simple Placeholder

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

  • Keep placeholders in the SQL string and pass dynamic values as separate arguments.
  • Use the placeholder that matches the value type.
  • Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#101eCommerce Product Catalog Plugin for WordPress246213,1777k+Non-prefixed function
#102Etsy Integration For WooCommerce241,2464,643900Non-prefixed global variable
#103FeedWordPress244963199k+Missing Arg Domain
#104Food Store – Online Food Delivery & Pickup248621,9411k+Non-prefixed global variable
#105Assets manager, dequeue scripts, dequeue styles for WordPress245922552k+Output is not escaped
#106Import and export users and customers241,04035770k+Unsafe printing function
#107Social Slider Feed – Social Media Feed & Gallery Widgets2492970720k+Non-prefixed global variable
#108Media Library Folders2488980710k+Text Domain Mismatch
#109Ninja Forms – The Contact Form Builder That Grows With You247491,525600k+Nonce verification recommended
#110Participants Database249518947k+SQL query is not prepared
#111Product Catalog Simple241,5551,9821k+Output is not escaped
#112Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors2436982020k+Nonce verification recommended
#113Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker244072,58740k+Non-prefixed hook name
#114PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes2441457310k+Missing Translators Comment
#115Security Plugin, Firewall & Malware Scanner with Auto Removal241,19176930k+Output is not escaped
#116Shortcodes Ultimate – Content Elements246561,552400k+Non-prefixed global variable
#117SiteOrigin Widgets Bundle24606455400k+Output is not escaped
#118Team Members – Multi Language Supported Team Plugin242,08111,2067k+Non-prefixed global variable
#119Timber248512820k+Non-prefixed hook name
#120Ultimate Product Catalog245545255k+Unsafe printing function
#121Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates2452213510k+Output is not escaped
#122WPML Multilingual & Multicurrency for WooCommerce241,4531,618100k+SQL query is not prepared
#123Auto Affiliate Links243754073k+Output is not escaped
#124WP-Members Membership Plugin2466938250k+Output is not escaped
#125WP Notification Bell247361,591700Non-prefixed global variable
#126WP-Stateless – Google Cloud Storage241,0364824k+Non Singular String Literal Domain
#127WP Travel Engine – Tour Booking Plugin – Tour Operator Software242,0105,68820k+Non-prefixed global variable
#128Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress242,5762,103100k+Output is not escaped
#129WPeMatico RSS Feed Fetcher241,37858710k+Output is not escaped
#130YMC Filter24121,7294k+Non-prefixed global variable
#131AdRotate Banner Manager251,36384620k+Unsafe printing function
#132bbp style pack251,4191,7926k+Output is not escaped
#133Booking Package251,7033,97710k+Missing nonce verification
#134Broken Link Checker25727600500k+Output is not escaped
#135Disable Comments & Delete All Comments255031859k+Output is not escaped
#136Coupon Creator256984121k+Output is not escaped
#137CP Contact Form with PayPal25466936800Unsafe printing function
#138Disable Admin Notices – Hide Dashboard Notifications25465195100k+Output is not escaped
#139Docket Cache – Object Cache Accelerator2533348120k+Output is not escaped
#140胖鼠采集(Fat Rat Collect)25630190900Missing Arg Domain
#141Simple Giveaways – Grow your business, email lists and traffic with contests259562,384400Non-prefixed global variable
#142Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More251,7862,2202k+Non-prefixed global variable
#143MaxButtons – Create buttons2562640470k+Output is not escaped
#144Media Cleaner: Clean your WordPress!2515139190k+Direct Query
#145Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls254881,4127k+Non-prefixed global variable
#146Post Snippets – Custom WordPress Code Snippets Customizer258081,65420k+Non-prefixed global variable
#147Premmerce Product Search for WooCommerce255961,350900Non-prefixed global variable
#148Quiz Maker by AYS255053,02120k+Non-prefixed global variable
#149reSmush.it : The original free image compressor and optimizer plugin2515569100k+Output is not escaped
#150Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin2596073860k+Text Domain Mismatch