WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber

Replacements Wrong Number

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

Keep placeholders in the SQL string and pass dynamic values as separate arguments.
Use the placeholder that matches the value type.
Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

References

WordPress database access

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#101	Events Made Easy	25	506	6,296	1k+	yesterday	Non Prefixed Function Found
#102	HT Contact Form – Drag & Drop Form Builder for WordPress	25	158	593	10k+	14 days ago	Non Prefixed Variable Found
#103	Bulk Page Generator – LPagery	25	670	1,926	3k+	3 days ago	Non Prefixed Variable Found
#104	Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails	25	4,675	1,455	5k+	3 days ago	Text Domain Mismatch
#105	Media Cleaner: Clean your WordPress!	25	151	391	90k+	23 days ago	Direct Query
#106	NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar	25	257	397	40k+	4 days ago	Non Prefixed Hookname Found
#107	Simply Static – The Static Site Generator	25	163	446	30k+	3 days ago	Non Prefixed Hookname Found
#108	Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management	25	387	935	10k+	10 days ago	Not Prepared
#109	SEO Plugin by Squirrly SEO	25	1,130	222	40k+	4 days ago	Missing Translators Comment
#110	Stylish Cost Calculator – Quote Generator, Lead Gen & Price Estimator	25	647	1,016	1k+	11 days ago	Output Not Escaped
#111	WP Go Maps – Google Map, OpenStreetMap, Leaflet Map	25	4,996	1,008	300k+	5 days ago	Unsafe Printing Function
#112	WP Photo Album Plus	25	4	1,799	10k+	3 days ago	Direct Query
#113	Smush – Image Optimization, Compression, Lazy Load, WebP & CDN	25	252	566	1m+	10 days ago	Non Prefixed Hookname Found
#114	Easy Appointments	26	135	569	10k+	4 days ago	Maybe ASPOpen Tag Found
#115	Loco Translate	26	454	242	1m+	21 days ago	Output Not Escaped
#116	Duplicate Post	27	447	274	300k+	2 months ago	Unsafe Printing Function
#117	Discount Rules and Dynamic Pricing for WooCommerce	28	182	334	10k+	21 days ago	Output Not Escaped
#118	Transliterator – Multilingual and Multi-script Text Conversion	28	305	320	3k+	26 days ago	Output Not Escaped
#119	WP ADA Compliance Check Basic	28	785	177	3k+	yesterday	Text Domain Mismatch
#120	AL Pack	29	13	816	2k+	7 months ago	Non Prefixed Variable Found
#121	Post Views Counter	29	179	398	200k+	3 days ago	Non Prefixed Hookname Found
#122	Security Ninja – WordPress Security & Firewall	29	149	347	7k+	4 days ago	Direct Query
#123	Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management	29	53	496	4k+	1 month ago	Direct Query
#124	Xagio SEO – AI Powered SEO	29	1	1,268	10k+	13 days ago	Direct Query
#125	Advanced Database Cleaner – Optimize & Clean Database to Speed Up Site Performance	30	164	439	100k+	21 days ago	Interpolated Not Prepared
#126	Edwiser Bridge – WordPress Moodle Integration	30	4	669	4k+	1 month ago	Non Prefixed Hookname Found
#127	Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant	30	264	221	4k+	1 year ago	Missing Unslash
#128	QA Assistants – Driven by data	30	4	867	2k+	2 months ago	Non Prefixed Variable Found
#129	Image Hotspot – Map Image Annotation	31	95	283	3k+	15 days ago	Non Prefixed Variable Found
#130	Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker	31	63	933	6k+	11 days ago	Interpolated Not Prepared
#131	CartBounty – Save and recover abandoned carts for WooCommerce	33	370	399	10k+	28 days ago	Output Not Escaped
#132	PW WooCommerce Bulk Edit	34	219	149	20k+	1 month ago	Unsafe Printing Function
#133	SOOZ – AI for SEO – Bulk Generate Focus Keyphrases, Metadata, Alt Text (SEO Autopilot)	35	44	394	2k+	26 days ago	Recommended
#134	CompressX — AVIF & WebP Converter, Media Replacement	35	26	423	40k+	26 days ago	Missing
#135	Elementor Website Builder – more than just a page builder	35	46	428	10m+	yesterday	Non Prefixed Variable Found
#136	MetaSlider Gallery – Image Gallery, Lightbox Galleries, Modal Windows	35	157	49	10k+	12 days ago	Output Not Escaped
#137	Recurio – Ultimate Subscription for WooCommerce	35	41	300	1k+	1 month ago	Direct Query
#138	Yabe Webfont – Use Custom Fonts, Google Fonts or Adobe Fonts	35	48	114	5k+	3 months ago	Non Prefixed Hookname Found
#139	Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder	36	3	321	10k+	4 days ago	Recommended
#140	Desktop Mode	36	1	579	2k+	4 days ago	Direct Query
#141	Product Badge, Label, Countdown Timer for WooCommerce – Sale Booster	38	37	98	5k+	6 days ago	Interpolated Not Prepared
#142	MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites	38	3	136	700k+	6 days ago	Non Prefixed Hookname Found
#143	WholesaleX – B2B & Wholesale Plugin for WooCommerce with Wholesale Prices	38	40	180	2k+	4 days ago	Non Prefixed Variable Found
#144	CatFolders Document Gallery & PDF Library	39	66	32	3k+	1 month ago	Output Not Escaped
#145	Markup by Attribute for WooCommerce	39	46	102	2k+	3 days ago	Direct Query
#146	Traffic Monitor	39	6	143	1k+	8 months ago	Direct Query
#147	Website LLMs.txt	39	13	145	40k+	7 days ago	Non Prefixed Variable Found
#148	Alt Magic: AI Image Alt Text Generator for WP & Image Rename	40	55	118	1k+	26 days ago	Direct Query
#149	Broken Link Notifier	40	11	193	1k+	13 days ago	Non Prefixed Variable Found
#150	Simple Lightbox	41	21	48	100k+	4 months ago	Recommended