WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare

Unfinished Prepare

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

Keep placeholders in the SQL string and pass dynamic values as separate arguments.
Use the placeholder that matches the value type.
Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

References

WordPress database access

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Added	Updated	Top Issue
#51	PagBank / PagSeguro Connect para WooCommerce	22	504	743	4k+	2 years ago	3 days ago	Non-prefixed global variable
#52	PDF Builder for WPForms	22	321	266	900	7 years ago	8 days ago	SQL query is not prepared
#53	Request a Quote Form Plugin – Price Quote Request Management Made Easy	22	241	1,109	1k+	10 years ago	4 months ago	Non-prefixed hook name
#54	Sellsy	22	586	490	400	8 years ago	1 year ago	Non Singular String Literal Domain
#55	NextScripts: Social Networks Auto-Poster	22	2,408	1,133	30k+	14 years ago	4 months ago	Output is not escaped
#56	Swift Performance Lite	22	2,346	1,325	7k+	8 years ago	4 months ago	Text Domain Mismatch
#57	Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin	22	530	2,334	40k+	6 years ago	4 days ago	Direct Query
#58	Unlimited Elements Blocks Library	22	708	1,822	400	11 months ago	25 days ago	Non-prefixed global variable
#59	Welcart e-Commerce	22	10,377	10,896	10k+	17 years ago	23 days ago	Text Domain Mismatch
#60	UserFeedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds	22	444	243	200k+	3 years ago	1 month ago	Text Domain Mismatch
#61	WCFM Marketplace – Multivendor Marketplace for WooCommerce	22	1,937	1,969	10k+	8 years ago	1 month ago	Non-prefixed global variable
#62	WooCommerce	22	1,359	6,171	7m+	15 years ago	2 days ago	Non-prefixed global variable
#63	Advanced AJAX Product Filters	22	2,683	1,205	50k+	12 years ago	1 month ago	Text Domain Mismatch
#64	WP Fusion Lite – Marketing Automation and CRM Integration for WordPress	22	276	683	5k+	8 years ago	2 months ago	Nonce verification recommended
#65	WP Umbrella: Update Backup Restore & Monitoring	22	918	916	70k+	6 years ago	2 days ago	Exception output is not escaped
#66	User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration	22	287	1,432	20k+	15 years ago	7 days ago	Non-prefixed global variable
#67	YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports	22	654	435	10k+	6 years ago	10 days ago	Exception output is not escaped
#68	Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce	23	1,185	1,027	1k+	10 years ago	2 days ago	Text Domain Mismatch
#69	Kadence Security – Password, Two Factor Authentication, and Brute Force Protection	23	1,053	967	700k+	16 years ago	29 days ago	Missing Translators Comment
#70	Business Directory Plugin – Easy Listing Directories for WordPress	23	611	1,058	10k+	15 years ago	1 month ago	Non-prefixed global variable
#71	Geo Controller	23	203	544	1k+	11 years ago	1 month ago	Non-prefixed global variable
#72	Classified Listing – AI-Powered Classified ads & Business Directory	23	155	2,074	9k+	8 years ago	2 days ago	Non-prefixed global variable
#73	Content Egg – Affiliate Product Importer & Price Comparison	23	1,231	1,257	10k+	11 years ago	5 days ago	Non-prefixed global variable
#74	Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe	23	9,310	26,642	1k+	11 years ago	7 days ago	Non-prefixed global variable
#75	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	23	170	821	40k+	11 years ago	7 days ago	Non-prefixed global variable
#76	Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification	23	675	643	1k+	4 years ago	3 months ago	Unsafe printing function
#77	Easy Digital Downloads – eCommerce Payments and Subscriptions made easy	23	3,723	10,283	40k+	14 years ago	8 days ago	Non-prefixed namespace
#78	ElementsReady Addons for Elementor	23	231	666	3k+	5 years ago	11 months ago	Non-prefixed global variable
#79	Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light	23	386	999	500	12 years ago	2 years ago	Non-prefixed global variable
#80	Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	23	4,746	1,279	30k+	14 years ago	16 days ago	Non Singular String Literal Domain
#81	FV Flowplayer Video Player	23	1,311	1,454	20k+	17 years ago	yesterday	Output is not escaped
#82	GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress	23	3,662	2,971	10k+	9 years ago	10 days ago	Output is not escaped
#83	Groundhogg — CRM, Newsletters, and Marketing Automation	23	136	911	2k+	8 years ago	yesterday	Non-prefixed global variable
#84	Interactive Content – H5P	23	565	380	40k+	12 years ago	1 month ago	Non Singular String Literal Domain
#85	Payment forms, Buy now buttons, and Invoicing System \| GetPaid	23	387	1,258	5k+	9 years ago	2 days ago	Non-prefixed global variable
#86	Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress	23	91	693	300k+	5 years ago	5 days ago	Non-prefixed namespace
#87	King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	23	1,837	3,878	10k+	2 years ago	1 month ago	Non-prefixed global variable
#88	Masteriyo LMS – LMS Course Builder, Quizzes & Certificates	23	192	2,123	5k+	5 years ago	3 days ago	Non-prefixed global variable
#89	Like Button Rating ♥ LikeBtn	23	1,231	617	4k+	13 years ago	1 month ago	Unsafe printing function
#90	Link Whisper Free	23	3,882	5,303	30k+	6 years ago	25 days ago	Text Domain Mismatch
#91	Restaurant Menu and Food Ordering	23	385	853	2k+	10 years ago	29 days ago	Non-prefixed global variable
#92	MStore API – Create Native Android & iOS Apps On The Cloud	23	618	764	3k+	7 years ago	14 days ago	SQL query is not prepared
#93	Next Active Directory Integration	23	683	284	2k+	10 years ago	1 month ago	Exception output is not escaped
#94	Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery	23	2,119	986	400k+	19 years ago	1 month ago	Text Domain Mismatch
#95	Patchstack – WordPress & Plugins Security	23	107	489	40k+	5 years ago	2 months ago	Missing nonce verification
#96	Photo Gallery by 10Web – Mobile-Friendly Image Gallery	23	4,159	1,553	100k+	12 years ago	28 days ago	Output is not escaped
#97	Post to Google My Business (Google Business Profile)	23	845	1,452	10k+	8 years ago	1 month ago	Non-prefixed global variable
#98	Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More	23	142	681	100k+	3 years ago	yesterday	Non-prefixed global variable
#99	Revive.so – Bulk Rewrite and Republish Blog Posts	23	332	228	1k+	2 years ago	4 months ago	Text Domain Mismatch
#100	The Events Calendar	23	3,511	3,851	700k+	16 years ago	2 days ago	Text Domain Mismatch