WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare

Unfinished Prepare

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

Keep placeholders in the SQL string and pass dynamic values as separate arguments.
Use the placeholder that matches the value type.
Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

References

WordPress database access

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Added	Updated	Top Issue
#101	The Events Calendar	23	3,511	3,851	700k+	16 years ago	2 days ago	Text Domain Mismatch
#102	Tutor LMS – eLearning and online course solution	23	395	3,402	100k+	7 years ago	9 days ago	Non-prefixed global variable
#103	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	23	695	2,434	20k+	9 years ago	2 days ago	Non-prefixed hook name
#104	Advanced Booking & Appointment System – Webba Booking Calendar	23	1,615	3,300	2k+	11 years ago	11 days ago	Non-prefixed global variable
#105	ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	23	7,423	2,181	90k+	8 years ago	5 days ago	Text Domain Mismatch
#106	Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions	23	1,123	1,860	9k+	12 years ago	2 days ago	Output is not escaped
#107	Lead Form Data Collection to CRM	23	211	1,698	400	12 years ago	2 months ago	Non-prefixed global variable
#108	WP-Lister Lite for Amazon	23	3,061	4,177	900	11 years ago	3 months ago	Output is not escaped
#109	FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce	23	940	2,180	20k+	7 years ago	yesterday	SQL query is not prepared
#110	Customer Support Ticket System & Helpdesk	23	1,719	1,464	400	12 years ago	18 days ago	Text Domain Mismatch
#111	Photo Engine (Media Organizer & Lightroom)	23	252	650	2k+	12 years ago	2 months ago	Direct Query
#112	Yatra – Travel Booking & Tour Operator Software	23	2,211	3,994	600	7 years ago	today	Non-prefixed global variable
#113	404 Solution	24	486	1,338	10k+	9 years ago	today	Non-prefixed class
#114	Academy LMS – WordPress LMS Plugin for Complete eLearning Solution	24	162	787	2k+	5 years ago	11 days ago	Non-prefixed global variable
#115	AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress	24	1,705	1,393	7k+	6 years ago	10 days ago	Text Domain Mismatch
#116	Awesome Support – WordPress HelpDesk & Support Plugin	24	225	1,239	6k+	12 years ago	1 month ago	Non-prefixed global variable
#117	Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale)	24	1,837	1,063	1k+	5 years ago	2 days ago	Text Domain Mismatch
#118	Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces	24	2,248	3,338	10k+	9 years ago	15 days ago	slow db query meta key
#119	Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More	24	342	930	6k+	5 years ago	8 days ago	Non-prefixed global variable
#120	BrikPanel — WooCommerce Dashboard, Sales Report, Google Sheets Sync, Inventory Management & Bulk Editor	24	3,945	1,253	400	1 year ago	today	Text Domain Mismatch
#121	Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor	24	1,025	984	4k+	7 years ago	5 months ago	Text Domain Mismatch
#122	Bulk Edit and Create User Profiles – WP Sheet Editor	24	979	969	1k+	8 years ago	5 months ago	Text Domain Mismatch
#123	Kognetiks Chatbot for WordPress	24	651	1,486	600	3 years ago	4 months ago	Non-prefixed global variable
#124	Smart Online Order for Clover	24	1,746	1,246	1k+	10 years ago	2 months ago	Text Domain Mismatch
#125	RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress	24	828	3,665	500	10 years ago	26 days ago	Request data is not unslashed
#126	WPBot – ChatBot Conversational Forms	24	1,254	1,226	2k+	7 years ago	4 days ago	Text Domain Mismatch
#127	Customer Reviews for WooCommerce	24	2,206	2,443	80k+	9 years ago	5 days ago	Output is not escaped
#128	Easy Invoice – Invoice Generator, PDF Quotes & Payments	24	1,366	2,006	500	4 years ago	today	Non-prefixed global variable
#129	eCommerce Product Catalog Plugin for WordPress	24	621	3,177	7k+	12 years ago	29 days ago	Non-prefixed function
#130	Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress	24	652	1,495	60k+	12 years ago	2 days ago	Non-prefixed hook name
#131	EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more	24	669	1,550	100k+	10 years ago	2 days ago	Output is not escaped
#132	Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels	24	107	1,461	10k+	12 years ago	10 days ago	Non-prefixed global variable
#133	Event Tickets and Registration	24	3,411	4,217	90k+	11 years ago	2 days ago	Non-prefixed global variable
#134	Etsy Integration For WooCommerce	24	1,246	4,643	900	10 years ago	4 months ago	Non-prefixed global variable
#135	F12 Profiler	24	282	451	500	7 years ago	4 months ago	Direct Query
#136	Fast Velocity Minify	24	282	256	40k+	10 years ago	1 month ago	Unsafe printing function
#137	Featured Image from URL (FIFU)	24	1,654	418	70k+	11 years ago	5 months ago	Non Singular String Literal Domain
#138	FV Player 8	24	323	1,383	1k+	2 years ago	8 days ago	Non-prefixed function
#139	Cookie Banner for GDPR / CCPA – WPLP Cookie Consent	24	1,209	1,931	9k+	7 years ago	4 days ago	Non-prefixed global variable
#140	GS Behance Portfolio – Display Projects, Gallery & Slider	24	855	1,617	400	10 years ago	10 months ago	Non-prefixed global variable
#141	Koko Analytics – Privacy-Friendly WordPress Analytics	24	161	280	60k+	7 years ago	4 days ago	Short PHP open tag found
#142	LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes	24	414	1,176	10k+	10 years ago	yesterday	Non-prefixed global variable
#143	Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms	24	563	548	4k+	12 years ago	6 months ago	Text Domain Mismatch
#144	Event Booking Manager for WooCommerce	24	968	2,122	7k+	8 years ago	2 days ago	Non-prefixed global variable
#145	Mailchimp for WooCommerce	24	523	663	200k+	10 years ago	29 days ago	Non-prefixed global variable
#146	MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails	24	772	3,853	1k+	11 months ago	29 days ago	Direct Query
#147	Timetable and Event Schedule by MotoPress	24	456	232	30k+	10 years ago	3 days ago	Output is not escaped
#148	MxChat – AI Chatbot & Content Generation for WordPress	24	3,157	1,385	2k+	2 years ago	7 days ago	Text Domain Mismatch
#149	Simple Newsletter Plugin – Noptin	24	66	591	10k+	7 years ago	24 days ago	Non-prefixed global variable
#150	NEX-Forms – Ultimate Forms Plugin for WordPress	24	2,008	1,195	6k+	12 years ago	2 days ago	Text Domain Mismatch