WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare

Unfinished Prepare

A SQL query is built in a way that Plugin Check cannot verify as safely prepared.

critical weight

Why It Shows Up

The scan found missing, incorrect, quoted, unsupported, or mismatched SQL placeholders around `$wpdb->prepare()` usage.

Why It Matters

Broken preparation can leave dynamic SQL values unsafe or make queries behave differently than intended.

How to Fix

  • Keep placeholders in the SQL string and pass dynamic values as separate arguments.
  • Use the placeholder that matches the value type.
  • Do not quote placeholders manually, and use allowlists for identifiers or SQL fragments.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#401Maps Plugin using Google Maps for WordPress – WP Google Map482893810k+wp function not compatible with requires wp
#402Simple Custom Post Order481077300k+Direct Query
#403FlexStock – Product Stock Sync with Google Sheets for WooCommerce48241700Direct Query
#404User Activity Tracking and Log51282373k+Non-prefixed global variable
#405Connect Contact Form 7 and Mailchimp532365240k+Text Domain Mismatch
#406Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]5315461m+Non-prefixed global variable
#407ProductFrame – Curated products from affiliate feeds55385400Direct Query
#408Booking Calendar56164050k+wp function not compatible with requires wp
#409Hide Posts5997020k+Direct Query
#410CommerceBird – AI Command Center, ERP Integrations & B2B for WooCommerce (Zoho, Exact Online).613162500Direct Query
#411Collapsing Archives643693k+date date
#412Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini646346k+Interpolated SQL is not prepared
#413AdSimple Cookie Consent Banner6555109600wp function not compatible with requires wp
#414WebToffee WooCommerce Product Feeds – Google Shopping, Pinterest, TikTok Ads, & More671782,8992k+Non-prefixed hook name
#415Ambrosite Next/Previous Post Link Plus6912245k+Interpolated SQL is not prepared
#416WP Bulk Delete69744100k+Non-prefixed hook name
#417Ambrosite Next/Previous Page Link Plus701121900Interpolated SQL is not prepared
#418PatternsWP – Gutenberg Block Patterns & Page Templates Library78125500Non-prefixed constant
#419WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets80261830k+Missing direct file access protection
#420Bulky – Bulk Edit Products for WooCommerce8132110k+Non-prefixed hook name
#421ShipStation for WooCommerce813440k+Non-prefixed class
#422Hide Related Video Youtube90381k+Direct Query
#423Autoload Optimizer9213500Direct Query