WordPress.DB.RestrictedFunctions.mysql_mysqli_affected_rows

mysql mysqli affected rows

The plugin uses a raw MySQL extension or class instead of WordPress database APIs.

medium weight

Why It Shows Up

The scan found `mysql_*`, `mysqli_*`, PDO MySQL, or related database functions in plugin code.

Why It Matters

Bypassing `$wpdb` can ignore WordPress database configuration, escaping conventions, character sets, and compatibility layers.

How to Fix

  • Replace raw MySQL calls with `$wpdb` methods or higher-level WordPress APIs.
  • Use `$wpdb->prepare()` for dynamic values.
  • If a third-party library requires a database connection, isolate it and document why WordPress APIs cannot be used.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1Matomo Analytics – Powerful, Privacy-First Insights for WordPress191,911877100k+Exception output is not escaped
#2Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+Output is not escaped
#3Prime Mover – Migrate WordPress Website & Backups221,3261,60010k+Non-prefixed global variable
#4WP STAGING – WordPress Backup, Restore, Migration & Clone231,4941,550100k+Non-prefixed global variable
#5Softaculous241154910k+file system operations fread
#6SQL Executioner7018172k+Non-prefixed global variable
#7Run SQL Query78138600Non-prefixed global variable