WordPress.DB.RestrictedFunctions.mysql_mysqli_connect
mysql mysqli connect
The plugin uses a raw MySQL extension or class instead of WordPress database APIs.
Why It Shows Up
The scan found `mysql_*`, `mysqli_*`, PDO MySQL, or related database functions in plugin code.
Why It Matters
Bypassing `$wpdb` can ignore WordPress database configuration, escaping conventions, character sets, and compatibility layers.
How to Fix
- Replace raw MySQL calls with `$wpdb` methods or higher-level WordPress APIs.
- Use `$wpdb->prepare()` for dynamic values.
- If a third-party library requires a database connection, isolate it and document why WordPress APIs cannot be used.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Backup Migration | 21 | 981 | 1,093 | 80k+ | Non Prefixed Variable Found | |
| #2 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | Missing Arg Domain | |
| #3 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | 21 | 1,354 | 1,140 | 70k+ | Output Not Escaped | |
| #4 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | Non Singular String Literal Domain | |
| #5 | File Manager | 22 | 740 | 520 | 1m+ | Unsafe Printing Function | |
| #6 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 264 | 1,018 | 5k+ | Non Prefixed Variable Found | |
| #7 | Redirection | 23 | 523 | 457 | 100k+ | Non Prefixed Variable Found | |
| #8 | Softaculous | 23 | 116 | 49 | 10k+ | file system operations fread | |
| #9 | Clone | 23 | 244 | 262 | 40k+ | Output Not Escaped | |
| #10 | A2 Optimized WP – Turbocharge and secure your WordPress site | 24 | 271 | 231 | 60k+ | Missing Arg Domain | |
| #11 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | Non Prefixed Variable Found | |
| #12 | Data Tables Generator by Supsystic | 25 | 138 | 82 | 10k+ | Exception Not Escaped | |
| #13 | TranslatePress – Translate Multilingual sites with AI Translation | 25 | 452 | 1,541 | 400k+ | Non Prefixed Hookname Found | |
| #14 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | Unsafe Printing Function | |
| #15 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | Output Not Escaped | |
| #16 | Duplicate Post | 27 | 447 | 274 | 300k+ | Unsafe Printing Function | |
| #17 | Void Contact Form 7 Widget For Elementor Page Builder | 28 | 279 | 66 | 10k+ | Text Domain Mismatch | |
| #18 | Pop-up | 31 | 103 | 91 | 10k+ | Output Not Escaped | |
| #19 | Ultimate Posts Widget | 31 | 309 | 86 | 10k+ | Output Not Escaped | |
| #20 | Enhanced Text Widget | 34 | 101 | 58 | 30k+ | Output Not Escaped | |
| #21 | SSL Mixed Content Fix | 34 | 53 | 65 | 8k+ | Output Not Escaped | |
| #22 | Graphina – Charts and Graphs For Elementor | 39 | 1,895 | 113 | 10k+ | Text Domain Mismatch | |
| #23 | Display PHP Version | 96 | 6 | 2 | 30k+ | Not In Footer |
