WordPress.DB.DirectDatabaseQuery.DirectQuery
Direct Query
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | 2026-05-20 | Output Not Escaped |
| #2 | JetBackup – Backup, Restore & Migrate | 10 | 1,559 | 145 | 100k+ | 2026-05-03 | Exception Not Escaped |
| #3 | Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | 15 | 32 | 163 | 500k+ | 2026-04-01 | Direct Query |
| #4 | Visual Composer Website Builder | 16 | 82 | 320 | 40k+ | 2025-08-06 | Non Prefixed Variable Found |
| #5 | JetFormBuilder — Dynamic Blocks Form Builder | 17 | 2,094 | 1,588 | 90k+ | 2026-06-17 | Text Domain Mismatch |
| #6 | wpForo Forum | 17 | 4,033 | 2,922 | 20k+ | 2026-05-31 | Unsafe Printing Function |
| #7 | WPtouch – Make your WordPress Website Mobile-Friendly | 17 | 1,466 | 325 | 50k+ | 2025-12-04 | Text Domain Mismatch |
| #8 | Prime Slider Addons for Elementor | 18 | 3,500 | 230 | 100k+ | 2026-06-15 | Text Domain Mismatch |
| #9 | WP Import Export Lite | 18 | 738 | 979 | 40k+ | 2025-08-04 | Non Prefixed Variable Found |
| #10 | Element Pack – Widgets, Templates & Addons for Elementor | 19 | 9,448 | 517 | 100k+ | 2026-06-16 | Text Domain Mismatch |
| #11 | Download Monitor | 19 | 425 | 1,364 | 80k+ | 2026-06-16 | Non Prefixed Hookname Found |
| #12 | Event Organiser | 19 | 1,106 | 544 | 20k+ | 2024-10-10 | Text Domain Mismatch |
| #13 | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | 19 | 1,218 | 901 | 100k+ | 2026-06-09 | Exception Not Escaped |
| #14 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,909 | 878 | 100k+ | 2026-06-16 | Exception Not Escaped |
| #15 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | 2026-06-17 | Missing Translators Comment |
| #16 | SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments | 19 | 526 | 1,119 | 90k+ | 2026-06-16 | Non Prefixed Variable Found |
| #17 | BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot | 20 | 508 | 1,406 | 30k+ | 2026-06-18 | Non Prefixed Variable Found |
| #18 | Brizy – Page Builder | 20 | 589 | 720 | 70k+ | 2026-06-09 | Output Not Escaped |
| #19 | Filter Everything — WordPress & WooCommerce Filters | 20 | 568 | 730 | 50k+ | 2026-06-18 | Output Not Escaped |
| #20 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,435 | 3,580 | 100k+ | 2026-06-15 | Output Not Escaped |
| #21 | Brevo – Email, SMS, Web Push, Chat, and more. | 20 | 460 | 646 | 100k+ | 2026-04-10 | Missing Unslash |
| #22 | Microthemer Lite – Visual Editor to Customize CSS | 20 | 1,004 | 1,699 | 10k+ | 2026-04-15 | Non Prefixed Variable Found |
| #23 | Nimble Page Builder | 20 | 1,591 | 1,684 | 30k+ | 2025-03-24 | Missing Arg Domain |
| #24 | Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF | 20 | 557 | 541 | 100k+ | 2026-05-19 | Output Not Escaped |
| #25 | Razorpay for WooCommerce | 20 | 974 | 855 | 100k+ | 2026-06-19 | Non Prefixed Function Found |
| #26 | Store Locator WordPress | 21 | 2,372 | 1,572 | 10k+ | 2026-06-03 | Text Domain Mismatch |
| #27 | Backup Migration | 21 | 981 | 1,093 | 80k+ | 2026-06-05 | Non Prefixed Variable Found |
| #28 | bbPress | 21 | 929 | 3,672 | 100k+ | 2025-07-02 | Non Prefixed Function Found |
| #29 | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | 21 | 461 | 614 | 200k+ | 2026-06-02 | Text Domain Mismatch |
| #30 | Smart Grid-Layout Design for Contact Form 7 | 21 | 1,126 | 734 | 10k+ | 2026-05-08 | Output Not Escaped |
| #31 | Comet Cache | 21 | 857 | 245 | 20k+ | 2025-07-02 | Output Not Escaped |
| #32 | Cost Calculator Builder | 21 | 322 | 765 | 30k+ | 2026-06-19 | Non Prefixed Variable Found |
| #33 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | 2026-05-22 | Output Not Escaped |
| #34 | Envo Extra | 21 | 878 | 600 | 20k+ | 2026-05-27 | Text Domain Mismatch |
| #35 | Feeds for YouTube (YouTube video, channel, and gallery plugin) | 21 | 558 | 978 | 100k+ | 2026-06-10 | Output Not Escaped |
| #36 | Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More | 21 | 52 | 1,959 | 300k+ | 2026-06-16 | Non Prefixed Variable Found |
| #37 | Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF) | 21 | 418 | 851 | 1m+ | 2026-06-01 | Non Prefixed Variable Found |
| #38 | Modular DS: Monitor, update, and backup multiple websites | 21 | 161 | 81 | 40k+ | 2026-05-22 | Exception Not Escaped |
| #39 | MotoPress Hotel Booking | 21 | 3,061 | 1,037 | 10k+ | 2026-06-15 | Text Domain Mismatch |
| #40 | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | 21 | 1,469 | 3,333 | 10k+ | 2026-06-18 | Non Prefixed Variable Found |
| #41 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | 21 | 1,918 | 5,065 | 10k+ | 2026-06-02 | Non Prefixed Hookname Found |
| #42 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | 21 | 696 | 1,483 | 50k+ | 2026-06-10 | Recommended |
| #43 | Five Star Restaurant Reservations – WordPress Booking Plugin | 21 | 1,099 | 1,147 | 10k+ | 2026-06-19 | Output Not Escaped |
| #44 | Royal Addons for Elementor – Addons and Templates Kit for Elementor | 21 | 13,011 | 2,530 | 600k+ | 2026-06-08 | Text Domain Mismatch |
| #45 | Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic | 21 | 327 | 181 | 10k+ | 2024-11-05 | Output Not Escaped |
| #46 | Accept Stripe Payments | 21 | 373 | 882 | 20k+ | 2026-05-07 | Missing |
| #47 | ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin | 21 | 190 | 660 | 30k+ | 2026-05-27 | Non Prefixed Variable Found |
| #48 | Revive Social – Social Media Auto Post and Scheduling Automation Plugin | 21 | 255 | 425 | 20k+ | 2026-05-21 | Non Prefixed Hookname Found |
| #49 | WCFM – Frontend Manager for WooCommerce | 21 | 4,721 | 5,067 | 20k+ | 2026-04-25 | Non Prefixed Variable Found |
| #50 | WebP Express | 21 | 160 | 427 | 300k+ | 2026-06-19 | Non Prefixed Variable Found |
