PluginScore

WordPress.DB.DirectDatabaseQuery.SchemaChange

Schema Change

The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.

medium weight

Why It Shows Up

Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.

Why It Matters

Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.

How to Fix

  • Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
  • If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
  • Keep schema changes in activation or upgrade routines and make them idempotent.

References

WordPress database access

Affected Plugins

RankPluginScoreErrorsWarningsInstallsUpdatedTop Issue
#1BulletProof Security05,0484,94920k+2026-05-20Output Not Escaped
#2Plugin Check (PCP)012813210k+2026-05-29Exception Not Escaped
#3WP Import Export Lite1873897940k+2025-08-04Non Prefixed Variable Found
#4Element Pack – Widgets, Templates & Addons for Elementor199,448517100k+2026-06-16Text Domain Mismatch
#5Download Monitor194251,36480k+2026-06-16Non Prefixed Hookname Found
#6Event Organiser191,10654420k+2024-10-10Text Domain Mismatch
#7Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution191,218901100k+2026-06-09Exception Not Escaped
#8Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization191,2952,6799k+2026-06-15Output Not Escaped
#9Membership Plugin – Kadence Memberships195,0822,9829k+2026-05-26Text Domain Mismatch
#10SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments195261,11990k+2026-06-16Non Prefixed Variable Found
#11BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot205081,40630k+2026-06-18Non Prefixed Variable Found
#12GiveWP – Donation Plugin and Fundraising Platform203,4353,580100k+2026-06-15Output Not Escaped
#13Brevo – Email, SMS, Web Push, Chat, and more.20460646100k+2026-04-10Missing Unslash
#14Microthemer Lite – Visual Editor to Customize CSS201,0041,69910k+2026-04-15Non Prefixed Variable Found
#15Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF20557541100k+2026-05-19Output Not Escaped
#16Razorpay for WooCommerce20974855100k+2026-06-19Non Prefixed Function Found
#17Store Locator WordPress212,3721,57210k+2026-06-03Text Domain Mismatch
#18Backup Migration219811,09380k+2026-06-05Non Prefixed Variable Found
#19Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+2026-05-22Output Not Escaped
#20eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams211864379k+2026-04-13Non Prefixed Variable Found
#21Feeds for YouTube (YouTube video, channel, and gallery plugin)21558978100k+2026-06-10Output Not Escaped
#22Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More21521,959300k+2026-06-16Non Prefixed Variable Found
#23Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)214188511m+2026-06-01Non Prefixed Variable Found
#24MotoPress Hotel Booking213,0611,03710k+2026-06-15Text Domain Mismatch
#25Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred211,4693,33310k+2026-06-18Non Prefixed Variable Found
#26Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction211,9185,06510k+2026-06-02Non Prefixed Hookname Found
#27User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor216961,48350k+2026-06-10Recommended
#28Royal Addons for Elementor – Addons and Templates Kit for Elementor2113,0112,530600k+2026-06-08Text Domain Mismatch
#29Wordfence Security – Firewall, Malware Scan, and Login Security211,5922,9735m+2026-05-13Output Not Escaped
#30wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin211,3541,14070k+2026-06-08Output Not Escaped
#31Frontend Admin by DynamiApps225,9223,20810k+2026-06-17Text Domain Mismatch
#32Advanced Form Integration — Connect Forms to 200+ Apps225,7714,67810k+2026-06-18wp function not compatible with requires wp
#33Ajax Load More – Infinite Scroll, Load More, & Lazy Load2264159540k+2026-06-04Unsafe Printing Function
#34All-in-One Video Gallery229112,89220k+2026-05-11Non Prefixed Variable Found
#35Booking for Appointments and Events Calendar – Amelia221,48948090k+2026-06-18Exception Not Escaped
#36Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots221,6042,01910k+2026-06-10Direct Query
#37BuddyPress225839,008100k+2025-09-24Non Prefixed Function Found
#38Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms2249329510k+2026-03-26Text Domain Mismatch
#39Divi Carousel Lite – 17+ Carousel Module229671,27510k+2026-03-09Non Prefixed Variable Found
#40Passster – Password Protect Pages and Content225391,41910k+2026-06-02Non Prefixed Variable Found
#41RegistrationMagic – User Registration Forms Plugin223,6545,0628k+2026-06-20Non Prefixed Variable Found
#42Directorist: AI-Powered Business Directory, Listings & Classified Ads224432,12920k+2026-06-09Non Prefixed Variable Found
#43Download Manager222,2901,301100k+2026-06-16Output Not Escaped
#44E2Pdf – Export Pdf Tool for WordPress221,07583610k+2026-06-16Unsafe Printing Function
#45EleSpare – News, Magazine and Blog Addons for Elementor227331,42310k+2026-05-26Non Prefixed Variable Found
#46Estatik Real Estate Plugin223,04932510k+2026-06-13Text Domain Mismatch
#47Events Manager – Calendar, Bookings, Tickets, and more!224,7225,62170k+2026-06-19Output Not Escaped
#48Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder22409236700k+2026-06-09Text Domain Mismatch
#49GeoDirectory – WP Business Directory Plugin and Classified Listings Directory224,4623,97210k+2026-06-10Output Not Escaped
#50Anti-Malware Security and Brute-Force Firewall22544965100k+2026-03-09Output Not Escaped