WordPress.DB.PreparedSQL.InterpolatedNotPrepared

Interpolated SQL is not prepared

Variables are interpolated into a SQL string before the query is prepared.

critical weight

Why It Shows Up

The scan found dynamic values placed directly inside SQL, often through string interpolation, before `$wpdb->prepare()` can safely bind them.

Why It Matters

Preparing a query after unsafe interpolation does not reliably protect the dynamic value.

How to Fix

Replace interpolated variables with placeholders.
Pass each dynamic value as a separate `$wpdb->prepare()` argument.
Use allowlists for SQL identifiers and directions that cannot be represented as normal values.

References

WordPress database access

Affected Plugins

Rank	Plugin	Score	Errors	Warnings	Installs	Updated	Top Issue
#1	BulletProof Security	0	5,048	4,949	20k+	1 month ago	Output Not Escaped
#2	Themify Builder	9	5,195	2,096	5k+	5 days ago	Text Domain Mismatch
#3	AnyComment	17	445	449	5k+	4 years ago	Output Not Escaped
#4	JetFormBuilder — Dynamic Blocks Form Builder	17	2,094	1,588	90k+	4 days ago	Text Domain Mismatch
#5	wpForo Forum	17	4,033	2,922	20k+	21 days ago	Unsafe Printing Function
#6	WPtouch – Make your WordPress Website Mobile-Friendly	17	1,466	325	50k+	7 months ago	Text Domain Mismatch
#7	Prime Slider Addons for Elementor	18	3,500	230	100k+	6 days ago	Text Domain Mismatch
#8	WP Import Export Lite	18	738	979	40k+	11 months ago	Non Prefixed Variable Found
#9	Element Pack – Widgets, Templates & Addons for Elementor	19	9,448	517	100k+	5 days ago	Text Domain Mismatch
#10	Download Monitor	19	425	1,364	80k+	5 days ago	Non Prefixed Hookname Found
#11	Event Organiser	19	1,106	544	20k+	2 years ago	Text Domain Mismatch
#12	Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution	19	1,218	901	100k+	12 days ago	Exception Not Escaped
#13	Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps)	19	3,275	3,228	10k+	7 months ago	Output Not Escaped
#14	Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization	19	1,295	2,679	9k+	6 days ago	Output Not Escaped
#15	Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)	19	541	385	3m+	4 days ago	Missing Translators Comment
#16	Membership Plugin – Kadence Memberships	19	5,082	2,982	9k+	26 days ago	Text Domain Mismatch
#17	SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments	19	526	1,119	90k+	5 days ago	Non Prefixed Variable Found
#18	BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot	20	508	1,406	30k+	3 days ago	Non Prefixed Variable Found
#19	Brizy – Page Builder	20	589	720	70k+	12 days ago	Output Not Escaped
#20	Filter Everything — WordPress & WooCommerce Filters	20	568	730	50k+	3 days ago	Output Not Escaped
#21	GiveWP – Donation Plugin and Fundraising Platform	20	3,435	3,580	100k+	6 days ago	Output Not Escaped
#22	Link Library	20	1,941	1,397	10k+	2 months ago	Unsafe Printing Function
#23	Brevo – Email, SMS, Web Push, Chat, and more.	20	460	646	100k+	2 months ago	Missing Unslash
#24	Microthemer Lite – Visual Editor to Customize CSS	20	1,004	1,699	10k+	2 months ago	Non Prefixed Variable Found
#25	Pix por Piggly (para Woocommerce)	20	547	195	4k+	2 years ago	Exception Not Escaped
#26	Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF	20	557	541	100k+	1 month ago	Output Not Escaped
#27	Razorpay for WooCommerce	20	974	855	100k+	2 days ago	Non Prefixed Function Found
#28	WPJAM Basic	20	328	356	4k+	5 days ago	Output Not Escaped
#29	Store Locator WordPress	21	2,372	1,572	10k+	18 days ago	Text Domain Mismatch
#30	Backup Migration	21	981	1,093	80k+	16 days ago	Non Prefixed Variable Found
#31	bbPress	21	929	3,672	100k+	12 months ago	Non Prefixed Function Found
#32	Captcha Them All	21	300	323	6k+	3 years ago	Output Not Escaped
#33	CartFlows – Funnel Builder & Checkout Plugin for WooCommerce	21	461	614	200k+	19 days ago	Text Domain Mismatch
#34	Smart Grid-Layout Design for Contact Form 7	21	1,126	734	10k+	1 month ago	Output Not Escaped
#35	Free Downloads WooCommerce	21	430	359	4k+	1 month ago	Output Not Escaped
#36	Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More	21	2,572	1,277	1m+	1 month ago	Output Not Escaped
#37	eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams	21	186	437	9k+	2 months ago	Non Prefixed Variable Found
#38	ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support	21	829	5,966	5k+	3 days ago	Direct Query
#39	EventPrime – Events Calendar, Bookings and Tickets	21	872	4,297	7k+	yesterday	Non Prefixed Variable Found
#40	Feeds for YouTube (YouTube video, channel, and gallery plugin)	21	558	978	100k+	11 days ago	Output Not Escaped
#41	If-So Dynamic Content – Elementor & All Page Builders Personalization	21	889	725	7k+	24 days ago	Unsafe Printing Function
#42	Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF)	21	418	851	1m+	20 days ago	Non Prefixed Variable Found
#43	MotoPress Hotel Booking	21	3,061	1,037	10k+	6 days ago	Text Domain Mismatch
#44	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	21	1,469	3,333	10k+	3 days ago	Non Prefixed Variable Found
#45	Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages	21	1,173	2,983	9k+	19 days ago	Non Prefixed Variable Found
#46	Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction	21	1,918	5,065	10k+	19 days ago	Non Prefixed Hookname Found
#47	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	21	696	1,483	50k+	11 days ago	Recommended
#48	PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board	21	603	890	6k+	1 month ago	Output Not Escaped
#49	Five Star Restaurant Reservations – WordPress Booking Plugin	21	1,099	1,147	10k+	2 days ago	Output Not Escaped
#50	Royal Addons for Elementor – Addons and Templates Kit for Elementor	21	13,011	2,530	600k+	13 days ago	Text Domain Mismatch