WordPress.DB.RestrictedClasses.mysql__PDO
mysql PDO
The plugin uses a raw MySQL extension or class instead of WordPress database APIs.
Why It Shows Up
The scan found `mysql_*`, `mysqli_*`, PDO MySQL, or related database functions in plugin code.
Why It Matters
Bypassing `$wpdb` can ignore WordPress database configuration, escaping conventions, character sets, and compatibility layers.
How to Fix
- Replace raw MySQL calls with `$wpdb` methods or higher-level WordPress APIs.
- Use `$wpdb->prepare()` for dynamic values.
- If a third-party library requires a database connection, isolate it and document why WordPress APIs cannot be used.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | 19 | 1,218 | 901 | 100k+ | Exception Not Escaped | |
| #2 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,909 | 878 | 100k+ | Exception Not Escaped | |
| #3 | Captcha Them All | 21 | 300 | 323 | 6k+ | Output Not Escaped | |
| #4 | FileOrganizer – WordPress File Manager | 21 | 536 | 241 | 200k+ | unlink unlink | |
| #5 | Modular DS: Monitor, update, and backup multiple websites | 21 | 161 | 81 | 40k+ | Exception Not Escaped | |
| #6 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | Missing Arg Domain | |
| #7 | File Manager Pro – Filester | 22 | 565 | 391 | 100k+ | Missing Unslash | |
| #8 | WP OAuth Server (OAuth Authentication) | 22 | 189 | 347 | 3k+ | Non Prefixed Function Found | |
| #9 | ManageWP Worker | 22 | 507 | 565 | 1m+ | Non Prefixed Class Found | |
| #10 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 915 | 905 | 70k+ | Exception Not Escaped | |
| #11 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | Non Prefixed Namespace Found | |
| #12 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output Not Escaped | |
| #13 | SEO Redirection Plugin – 301 Redirect Manager | 23 | 272 | 727 | 10k+ | Non Prefixed Variable Found | |
| #14 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | Missing Translators Comment | |
| #15 | ELEX WooCommerce Request a Quote | 24 | 398 | 266 | 2k+ | Missing Unslash | |
| #16 | Database Manager – WP Adminer | 24 | 1,005 | 2,752 | 20k+ | Non Prefixed Variable Found | |
| #17 | SlimStat Analytics | 24 | 1,169 | 737 | 70k+ | Exception Not Escaped | |
| #18 | CheckoutWC Lite | 25 | 1,359 | 850 | 3k+ | Text Domain Mismatch | |
| #19 | DecaLog | 25 | 943 | 236 | 1k+ | Exception Not Escaped | |
| #20 | IP Location Block | 25 | 521 | 624 | 10k+ | Output Not Escaped | |
| #21 | Tamara Checkout | 25 | 601 | 228 | 2k+ | Exception Not Escaped | |
| #22 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | Non Prefixed Namespace Found | |
| #23 | BackUpWordPress | 27 | 245 | 271 | 90k+ | Non Prefixed Variable Found | |
| #24 | FG Joomla to WordPress | 27 | 278 | 101 | 7k+ | Unsafe Printing Function | |
| #25 | FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider | 29 | 74 | 78 | 600k+ | Missing Translators Comment | |
| #26 | PhastPress | 29 | 95 | 52 | 10k+ | Exception Not Escaped | |
| #27 | SQLite Database Integration | 29 | 161 | 89 | 3k+ | Exception Not Escaped | |
| #28 | YASR – Yet Another Star Rating Plugin for WordPress | 30 | 252 | 378 | 10k+ | Output Not Escaped | |
| #29 | FluentAuth – The Ultimate Authorization & Security Plugin for WordPress | 34 | 44 | 229 | 10k+ | Missing Unslash |
