WordPress.DB.RestrictedFunctions.mysql_mysqli_free_result
mysql mysqli free result
The plugin uses a raw MySQL extension or class instead of WordPress database APIs.
Why It Shows Up
The scan found `mysql_*`, `mysqli_*`, PDO MySQL, or related database functions in plugin code.
Why It Matters
Bypassing `$wpdb` can ignore WordPress database configuration, escaping conventions, character sets, and compatibility layers.
How to Fix
- Replace raw MySQL calls with `$wpdb` methods or higher-level WordPress APIs.
- Use `$wpdb->prepare()` for dynamic values.
- If a third-party library requires a database connection, isolate it and document why WordPress APIs cannot be used.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,909 | 878 | 100k+ | Exception Not Escaped | |
| #2 | Brizy – Page Builder | 20 | 589 | 720 | 70k+ | Output Not Escaped | |
| #3 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | Output Not Escaped | |
| #4 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | 21 | 1,354 | 1,140 | 70k+ | Output Not Escaped | |
| #5 | Prime Mover – Migrate WordPress Website & Backups | 22 | 1,326 | 1,600 | 10k+ | Non Prefixed Variable Found | |
| #6 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 915 | 905 | 70k+ | Exception Not Escaped | |
| #7 | Softaculous | 23 | 116 | 49 | 10k+ | file system operations fread | |
| #8 | WP BackItUp Community Edition | 23 | 257 | 989 | 6k+ | Non Prefixed Variable Found | |
| #9 | WP STAGING – WordPress Backup, Restore & Migration | 23 | 1,414 | 1,327 | 100k+ | Non Prefixed Variable Found | |
| #10 | 404 Solution | 24 | 483 | 1,087 | 10k+ | Missing Unslash | |
| #11 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | Non Prefixed Variable Found | |
| #12 | User Spam Remover | 31 | 115 | 14 | 1k+ | Output Not Escaped | |
| #13 | PW WooCommerce Bulk Edit | 34 | 219 | 149 | 20k+ | Unsafe Printing Function | |
| #14 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | missing direct file access protection |
