WordPress.DB.RestrictedFunctions.mysql_mysqli_get_client_info
mysql mysqli get client info
The plugin uses a raw MySQL extension or class instead of WordPress database APIs.
Why It Shows Up
The scan found `mysql_*`, `mysqli_*`, PDO MySQL, or related database functions in plugin code.
Why It Matters
Bypassing `$wpdb` can ignore WordPress database configuration, escaping conventions, character sets, and compatibility layers.
How to Fix
- Replace raw MySQL calls with `$wpdb` methods or higher-level WordPress APIs.
- Use `$wpdb->prepare()` for dynamic values.
- If a third-party library requires a database connection, isolate it and document why WordPress APIs cannot be used.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | Output Not Escaped | |
| #2 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | Missing Arg Domain | |
| #3 | Softaculous | 23 | 116 | 49 | 10k+ | file system operations fread | |
| #4 | Ivory Search – WordPress Search Plugin | 24 | 1,176 | 1,688 | 100k+ | Non Prefixed Variable Found | |
| #5 | SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking | 25 | 196 | 902 | 2k+ | Direct Query | |
| #6 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | Non Prefixed Namespace Found |
