WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #851 | Booking Package | 25 | 1,700 | 3,977 | 10k+ | Missing nonce verification | ||
| #852 | Online Scheduling and Appointment Booking System – Bookly | 25 | 3,528 | 870 | 60k+ | Text Domain Mismatch | ||
| #853 | Breeze Cache | 25 | 217 | 790 | 400k+ | Non-prefixed global variable | ||
| #854 | Broken Link Checker | 25 | 727 | 600 | 500k+ | Output is not escaped | ||
| #855 | BuddyPress Docs | 25 | 284 | 421 | 7k+ | Nonce verification recommended | ||
| #856 | PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus | 25 | 362 | 1,586 | 100k+ | Non-prefixed global variable | ||
| #857 | SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce) | 25 | 235 | 214 | 10k+ | Database parameter is not escaped | ||
| #858 | GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time | 25 | 614 | 1,431 | 40k+ | Non-prefixed global variable | ||
| #859 | CheckoutWC Lite | 25 | 1,359 | 850 | 3k+ | Text Domain Mismatch | ||
| #860 | CheckView – Form & Checkout Testing | 25 | 66 | 337 | 1k+ | Direct Query | ||
| #861 | Admin Columns | 25 | 613 | 995 | 100k+ | Non-prefixed namespace | ||
| #862 | Colissimo shipping methods for WooCommerce | 25 | 1,755 | 557 | 10k+ | Text Domain Mismatch | ||
| #863 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | 25 | 99 | 1,035 | 700k+ | Non-prefixed global variable | ||
| #864 | Disable Comments & Delete All Comments | 25 | 503 | 185 | 9k+ | Output is not escaped | ||
| #865 | Coinbase Business Gateway for WooCommerce | 25 | 569 | 1,317 | 800 | Non-prefixed global variable | ||
| #866 | Conditional Payment Methods for WooCommerce | 25 | 548 | 1,398 | 1k+ | Non-prefixed global variable | ||
| #867 | Contact Form DB Divi | 25 | 533 | 1,299 | 3k+ | Non-prefixed global variable | ||
| #868 | Contact Form Email | 25 | 409 | 898 | 9k+ | Non-prefixed global variable | ||
| #869 | Coupon Creator | 25 | 698 | 412 | 1k+ | Output is not escaped | ||
| #870 | CP Contact Form with PayPal | 25 | 466 | 936 | 800 | Unsafe printing function | ||
| #871 | Cryptocurrency Payment Gateway | 25 | 1,963 | 589 | 400 | Text Domain Mismatch | ||
| #872 | CSS & JavaScript Toolbox | 25 | 155 | 617 | 10k+ | Non-prefixed class | ||
| #873 | Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | 25 | 554 | 982 | 200k+ | Output is not escaped | ||
| #874 | DecaLog | 25 | 943 | 236 | 1k+ | Exception output is not escaped | ||
| #875 | Demo Importer Plus | 25 | 58 | 239 | 10k+ | Non-prefixed hook name | ||
| #876 | Disable Admin Notices – Hide Dashboard Notifications | 25 | 465 | 195 | 100k+ | Output is not escaped | ||
| #877 | Docket Cache – Object Cache Accelerator | 25 | 333 | 481 | 20k+ | Output is not escaped | ||
| #878 | ELEX WooCommerce Dynamic Pricing and Discounts | 25 | 478 | 748 | 800 | Text Domain Mismatch | ||
| #879 | WEB-Translation – eTranslation Multilingual | 25 | 217 | 1,057 | 400 | Non-prefixed function | ||
| #880 | Show Eventbrite Events – Event Feed for Eventbrite | 25 | 595 | 1,525 | 900 | Non-prefixed global variable | ||
| #881 | Event Genius – Event Management, Events Calendar, Registration, and RSVP | 25 | 180 | 1,560 | 500 | Non-prefixed global variable | ||
| #882 | Events Made Easy | 25 | 507 | 6,299 | 1k+ | Non-prefixed function | ||
| #883 | F4 Post Tree | 25 | 536 | 1,332 | 500 | Non-prefixed global variable | ||
| #884 | 胖鼠采集(Fat Rat Collect) | 25 | 630 | 190 | 900 | Missing Arg Domain | ||
| #885 | FlatPM – Ad Manager, AdSense and Custom Code | 25 | 3,017 | 557 | 10k+ | Text Domain Mismatch | ||
| #886 | FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler | 25 | 319 | 466 | 7k+ | Non-prefixed global variable | ||
| #887 | Lightbox & Modal Popup WordPress Plugin – FooBox | 25 | 610 | 1,365 | 100k+ | Non-prefixed global variable | ||
| #888 | Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel | 25 | 876 | 1,798 | 100k+ | Non-prefixed global variable | ||
| #889 | AnWP Football Leagues | 25 | 3,287 | 1,954 | 900 | Text Domain Mismatch | ||
| #890 | WP Fast Total Search – The Power of Indexed Search | 25 | 209 | 291 | 1k+ | Non-prefixed global variable | ||
| #891 | FunnelKit – Funnel Builder for WooCommerce Checkout | 25 | 3,164 | 2,624 | 30k+ | Text Domain Mismatch | ||
| #892 | Photo Gallery by Ays – Responsive Image Gallery | 25 | 466 | 820 | 2k+ | Output is not escaped | ||
| #893 | GD Rating System | 25 | 1,511 | 1,043 | 1k+ | Output is not escaped | ||
| #894 | GD Security Headers | 25 | 407 | 521 | 1k+ | Output is not escaped | ||
| #895 | GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content | 25 | 87 | 863 | 6k+ | Non-prefixed global variable | ||
| #896 | Genesis Club Lite | 25 | 513 | 317 | 900 | Output is not escaped | ||
| #897 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | 25 | 50 | 1,043 | 1k+ | Non-prefixed global variable | ||
| #898 | Simple Giveaways – Grow your business, email lists and traffic with contests | 25 | 956 | 2,384 | 400 | Non-prefixed global variable | ||
| #899 | WPBruiser {no- Captcha anti-Spam} | 25 | 646 | 259 | 10k+ | Non Singular String Literal Domain | ||
| #900 | MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) | 25 | 116 | 441 | 2m+ | Nonce verification recommended |
