WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1051 | YITH WooCommerce Product Slider Carousel | 30 | 389 | 1,479 | 4k+ | Non-prefixed global variable | ||
| #1052 | Zoho CRM Lead Magnet | 30 | 101 | 1,025 | 3k+ | Request data is not unslashed | ||
| #1053 | Advanced Woo Search – Product Search for WooCommerce | 31 | 228 | 377 | 70k+ | Nonce verification recommended | ||
| #1054 | All-in-one contact buttons – WPSHARE247 | 31 | 108 | 113 | 4k+ | Non-prefixed global variable | ||
| #1055 | Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter | 31 | 57 | 196 | 50k+ | Nonce verification recommended | ||
| #1056 | Asgaros Forum | 31 | 167 | 412 | 10k+ | Output is not escaped | ||
| #1057 | The SEO Framework – Fast, Automated, Effortless. | 31 | 363 | 609 | 200k+ | Non-prefixed global variable | ||
| #1058 | Better Robots.txt – AI-Ready Crawl Control & Bot Governance | 31 | 90 | 85 | 6k+ | Text Domain Mismatch | ||
| #1059 | cformsII | 31 | 777 | 536 | 4k+ | Unsafe printing function | ||
| #1060 | CleverReach® WP | 31 | 103 | 93 | 4k+ | Non-prefixed global variable | ||
| #1061 | Compliance by Hu-manity.co | 31 | 154 | 336 | 900k+ | Missing nonce verification | ||
| #1062 | Copy Anything to Clipboard for WordPress – Copy Button, Copy Text & Copy Code | 31 | 525 | 131 | 10k+ | Text Domain Mismatch | ||
| #1063 | Customer Email Verification for WooCommerce | 31 | 192 | 290 | 2k+ | Non-prefixed global variable | ||
| #1064 | MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions | 31 | 664 | 273 | 3k+ | Text Domain Mismatch | ||
| #1065 | Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) | 31 | 113 | 233 | 2k+ | Non-prefixed namespace | ||
| #1066 | EnvoThemes Demo Import | 31 | 221 | 140 | 3k+ | Output is not escaped | ||
| #1067 | افزونه پیامک حرفه ای فراز اس ام اس | 31 | 89 | 180 | 2k+ | wp function not compatible with requires wp | ||
| #1068 | FastDup – Fastest WordPress Migration & Duplicator | 31 | 83 | 66 | 5k+ | wp function not compatible with requires wp | ||
| #1069 | Form Vibes – Database Manager for Forms | 31 | 176 | 284 | 10k+ | Text Domain Mismatch | ||
| #1070 | FraudLabs Pro for WooCommerce | 31 | 169 | 213 | 1k+ | Request data is not unslashed | ||
| #1071 | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | 31 | 402 | 156 | 1k+ | Text Domain Mismatch | ||
| #1072 | HT Easy GA4 – Google Analytics WordPress Plugin | 31 | 475 | 93 | 6k+ | Text Domain Mismatch | ||
| #1073 | Easy HTTPS Redirection (SSL) | 31 | 224 | 100 | 100k+ | Unsafe printing function | ||
| #1074 | Image Hotspot – Map Image Annotation | 31 | 95 | 283 | 3k+ | Non-prefixed global variable | ||
| #1075 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #1076 | Linguise – AI Automatic Multilingual Translation | 31 | 61 | 280 | 1k+ | Non-prefixed global variable | ||
| #1077 | Login rebuilder | 31 | 406 | 226 | 20k+ | Non Singular String Literal Domain | ||
| #1078 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #1079 | Melapress Login Security | 31 | 69 | 278 | 2k+ | Non-prefixed global variable | ||
| #1080 | Patreon WordPress | 31 | 276 | 339 | 3k+ | Output is not escaped | ||
| #1081 | افزونه پیامک ووکامرس Persian WooCommerce SMS | 31 | 72 | 269 | 40k+ | Nonce verification recommended | ||
| #1082 | Portfolio, Gallery, Product Catalog – Grid KIT Portfolio | 31 | 61 | 329 | 6k+ | Non-prefixed global variable | ||
| #1083 | Post Pay Counter | 31 | 639 | 238 | 2k+ | Output is not escaped | ||
| #1084 | Product Configurator for WooCommerce | 31 | 41 | 557 | 3k+ | Non-prefixed hook name | ||
| #1085 | Active Products Tables for WooCommerce. Use constructor to create tables | 31 | 364 | 424 | 1k+ | Output is not escaped | ||
| #1086 | Qode Essential Addons | 31 | 55 | 295 | 10k+ | Non-prefixed global variable | ||
| #1087 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | 31 | 45 | 373 | 4m+ | Non-prefixed global variable | ||
| #1088 | Slider Carousel – Image Slider | 31 | 224 | 1,233 | 3k+ | Request data is not unslashed | ||
| #1089 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #1090 | Stackable – Page Builder Gutenberg Blocks | 31 | 477 | 90 | 100k+ | Non Singular String Literal Domain | ||
| #1091 | WP Testimonials | 31 | 183 | 455 | 10k+ | Non-prefixed global variable | ||
| #1092 | Tutor LMS Elementor Addons | 31 | 227 | 457 | 30k+ | Non-prefixed global variable | ||
| #1093 | User Spam Remover | 31 | 115 | 14 | 1k+ | Output is not escaped | ||
| #1094 | Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification | 31 | 284 | 830 | 2k+ | Missing nonce verification | ||
| #1095 | Web Push Notifications – Webpushr | 31 | 169 | 293 | 10k+ | Output is not escaped | ||
| #1096 | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | 31 | 63 | 933 | 6k+ | Interpolated SQL is not prepared | ||
| #1097 | Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets | 31 | 837 | 295 | 100k+ | Unsafe printing function | ||
| #1098 | WooCommerce Legacy REST API | 31 | 324 | 177 | 400k+ | Missing Translators Comment | ||
| #1099 | Tooltips for WordPress | 31 | 312 | 252 | 5k+ | Output is not escaped | ||
| #1100 | WPGatsby | 31 | 125 | 55 | 3k+ | Text Domain Mismatch |
