WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1301 | WP Custom Admin Interface | 34 | 263 | 118 | 30k+ | Unsafe printing function | |
| #1302 | WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters | 34 | 219 | 453 | 60k+ | wp function not compatible with requires wp | |
| #1303 | Insert Headers And Footers | 34 | 83 | 113 | 300k+ | Non-prefixed global variable | |
| #1304 | WP Mail Logging | 34 | 76 | 258 | 300k+ | Nonce verification recommended | |
| #1305 | LightStart – Maintenance Mode, Coming Soon and Landing Page Builder | 34 | 42 | 312 | 400k+ | Request data is not unslashed | |
| #1306 | WP Popup Builder – Popup Forms and Marketing Lead Generation | 34 | 357 | 143 | 3k+ | Text Domain Mismatch | |
| #1307 | Thumbnail carousel slider | 34 | 277 | 143 | 2k+ | Output is not escaped | |
| #1308 | WP Ultimate Post Grid | 34 | 114 | 74 | 4k+ | Missing direct file access protection | |
| #1309 | Live Visitor Counter | 34 | 108 | 114 | 4k+ | Interpolated SQL is not prepared | |
| #1310 | YourChannel: Everything you want in a YouTube plugin. | 34 | 262 | 115 | 10k+ | Text Domain Mismatch | |
| #1311 | Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades | 34 | 571 | 195 | 100k+ | Output is not escaped | |
| #1312 | Zero Spam for WordPress | 34 | 79 | 393 | 20k+ | Non-prefixed global variable | |
| #1313 | zipMoney(Zip Co) Payments Plugin for WooCommerce | 34 | 147 | 70 | 2k+ | Text Domain Mismatch | |
| #1314 | SOOZ – AI for SEO – Bulk Generate Focus Keyphrases, Metadata, Alt Text (SEO Autopilot) | 35 | 44 | 394 | 2k+ | Nonce verification recommended | |
| #1315 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | Non-prefixed global variable | |
| #1316 | Automatic YouTube Gallery | 35 | 83 | 59 | 9k+ | Output is not escaped | |
| #1317 | BabyLoveGrowth Integration | 35 | 2 | 9 | 1k+ | Direct Query | |
| #1318 | BackWPup – WordPress Backup & Restore Plugin | 35 | 12 | 779 | 500k+ | Non-prefixed global variable | |
| #1319 | Basic Google Maps Placemarks | 35 | 189 | 80 | 3k+ | Output is not escaped | |
| #1320 | bbPress Notify (No-Spam) | 35 | 62 | 66 | 2k+ | wp function not compatible with requires wp | |
| #1321 | Better Recent Comments | 35 | 127 | 29 | 2k+ | Text Domain Mismatch | |
| #1322 | BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library | 35 | 56 | 16 | 10k+ | block api version too low | |
| #1323 | BlossomThemes Toolkit | 35 | 347 | 52 | 30k+ | Output is not escaped | |
| #1324 | Bluehost Site Migrator | 35 | 11 | 18 | 4k+ | Missing direct file access protection | |
| #1325 | BotWriter – AI Writer & SEO Content Generator | 35 | 16 | 503 | 3k+ | Direct Query | |
| #1326 | Registration Options for BuddyPress | 35 | 47 | 132 | 1k+ | Non-prefixed function | |
| #1327 | Brozzme DB Prefix & Tools Addons | 35 | 24 | 42 | 9k+ | Request data is not unslashed | |
| #1328 | Cache Enabler | 35 | 44 | 75 | 90k+ | Input is not sanitized | |
| #1329 | CatFolders – WordPress Media Library Folders & Categories | 35 | 35 | 76 | 6k+ | Direct Query | |
| #1330 | CF7 Views – Complete Entry Management for Contact Form 7 | 35 | 172 | 181 | 1k+ | Output is not escaped | |
| #1331 | Change Username | 35 | 7 | 10 | 4k+ | Direct Query | |
| #1332 | CompressX — AVIF & WebP Converter, Media Replacement | 35 | 26 | 423 | 40k+ | Missing nonce verification | |
| #1333 | Conditional Widgets | 35 | 67 | 33 | 7k+ | Output is not escaped | |
| #1334 | Cookies and Content Security Policy | 35 | 261 | 412 | 10k+ | Output is not escaped | |
| #1335 | Core Framework | 35 | 70 | 62 | 10k+ | Text Domain Mismatch | |
| #1336 | CubeWP Framework | 35 | 114 | 71 | 4k+ | wp function not compatible with requires wp | |
| #1337 | Customizer Backup & Reset | 35 | 8 | 10 | 7k+ | Output is not escaped | |
| #1338 | Datafeedr Product Sets | 35 | 602 | 206 | 5k+ | Output is not escaped | |
| #1339 | DesignSetGo | 35 | 20 | 313 | 4k+ | Non-prefixed global variable | |
| #1340 | PiWeb Disable payment method / Partial payment for WooCommerce | 35 | 55 | 221 | 4k+ | Non-prefixed class | |
| #1341 | Disk Usage Sunburst | 35 | 30 | 34 | 9k+ | Output is not escaped | |
| #1342 | DOOFINDER Search and Discovery for WP & WooCommerce | 35 | 151 | 120 | 2k+ | Text Domain Mismatch | |
| #1343 | DynamicTags | 35 | 116 | 16 | 2k+ | Text Domain Mismatch | |
| #1344 | Product Bundle Builder for WooCommerce | 35 | 156 | 134 | 6k+ | Text Domain Mismatch | |
| #1345 | Easy Social Icons | 35 | 182 | 158 | 20k+ | Output is not escaped | |
| #1346 | Ele Conditions for Elementor | 35 | 2 | 7 | 4k+ | Request data is not unslashed | |
| #1347 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | |
| #1348 | Elements Hive for Breakdance | 35 | 76 | 25 | 1k+ | Output is not escaped | |
| #1349 | Email Subscription Popup — Newsletter & GDPR Consent | 35 | 683 | 193 | 1k+ | Output is not escaped | |
| #1350 | EnvíaloSimple: Email Marketing y Newsletters | 35 | 147 | 250 | 2k+ | Nonce verification recommended |
