WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1351 | Equivalent Mobile Redirect | 35 | 29 | 17 | 2k+ | Text Domain Mismatch | |
| #1352 | EWWW Image Optimizer | 35 | 225 | 729 | 1m+ | Direct Query | |
| #1353 | Expire User Passwords | 35 | 3 | 15 | 3k+ | Nonce verification recommended | |
| #1354 | Export Featured Images | 35 | 176 | 67 | 1k+ | Output is not escaped | |
| #1355 | Extendify | 35 | 117 | 168 | 500k+ | Non-prefixed global variable | |
| #1356 | WP2Social Auto Publish | 35 | 643 | 215 | 9k+ | Unsafe printing function | |
| #1357 | Force Regenerate Thumbnails | 35 | 12 | 17 | 200k+ | unlink unlink | |
| #1358 | Full Width Banner Slider Wp | 35 | 239 | 140 | 2k+ | Output is not escaped | |
| #1359 | Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery | 35 | 50 | 199 | 10k+ | Non-prefixed global variable | |
| #1360 | GD bbPress Attachments | 35 | 2 | 10 | 6k+ | wp redirect wp redirect | |
| #1361 | GDPR Compliance & Cookie Consent | 35 | 251 | 61 | 4k+ | Output is not escaped | |
| #1362 | GeoTargeting Lite – WordPress Geolocation | 35 | 66 | 79 | 1k+ | Output is not escaped | |
| #1363 | Glossary | 35 | 169 | 93 | 2k+ | Non Singular String Literal Domain | |
| #1364 | Google Analytics Opt-Out | 35 | 34 | 7 | 5k+ | Output is not escaped | |
| #1365 | Gravitec.net – Web Push Notifications | 35 | 47 | 52 | 1k+ | wp function not compatible with requires wp | |
| #1366 | Ultimate Addons for Elementor | 35 | 70 | 226 | 2m+ | Non-prefixed hook name | |
| #1367 | Health Check & Troubleshooting | 35 | 264 | 238 | 300k+ | Missing Arg Domain | |
| #1368 | HivePress – Business Directory, Listings & Classified Ads Plugin | 35 | 38 | 180 | 10k+ | Direct Query | |
| #1369 | HookMeUp for WooCommerce | 35 | 59 | 29 | 10k+ | Output is not escaped | |
| #1370 | Hyve Lite – AI Chatbot, ChatGPT-Powered Conversational Support | 35 | 1 | 40 | 7k+ | Direct Query | |
| #1371 | ImageMagick Engine | 35 | 63 | 29 | 60k+ | Unsafe printing function | |
| #1372 | User Import with meta – WP Ultimate CSV Importer Add-on | 35 | 27 | 140 | 5k+ | Interpolated SQL is not prepared | |
| #1373 | Imsanity | 35 | 32 | 29 | 200k+ | Direct Query | |
| #1374 | InPost PL | 35 | 2 | 925 | 10k+ | Non-prefixed global variable | |
| #1375 | Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts | 35 | 64 | 91 | 60k+ | Output is not escaped | |
| #1376 | Social Feed Gallery | 35 | 104 | 52 | 80k+ | Text Domain Mismatch | |
| #1377 | Instapage Plugin | 35 | 220 | 45 | 5k+ | Output is not escaped | |
| #1378 | iPages – FlipBook Image & PDF Viewer | 35 | 467 | 177 | 2k+ | Text Domain Mismatch | |
| #1379 | JWT Auth – WordPress JSON Web Token Authentication | 35 | 14 | 18 | 6k+ | Output is not escaped | |
| #1380 | KBoard 위젯 – 워드프레스 게시판 | 35 | 53 | 32 | 3k+ | Output is not escaped | |
| #1381 | Kirki – Freeform Page Builder, Website Builder & Customizer | 35 | 775 | 500k+ | Nonce verification recommended | ||
| #1382 | Lead Form Builder & Contact Form | 35 | 400 | 345 | 9k+ | Output is not escaped | |
| #1383 | LiteSpeed Cache | 35 | 286 | 893 | 7m+ | Non-prefixed global variable | |
| #1384 | Log HTTP Requests | 35 | 7 | 18 | 2k+ | Interpolated SQL is not prepared | |
| #1385 | Login Page Styler – Custom WordPress Login Page Customizer & Security | 35 | 125 | 168 | 2k+ | Missing Arg Domain | |
| #1386 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | Missing direct file access protection | |
| #1387 | Mark Posts | 35 | 30 | 34 | 1k+ | Output is not escaped | |
| #1388 | Mechanic Visitor Counter | 35 | 240 | 66 | 8k+ | Output is not escaped | |
| #1389 | Restaurant Menu – Food Ordering System – Table Reservation | 35 | 317 | 186 | 8k+ | Unsafe printing function | |
| #1390 | MetaSlider Gallery – Image Gallery, Lightbox Galleries, Modal Windows | 35 | 157 | 49 | 10k+ | Output is not escaped | |
| #1391 | Hide from Search | 35 | 5 | 8 | 3k+ | Missing direct file access protection | |
| #1392 | NS Cloner – Site Copier | 35 | 29 | 16 | 7k+ | Missing direct file access protection | |
| #1393 | Fonts Plugin | Google Fonts, Adobe Fonts & Upload Fonts | 35 | 41 | 8 | 200k+ | Missing direct file access protection | |
| #1394 | One Page Express Companion | 35 | 132 | 65 | 10k+ | Output is not escaped | |
| #1395 | ONet Regenerate Thumbnails | 35 | 190 | 64 | 1k+ | Text Domain Mismatch | |
| #1396 | OPcache Manager | 35 | 155 | 75 | 1k+ | Output is not escaped | |
| #1397 | Orderable – Restaurant & Food Ordering System | 35 | 12 | 324 | 5k+ | Non-prefixed global variable | |
| #1398 | Paytm Payment Gateway | 35 | 92 | 104 | 3k+ | Missing Arg Domain | |
| #1399 | Perfecty Push Notifications | 35 | 204 | 213 | 4k+ | SQL query is not prepared | |
| #1400 | Post Content Shortcodes | 35 | 205 | 56 | 2k+ | Output is not escaped |
