WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1401 | Rublon Multi-Factor Authentication (MFA) | 30 | 216 | 160 | 500 | Output is not escaped | ||
| #1402 | SmartCrawl SEO checker, analyzer & optimizer | 30 | 347 | 1,307 | 20k+ | Non-prefixed global variable | ||
| #1403 | SMTP for Amazon SES – YaySMTP | 30 | 197 | 122 | 3k+ | Exception output is not escaped | ||
| #1404 | Subscriptions for WooCommerce | 30 | 1 | 1,190 | 10k+ | Non-prefixed global variable | ||
| #1405 | Taboola | 30 | 89 | 147 | 1k+ | Output is not escaped | ||
| #1406 | User Avatar – Reloaded | 30 | 352 | 171 | 900 | Text Domain Mismatch | ||
| #1407 | User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress | 30 | 484 | 280 | 3k+ | Text Domain Mismatch | ||
| #1408 | Waitlist Woocommerce ( Back in stock notifier ) | 30 | 272 | 311 | 4k+ | Output is not escaped | ||
| #1409 | Checkout with Cash App on WooCommerce | 30 | 122 | 308 | 2k+ | Non-prefixed global variable | ||
| #1410 | Dropify | 30 | 130 | 252 | 2k+ | Nonce verification recommended | ||
| #1411 | Webling | 30 | 147 | 313 | 500 | Input is not validated | ||
| #1412 | FOX – Currency Switcher Professional for WooCommerce | 30 | 211 | 1,022 | 50k+ | Non-prefixed global variable | ||
| #1413 | WooCommerce Stripe Payment Gateway | 30 | 173 | 591 | 700k+ | Non-prefixed hook name | ||
| #1414 | WooPayments: Integrated WooCommerce Payments | 30 | 182 | 308 | 900k+ | Exception output is not escaped | ||
| #1415 | WCPOS – Point of Sale (POS) plugin for WooCommerce | 30 | 77 | 228 | 5k+ | Nonce verification recommended | ||
| #1416 | WooCommerce Tax (formerly WooCommerce Shipping & Tax) | 30 | 103 | 198 | 600k+ | Non-prefixed class | ||
| #1417 | WP 2FA – Two-factor authentication for WordPress | 30 | 269 | 380 | 100k+ | Exception output is not escaped | ||
| #1418 | WP Docs | 30 | 268 | 271 | 1k+ | Output is not escaped | ||
| #1419 | WP Event Aggregator: Import Eventbrite events, Meetup events, social events and any iCal Events into Event Calendar | 30 | 113 | 419 | 1k+ | Non-prefixed global variable | ||
| #1420 | remarketable | 30 | 281 | 93 | 600 | Output is not escaped | ||
| #1421 | WP Inventory Manager | 30 | 856 | 233 | 1k+ | Output is not escaped | ||
| #1422 | WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin | 30 | 32 | 346 | 4m+ | Non-prefixed hook name | ||
| #1423 | Photo Gallery Slideshow & Masonry Tiled Gallery | 30 | 806 | 352 | 1k+ | Output is not escaped | ||
| #1424 | WP Restaurant Price List | 30 | 295 | 95 | 500 | Text Domain Mismatch | ||
| #1425 | WPOrLogin – Custom Login, Social Login, Limit Attempts, Hide Login & reCAPTCHA | 30 | 484 | 222 | 2k+ | Unsafe printing function | ||
| #1426 | WPS Cleaner | 30 | 430 | 491 | 20k+ | Output is not escaped | ||
| #1427 | YayPricing – WooCommerce Dynamic Pricing & Discounts | 30 | 174 | 186 | 3k+ | Non-prefixed global variable | ||
| #1428 | YASR – Yet Another Star Rating Plugin for WordPress | 30 | 252 | 378 | 10k+ | Output is not escaped | ||
| #1429 | YITH Pre-Order for WooCommerce | 30 | 397 | 1,464 | 6k+ | Non-prefixed global variable | ||
| #1430 | YITH WooCommerce Popup | 30 | 395 | 1,551 | 2k+ | Non-prefixed global variable | ||
| #1431 | YITH WooCommerce Product Slider Carousel | 30 | 389 | 1,479 | 4k+ | Non-prefixed global variable | ||
| #1432 | Zoho CRM Lead Magnet | 30 | 101 | 1,025 | 3k+ | Request data is not unslashed | ||
| #1433 | Advanced Woo Search – Product Search for WooCommerce | 31 | 228 | 377 | 70k+ | Nonce verification recommended | ||
| #1434 | All-in-one contact buttons – WPSHARE247 | 31 | 108 | 113 | 4k+ | Non-prefixed global variable | ||
| #1435 | Titan Anti-spam & Security – Brute Force Protection, 2FA & Spam Filter | 31 | 57 | 196 | 50k+ | Nonce verification recommended | ||
| #1436 | Asgaros Forum | 31 | 167 | 412 | 10k+ | Output is not escaped | ||
| #1437 | The SEO Framework – Fast, Automated, Effortless. | 31 | 363 | 609 | 200k+ | Non-prefixed global variable | ||
| #1438 | AI ChatBot with ChatGPT and Content Generator by AYS | 31 | 170 | 378 | 400 | Non-prefixed global variable | ||
| #1439 | SEO合集(支持百度/Google/Bing/头条推送) | 31 | 13 | 1,407 | 800 | Direct Query | ||
| #1440 | Яндекс Доставка (Boxberry) | 31 | 46 | 150 | 600 | Missing nonce verification | ||
| #1441 | České služby pro WordPress | 31 | 95 | 139 | 1k+ | Output is not escaped | ||
| #1442 | cformsII | 31 | 777 | 536 | 4k+ | Unsafe printing function | ||
| #1443 | CleverReach® WP | 31 | 103 | 93 | 4k+ | Non-prefixed global variable | ||
| #1444 | Compliance by Hu-manity.co | 31 | 153 | 335 | 900k+ | Missing nonce verification | ||
| #1445 | Copy Anything to Clipboard for WordPress – Copy Button, Copy Text & Copy Code | 31 | 525 | 131 | 10k+ | Text Domain Mismatch | ||
| #1446 | Customer Email Verification for WooCommerce | 31 | 192 | 290 | 2k+ | Non-prefixed global variable | ||
| #1447 | MultiVendorX – WooCommerce Multivendor Marketplace AI Powered Solutions | 31 | 664 | 273 | 3k+ | Text Domain Mismatch | ||
| #1448 | DirectoryPress Frontend | 31 | 402 | 563 | 800 | Non-prefixed global variable | ||
| #1449 | Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) | 31 | 113 | 233 | 2k+ | Non-prefixed namespace | ||
| #1450 | Easy Upload Files During Checkout | 31 | 220 | 208 | 500 | Unsafe printing function |
