WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1451 | EnvoThemes Demo Import | 31 | 221 | 140 | 3k+ | Output is not escaped | ||
| #1452 | Export Order Items for WooCommerce | 31 | 100 | 108 | 1k+ | Text Domain Mismatch | ||
| #1453 | Express Checkout via PayPal for WooCommerce | 31 | 158 | 200 | 800 | Nonce verification recommended | ||
| #1454 | افزونه پیامک حرفه ای فراز اس ام اس | 31 | 89 | 180 | 1k+ | wp function not compatible with requires wp | ||
| #1455 | FastDup – Fastest WordPress Migration & Duplicator | 31 | 83 | 66 | 5k+ | wp function not compatible with requires wp | ||
| #1456 | Form Vibes – Database Manager for Forms | 31 | 176 | 284 | 10k+ | Text Domain Mismatch | ||
| #1457 | FraudLabs Pro for WooCommerce | 31 | 169 | 213 | 1k+ | Request data is not unslashed | ||
| #1458 | g-FFL Checkout | 31 | 249 | 300 | 600 | Request data is not unslashed | ||
| #1459 | WP Gravity Forms Constant Contact Plugin | 31 | 684 | 164 | 600 | Text Domain Mismatch | ||
| #1460 | GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets | 31 | 402 | 156 | 1k+ | Text Domain Mismatch | ||
| #1461 | HT Easy GA4 – Google Analytics WordPress Plugin | 31 | 475 | 93 | 6k+ | Text Domain Mismatch | ||
| #1462 | Easy HTTPS Redirection (SSL) | 31 | 224 | 100 | 100k+ | Unsafe printing function | ||
| #1463 | Image Hotspot – Map Image Annotation | 31 | 95 | 283 | 3k+ | Non-prefixed global variable | ||
| #1464 | ImgSEO – AI Image Alt Text Generator & Image SEO Tools | 31 | 1 | 677 | 400 | Direct Query | ||
| #1465 | Interactive Image Map Builder | 31 | 160 | 381 | 1k+ | Non-prefixed global variable | ||
| #1466 | My Private Site | 31 | 425 | 190 | 20k+ | Text Domain Mismatch | ||
| #1467 | Linguise – AI Automatic Multilingual Translation | 31 | 61 | 280 | 1k+ | Non-prefixed global variable | ||
| #1468 | Keywords to Links Converter | 31 | 288 | 144 | 700 | Text Domain Mismatch | ||
| #1469 | Login rebuilder | 31 | 406 | 226 | 20k+ | Non Singular String Literal Domain | ||
| #1470 | LWS Tools | 31 | 104 | 134 | 10k+ | Request data is not unslashed | ||
| #1471 | Melapress Login Security | 31 | 69 | 278 | 2k+ | Non-prefixed global variable | ||
| #1472 | Openpay Stores Plugin | 31 | 121 | 75 | 1k+ | Non-prefixed global variable | ||
| #1473 | Patreon WordPress | 31 | 276 | 339 | 3k+ | Output is not escaped | ||
| #1474 | افزونه پیامک ووکامرس Persian WooCommerce SMS | 31 | 72 | 269 | 40k+ | Nonce verification recommended | ||
| #1475 | Portfolio, Gallery, Product Catalog – Grid KIT Portfolio | 31 | 61 | 329 | 6k+ | Non-prefixed global variable | ||
| #1476 | Post Pay Counter | 31 | 639 | 238 | 1k+ | Output is not escaped | ||
| #1477 | Product Configurator for WooCommerce | 31 | 41 | 557 | 3k+ | Non-prefixed hook name | ||
| #1478 | Active Products Tables for WooCommerce. Use constructor to create tables | 31 | 364 | 424 | 1k+ | Output is not escaped | ||
| #1479 | Push notification for Mobile and Web app | 31 | 87 | 83 | 400 | Non Singular String Literal Domain | ||
| #1480 | Qi Blocks | 31 | 46 | 345 | 60k+ | Non-prefixed global variable | ||
| #1481 | Qode Essential Addons | 31 | 55 | 295 | 10k+ | Non-prefixed global variable | ||
| #1482 | Raffle Play Woocommerce | 31 | 151 | 199 | 800 | Output is not escaped | ||
| #1483 | Re:amaze Helpdesk & Live Chat | 31 | 96 | 115 | 400 | Output is not escaped | ||
| #1484 | Rank Math SEO – AI SEO Tools to Dominate SEO Rankings | 31 | 45 | 373 | 4m+ | Non-prefixed global variable | ||
| #1485 | Social Share Buttons | 31 | 462 | 156 | 1k+ | Text Domain Mismatch | ||
| #1486 | Simple calendar for Elementor | 31 | 125 | 270 | 500 | Direct Query | ||
| #1487 | Page Builder by SiteOrigin | 31 | 226 | 214 | 400k+ | Output is not escaped | ||
| #1488 | Slider Carousel – Image Slider | 31 | 224 | 1,233 | 3k+ | Request data is not unslashed | ||
| #1489 | Smart Keywords Tool – 智能关键词插件 | 31 | 361 | 33 | 600 | Non Singular String Literal Domain | ||
| #1490 | Staatic – Static Site Generator for WordPress | 31 | 420 | 195 | 2k+ | SQL query is not prepared | ||
| #1491 | Stackable – Page Builder Gutenberg Blocks | 31 | 477 | 90 | 100k+ | Non Singular String Literal Domain | ||
| #1492 | WP Testimonials | 31 | 183 | 455 | 10k+ | Non-prefixed global variable | ||
| #1493 | Tutor LMS Elementor Addons | 31 | 227 | 457 | 30k+ | Non-prefixed global variable | ||
| #1494 | User Spam Remover | 31 | 115 | 14 | 1k+ | Output is not escaped | ||
| #1495 | Blacklist Manager – WooCommerce Anti-Fraud, Blacklist & Checkout Verification | 31 | 284 | 830 | 2k+ | Missing nonce verification | ||
| #1496 | Web Push Notifications – Webpushr | 31 | 169 | 293 | 10k+ | Output is not escaped | ||
| #1497 | Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker | 31 | 63 | 935 | 6k+ | Interpolated SQL is not prepared | ||
| #1498 | Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets | 31 | 837 | 295 | 100k+ | Unsafe printing function | ||
| #1499 | WooCommerce Legacy REST API | 31 | 324 | 177 | 400k+ | Missing Translators Comment | ||
| #1500 | Tooltips for WordPress | 31 | 312 | 252 | 5k+ | Output is not escaped |
