WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1501 | WooCommerce Legacy REST API | 31 | 324 | 177 | 400k+ | Missing Translators Comment | ||
| #1502 | Tooltips for WordPress | 31 | 312 | 252 | 5k+ | Output is not escaped | ||
| #1503 | Worldline Global Online Pay for WooCommerce | 31 | 160 | 86 | 500 | Missing direct file access protection | ||
| #1504 | WPGatsby | 31 | 125 | 55 | 3k+ | Text Domain Mismatch | ||
| #1505 | HireZoot – Job Listings, Career Page & Recruitment Tool | 31 | 14 | 555 | 40k+ | Non-prefixed global variable | ||
| #1506 | WP Simple Booking Calendar | 31 | 337 | 380 | 20k+ | Output is not escaped | ||
| #1507 | WP Visitor Statistics (Real Time Traffic) | 31 | 353 | 691 | 20k+ | Nonce verification recommended | ||
| #1508 | WP ULike – Like & Dislike Buttons for Engagement and Feedback | 31 | 269 | 358 | 60k+ | Output is not escaped | ||
| #1509 | WP125 | 31 | 178 | 184 | 3k+ | Unsafe printing function | ||
| #1510 | Hosting Benchmark tool | 31 | 202 | 115 | 4k+ | rand rand | ||
| #1511 | One to one user Chat by WPGuppy | 31 | 74 | 187 | 700 | Non-prefixed global variable | ||
| #1512 | WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite | 31 | 133 | 438 | 600 | Non-prefixed global variable | ||
| #1513 | YITH Color and Label Variations for WooCommerce | 31 | 393 | 1,428 | 9k+ | Non-prefixed global variable | ||
| #1514 | YITH WooCommerce Brands Add-On | 31 | 393 | 1,425 | 9k+ | Non-prefixed global variable | ||
| #1515 | YITH WooCommerce Catalog Mode | 31 | 380 | 1,418 | 60k+ | Non-prefixed global variable | ||
| #1516 | YITH WooCommerce Featured Video | 31 | 383 | 1,434 | 3k+ | Non-prefixed global variable | ||
| #1517 | YITH Frequently Bought Together for WooCommerce | 31 | 389 | 1,452 | 8k+ | Non-prefixed global variable | ||
| #1518 | YITH WooCommerce Order & Shipment Tracking | 31 | 380 | 1,420 | 7k+ | Non-prefixed global variable | ||
| #1519 | YITH Request a Quote for WooCommerce | 31 | 408 | 1,481 | 10k+ | Non-prefixed global variable | ||
| #1520 | YITH WooCommerce Tab Manager | 31 | 395 | 1,429 | 4k+ | Non-prefixed global variable | ||
| #1521 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #1522 | PayPal Zettle POS for WooCommerce | 31 | 302 | 44 | 4k+ | Exception output is not escaped | ||
| #1523 | ActiveDEMAND | 32 | 157 | 161 | 1k+ | Output is not escaped | ||
| #1524 | Advanced Access Manager – Access Governance for WordPress | 32 | 849 | 62 | 100k+ | Output is not escaped | ||
| #1525 | AI Alt Text Generator | 32 | 76 | 24 | 1k+ | Missing Translators Comment | ||
| #1526 | All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier | 32 | 325 | 102 | 600 | Missing Arg Domain | ||
| #1527 | annasta Filters for WooCommerce | 32 | 1,073 | 441 | 2k+ | Text Domain Mismatch | ||
| #1528 | APCu Manager | 32 | 151 | 126 | 10k+ | Output is not escaped | ||
| #1529 | Author Avatars List/Block | 32 | 85 | 135 | 4k+ | Non-prefixed hook name | ||
| #1530 | Auto YouTube Importer | 32 | 338 | 173 | 1k+ | Text Domain Mismatch | ||
| #1531 | Better Chat Support for Messenger | 32 | 73 | 103 | 1k+ | Interpolated SQL is not prepared | ||
| #1532 | Better Robots.txt – AI-Ready Crawl Control & Bot Governance | 32 | 54 | 85 | 5k+ | error log error log | ||
| #1533 | Blog2Social: Social Media Auto Post & Scheduler | 32 | 7 | 962 | 50k+ | Direct Query | ||
| #1534 | BuddyPress for LearnDash | 32 | 190 | 284 | 1k+ | Output is not escaped | ||
| #1535 | Quantity Discounts, Breaks & Product Bundles for Woocommerce By Bundler | 32 | 147 | 319 | 400 | Direct Query | ||
| #1536 | Code Manager | 32 | 217 | 261 | 500 | Nonce verification recommended | ||
| #1537 | Vimeotheque – Vimeo WordPress Plugin & Video Gallery | 32 | 642 | 264 | 2k+ | Unsafe printing function | ||
| #1538 | Ultimate WooCommerce Filters | 32 | 322 | 207 | 600 | Unsafe printing function | ||
| #1539 | Contact Form Block | 32 | 64 | 77 | 500 | Non Singular String Literal Domain | ||
| #1540 | Cooked – Recipe Management | 32 | 462 | 275 | 3k+ | Output is not escaped | ||
| #1541 | CSV Import and Exporter | 32 | 83 | 138 | 1k+ | Non-prefixed global variable | ||
| #1542 | Currency Switcher for WooCommerce | 32 | 357 | 263 | 10k+ | Text Domain Mismatch | ||
| #1543 | Download Attachments | 32 | 69 | 188 | 8k+ | Non-prefixed hook name | ||
| #1544 | Enter Addons – Ultimate Template Builder for Elementor | 32 | 82 | 72 | 1k+ | Output is not escaped | ||
| #1545 | Fable Extra | 32 | 79 | 282 | 4k+ | Non-prefixed global variable | ||
| #1546 | FA Lite – WP responsive slider plugin | 32 | 726 | 140 | 500 | Unsafe printing function | ||
| #1547 | Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages | 32 | 53 | 773 | 9k+ | Nonce verification recommended | ||
| #1548 | WP Gravity Forms HubSpot | 32 | 771 | 160 | 600 | Text Domain Mismatch | ||
| #1549 | CRM Perks Integration for Gravity Forms and Salesforce | 32 | 807 | 178 | 1k+ | Text Domain Mismatch | ||
| #1550 | WP Gravity Forms Zoho CRM and Bigin | 32 | 750 | 174 | 400 | Text Domain Mismatch |