WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1551 | Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs | 37 | 40 | 36 | 10k+ | Missing direct file access protection | ||
| #1552 | Advanced Media Offloader | 37 | 59 | 93 | 5k+ | error log error log | ||
| #1553 | Anything Popup | 37 | 164 | 185 | 2k+ | Non-prefixed global variable | ||
| #1554 | Async JavaScript | 37 | 357 | 79 | 70k+ | Unsafe printing function | ||
| #1555 | Banhammer – Monitor Site Traffic, Block Bad Users and Bots | 37 | 104 | 174 | 1k+ | Output is not escaped | ||
| #1556 | Call Now Button – The #1 Click to Call Button for WordPress | 37 | 1,273 | 5 | 200k+ | Exception output is not escaped | ||
| #1557 | Carousel Upsells and Related Product for Woocommerce | 37 | 173 | 35 | 1k+ | Output is not escaped | ||
| #1558 | ClickRank – Ai SEO Automation | 37 | 10 | 226 | 1k+ | Direct Query | ||
| #1559 | Co-Authors Plus | 37 | 20 | 110 | 20k+ | Nonce verification recommended | ||
| #1560 | Constant Contact Forms by MailMunch | 37 | 135 | 91 | 2k+ | Output is not escaped | ||
| #1561 | CookieAdmin – Cookie Consent Banner | 37 | 43 | 86 | 400k+ | Nonce verification recommended | ||
| #1562 | CorvusPay WooCommerce Payment Gateway | 37 | 29 | 141 | 1k+ | Missing nonce verification | ||
| #1563 | Simple Custom CSS and JS | 37 | 168 | 69 | 600k+ | Output is not escaped | ||
| #1564 | Debug Log Manager Tool | 37 | 33 | 108 | 3k+ | Nonce verification recommended | ||
| #1565 | Comment Cleaner — Bulk Delete & Disable Comments | 37 | 204 | 78 | 20k+ | Non Singular String Literal Domain | ||
| #1566 | Disclaimer Popup | 37 | 313 | 53 | 1k+ | Text Domain Mismatch | ||
| #1567 | Pricing Table WordPress Plugin – Easy Pricing Tables | 37 | 332 | 161 | 10k+ | Output is not escaped | ||
| #1568 | Exploit Scanner | 37 | 25 | 130 | 8k+ | Non-prefixed global variable | ||
| #1569 | Favorites | 37 | 204 | 121 | 10k+ | Unsafe printing function | ||
| #1570 | Get Custom Field Values | 37 | 40 | 44 | 1k+ | Output is not escaped | ||
| #1571 | Google for WooCommerce | 37 | 328 | 121 | 800k+ | Exception output is not escaped | ||
| #1572 | XML Sitemap Generator for Google | 37 | 43 | 79 | 1m+ | Input is not validated | ||
| #1573 | GS Portfolio for Envato | 37 | 155 | 75 | 4k+ | Text Domain Mismatch | ||
| #1574 | Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder | 37 | 83 | 113 | 20k+ | SQL query is not prepared | ||
| #1575 | HandL UTM Grabber / Tracker | 37 | 27 | 141 | 10k+ | Missing nonce verification | ||
| #1576 | Horizontal scrolling announcements | 37 | 215 | 140 | 8k+ | Output is not escaped | ||
| #1577 | Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs | 37 | 37 | 102 | 1k+ | Non-prefixed global variable | ||
| #1578 | WP All Import – Import SEO Settings for Rank Math SEO | 37 | 40 | 51 | 7k+ | Nonce verification recommended | ||
| #1579 | JS Help Desk – AI-Powered Support & Ticketing System | 37 | 17 | 406 | 7k+ | Missing nonce verification | ||
| #1580 | LearnPress – Course Review | 37 | 67 | 43 | 20k+ | Output is not escaped | ||
| #1581 | Lightbox with PhotoSwipe | 37 | 179 | 24 | 20k+ | Output is not escaped | ||
| #1582 | LiveJournal Importer | 37 | 86 | 67 | 8k+ | Output is not escaped | ||
| #1583 | MailMunch – Grow your Email List | 37 | 82 | 84 | 6k+ | Output is not escaped | ||
| #1584 | Maintenance Page | 37 | 62 | 33 | 3k+ | Output is not escaped | ||
| #1585 | Metorik – Reports & Email Automation for WooCommerce | 37 | 75 | 70 | 10k+ | Output is not escaped | ||
| #1586 | NextGEN Scroll Gallery | 37 | 33 | 28 | 1k+ | Output is not escaped | ||
| #1587 | Ninja Van (MY) | 37 | 21 | 258 | 1k+ | Non-prefixed global variable | ||
| #1588 | WP All Export – Order Export for WooCommerce | 37 | 109 | 111 | 3k+ | Text Domain Mismatch | ||
| #1589 | OSM – OpenStreetMap | 37 | 130 | 64 | 10k+ | Output is not escaped | ||
| #1590 | Page scroll to id | 37 | 38 | 120 | 100k+ | Missing nonce verification | ||
| #1591 | Phoenix Media Rename | 37 | 175 | 104 | 50k+ | Output is not escaped | ||
| #1592 | PNG to JPG | 37 | 130 | 173 | 9k+ | Interpolated SQL is not prepared | ||
| #1593 | Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales | 37 | 59 | 64 | 2k+ | SQL query is not prepared | ||
| #1594 | Publish to Schedule | 37 | 195 | 43 | 4k+ | Text Domain Mismatch | ||
| #1595 | Recent Posts Widget With Thumbnails | 37 | 222 | 46 | 100k+ | Output is not escaped | ||
| #1596 | RSS Image Feed | 37 | 147 | 16 | 2k+ | Output is not escaped | ||
| #1597 | Ryviu – Review Importer & Product Reviews | 37 | 72 | 95 | 1k+ | Output is not escaped | ||
| #1598 | Send PDF for Contact Form 7 | 37 | 22 | 308 | 9k+ | Non-prefixed global variable | ||
| #1599 | Sensei LMS Certificates | 37 | 97 | 362 | 5k+ | Non-prefixed global variable | ||
| #1600 | Snippet Shortcodes | 37 | 359 | 133 | 4k+ | Non Singular String Literal Domain |
