WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1601 | Snippet Shortcodes | 37 | 359 | 133 | 4k+ | Non Singular String Literal Domain | ||
| #1602 | Tracking Code Manager | 37 | 55 | 42 | 90k+ | Output is not escaped | ||
| #1603 | Tracking Script Manager | 37 | 82 | 57 | 2k+ | Non Singular String Literal Domain | ||
| #1604 | Ultimate WordPress Auction Plugin | 37 | 623 | 146 | 1k+ | Text Domain Mismatch | ||
| #1605 | UsersWP – Social Login | 37 | 299 | 91 | 2k+ | Text Domain Mismatch | ||
| #1606 | Featured Video for WordPress – VideographyWP | 37 | 287 | 93 | 1k+ | Unsafe printing function | ||
| #1607 | Views for WPForms – Display & Edit WPForms Entries on your site frontend | 37 | 80 | 64 | 1k+ | Output is not escaped | ||
| #1608 | Weather Atlas Widget | 37 | 630 | 111 | 9k+ | Output is not escaped | ||
| #1609 | Affiliate Sales in Google Analytics and other tools | 37 | 24 | 84 | 1k+ | Request data is not unslashed | ||
| #1610 | Conditional Discounts for WooCommerce – A simple yet complete woocommerce dynamic pricing plugin | 37 | 99 | 33 | 10k+ | Text Domain Mismatch | ||
| #1611 | Piraeus Bank WooCommerce Payment Gateway | 37 | 146 | 104 | 3k+ | Non Singular String Literal Domain | ||
| #1612 | Viva Payments – Viva Wallet WooCommerce Payment Gateway | 37 | 33 | 33 | 1k+ | curl curl setopt | ||
| #1613 | Variation Swatches for WooCommerce | 37 | 92 | 103 | 10k+ | Output is not escaped | ||
| #1614 | Xendit Payment | 37 | 3 | 197 | 3k+ | Missing nonce verification | ||
| #1615 | Amazon Pay for WooCommerce | 37 | 29 | 117 | 20k+ | Non-prefixed class | ||
| #1616 | WP WooCommerce Mailchimp | 37 | 62 | 85 | 6k+ | Non-prefixed hook name | ||
| #1617 | WooCommerce PayPal Payments | 37 | 179 | 101 | 800k+ | Exception output is not escaped | ||
| #1618 | Quickpay for WooCommerce | 37 | 66 | 56 | 4k+ | Nonce verification recommended | ||
| #1619 | Wordable – Export Google Docs to WordPress | 37 | 47 | 63 | 2k+ | Output is not escaped | ||
| #1620 | Hustle – Email Marketing, Lead Generation, Optins, Popups | 37 | 4,874 | 5,942 | 90k+ | Non-prefixed global variable | ||
| #1621 | Fix Media Library | 37 | 53 | 71 | 1k+ | Output is not escaped | ||
| #1622 | WP Category Permalink | 37 | 75 | 31 | 2k+ | Output is not escaped | ||
| #1623 | WP-Cron Control | 37 | 54 | 22 | 1k+ | Output is not escaped | ||
| #1624 | WPForce Logout – WordPress User Login Logout Management Plugin | 37 | 567 | 32 | 8k+ | Output is not escaped | ||
| #1625 | Persistent Login | 37 | 338 | 108 | 6k+ | Unsafe printing function | ||
| #1626 | Special Text Boxes | 37 | 39 | 42 | 2k+ | Direct Query | ||
| #1627 | WP VR – 360 Panorama and Virtual Tour Builder | 37 | 3 | 275 | 10k+ | Non-prefixed hook name | ||
| #1628 | XT Visitor Counter | 37 | 177 | 52 | 7k+ | Output is not escaped | ||
| #1629 | Yada Wiki | 37 | 207 | 45 | 2k+ | Text Domain Mismatch | ||
| #1630 | Zoho Marketing Automation | 37 | 24 | 194 | 1k+ | Non-prefixed global variable | ||
| #1631 | Accessibility | 38 | 66 | 61 | 1k+ | Non-prefixed global variable | ||
| #1632 | Action Scheduler | 38 | 92 | 134 | 20k+ | Exception output is not escaped | ||
| #1633 | Admin Management Xtended | 38 | 280 | 161 | 5k+ | Output is not escaped | ||
| #1634 | Activity Log – Monitor & Record User Changes | 38 | 81 | 149 | 200k+ | Nonce verification recommended | ||
| #1635 | Ashe Extra | 38 | 109 | 54 | 3k+ | Text Domain Mismatch | ||
| #1636 | Autologin Links | 38 | 73 | 74 | 8k+ | Output is not escaped | ||
| #1637 | Automatic Post Tagger | 38 | 592 | 307 | 2k+ | Output is not escaped | ||
| #1638 | Blogger Importer | 38 | 44 | 39 | 50k+ | Output is not escaped | ||
| #1639 | BuddyPress Follow | 38 | 114 | 67 | 1k+ | Text Domain Mismatch | ||
| #1640 | CC Child Pages | 38 | 63 | 152 | 9k+ | Non-prefixed global variable | ||
| #1641 | Database for Contact Form 7 | 38 | 34 | 128 | 7k+ | Missing nonce verification | ||
| #1642 | WPAppsDev – CF7 Form Submission Limit | 38 | 104 | 33 | 1k+ | Text Domain Mismatch | ||
| #1643 | Clever Mega Menu for Elementor | 38 | 835 | 44 | 1k+ | Output is not escaped | ||
| #1644 | CMS Tree Page View | 38 | 135 | 104 | 50k+ | Output is not escaped | ||
| #1645 | CodePeople Post Map for Google Maps | 38 | 238 | 42 | 3k+ | Unsafe printing function | ||
| #1646 | Crop-Thumbnails | 38 | 33 | 27 | 40k+ | Missing direct file access protection | ||
| #1647 | Custom Menu Wizard Widget | 38 | 326 | 30 | 3k+ | Output is not escaped | ||
| #1648 | Customize Posts | 38 | 31 | 77 | 1k+ | Non-prefixed hook name | ||
| #1649 | Datafeedr Comparison Sets | 38 | 450 | 53 | 3k+ | Output is not escaped | ||
| #1650 | Datafeedr WooCommerce Importer | 38 | 112 | 56 | 5k+ | Text Domain Mismatch |
