WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1651 | Availability Datepicker – Booking Calendar for Contact Form 7 – Input WP | 38 | 344 | 30 | 20k+ | Text Domain Mismatch | |
| #1652 | Decent Comments | 38 | 93 | 28 | 2k+ | Output is not escaped | |
| #1653 | Product Badge, Label, Countdown Timer for WooCommerce – Sale Booster | 38 | 37 | 98 | 5k+ | Interpolated SQL is not prepared | |
| #1654 | Easy WP Cleaner | 38 | 58 | 124 | 2k+ | Non-prefixed global variable | |
| #1655 | Export User Data | 38 | 187 | 62 | 6k+ | Text Domain Mismatch | |
| #1656 | Goal Tracker – Custom Event Tracking for GA4 | 38 | 541 | 25 | 2k+ | Output is not escaped | |
| #1657 | GoDaddy Payments for WooCommerce | 38 | 58 | 65 | 2k+ | Output is not escaped | |
| #1658 | GoodBarber | 38 | 38 | 73 | 1k+ | Nonce verification recommended | |
| #1659 | Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration | 38 | 160 | 82 | 1k+ | Unsafe printing function | |
| #1660 | HashThemes Demo Importer | 38 | 71 | 44 | 6k+ | Output is not escaped | |
| #1661 | Insert PHP Code Snippet | 38 | 164 | 227 | 90k+ | Output is not escaped | |
| #1662 | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | 38 | 353 | 77 | 80k+ | Non Singular String Literal Domain | |
| #1663 | JC Submenu | 38 | 279 | 32 | 4k+ | Output is not escaped | |
| #1664 | Maintenance Redirect | 38 | 244 | 132 | 10k+ | Missing Arg Domain | |
| #1665 | jQuery Pin It Button for Images | 38 | 129 | 36 | 10k+ | Output is not escaped | |
| #1666 | Kali Forms — Contact Form & Drag-and-Drop Builder | 38 | 3 | 252 | 10k+ | Dynamic hook name | |
| #1667 | Lana Downloads Manager | 38 | 146 | 78 | 3k+ | Unsafe printing function | |
| #1668 | LWS Cleaner | 38 | 81 | 129 | 20k+ | Direct Query | |
| #1669 | CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor | 38 | 45 | 92 | 40k+ | Dynamic hook name | |
| #1670 | Name Directory | 38 | 520 | 309 | 3k+ | Output is not escaped | |
| #1671 | Page Links To | 38 | 31 | 40 | 100k+ | Unsafe printing function | |
| #1672 | Permalink Manager Lite | 38 | 29 | 178 | 100k+ | Nonce verification recommended | |
| #1673 | Podlove Subscribe button | 38 | 148 | 45 | 2k+ | Output is not escaped | |
| #1674 | Quick Download Button | 38 | 34 | 123 | 2k+ | Non-prefixed global variable | |
| #1675 | Restrict Widgets | 38 | 135 | 40 | 4k+ | Non Singular String Literal Domain | |
| #1676 | Like This | 38 | 60 | 17 | 1k+ | Output is not escaped | |
| #1677 | Schema App Structured Data | 38 | 35 | 86 | 7k+ | Nonce verification recommended | |
| #1678 | Author Image | 38 | 51 | 33 | 1k+ | Output is not escaped | |
| #1679 | LinkBoss – Semantic AI Internal Linking | 38 | 28 | 57 | 2k+ | Missing Arg Domain | |
| #1680 | Simple Google Sitemap XML | 38 | 38 | 8 | 2k+ | Output is not escaped | |
| #1681 | SimpleShop | 38 | 52 | 50 | 1k+ | date date | |
| #1682 | Social Icons | 38 | 72 | 83 | 10k+ | Output is not escaped | |
| #1683 | Social Snap — Social Share Buttons & Click to Tweet | 38 | 6 | 169 | 10k+ | Direct Query | |
| #1684 | SRS Simple Hits Counter | 38 | 43 | 98 | 8k+ | Output is not escaped | |
| #1685 | Tag Manager – Header, Body And Footer | 38 | 97 | 319 | 20k+ | Non-prefixed global variable | |
| #1686 | Variation Swatches for WooCommerce – Color, Image & Button Swatches | 38 | 45 | 64 | 2k+ | Output is not escaped | |
| #1687 | TinyPNG – JPEG, PNG & WebP image compression | 38 | 196 | 141 | 100k+ | Output is not escaped | |
| #1688 | Accessibility Tools & Alt Text Finder | 38 | 36 | 56 | 3k+ | Text Domain Mismatch | |
| #1689 | Unconfirmed | 38 | 20 | 79 | 1k+ | Nonce verification recommended | |
| #1690 | Vertical News Scroller | 38 | 118 | 60 | 5k+ | Output is not escaped | |
| #1691 | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | 38 | 205 | 31 | 10k+ | Output is not escaped | |
| #1692 | WPC Frequently Bought Together for WooCommerce | 38 | 80 | 162 | 10k+ | Output is not escaped | |
| #1693 | Wholesale for WooCommerce | 38 | 541 | 22 | 1k+ | Output is not escaped | |
| #1694 | WP 404 Auto Redirect to Similar Post | 38 | 166 | 48 | 30k+ | Text Domain Mismatch | |
| #1695 | WP Accessibility Helper (WAH) | 38 | 61 | 88 | 10k+ | Missing direct file access protection | |
| #1696 | WP Client Reports | 38 | 95 | 80 | 6k+ | Unsafe printing function | |
| #1697 | WP-DraftsForFriends | 38 | 141 | 71 | 1k+ | Output is not escaped | |
| #1698 | Native PHP Sessions | 38 | 30 | 92 | 10k+ | Direct Query | |
| #1699 | Real-Time Post Statistics for WordPress | 38 | 63 | 68 | 2k+ | SQL query is not prepared | |
| #1700 | WP-ServerInfo | 38 | 162 | 55 | 10k+ | Output is not escaped |
