WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1851 | Maintenance Redirect | 38 | 244 | 132 | 10k+ | Missing Arg Domain | ||
| #1852 | jQuery Pin It Button for Images | 38 | 129 | 36 | 10k+ | Output is not escaped | ||
| #1853 | Kali Forms — Contact Form & Drag-and-Drop Builder | 38 | 3 | 252 | 10k+ | Dynamic hook name | ||
| #1854 | Lana Downloads Manager | 38 | 146 | 78 | 3k+ | Unsafe printing function | ||
| #1855 | LWS Cleaner | 38 | 81 | 129 | 20k+ | Direct Query | ||
| #1856 | CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor | 38 | 45 | 95 | 40k+ | Dynamic hook name | ||
| #1857 | Name Directory | 38 | 520 | 309 | 3k+ | Output is not escaped | ||
| #1858 | Contact Form Widget | 38 | 54 | 107 | 1k+ | Request data is not unslashed | ||
| #1859 | Page Links To | 38 | 31 | 40 | 100k+ | Unsafe printing function | ||
| #1860 | Permalink Manager Lite | 38 | 29 | 178 | 100k+ | Nonce verification recommended | ||
| #1861 | Podlove Subscribe button | 38 | 148 | 45 | 2k+ | Output is not escaped | ||
| #1862 | Post views Stats | 38 | 37 | 51 | 1k+ | Non-prefixed global variable | ||
| #1863 | Quick Download Button | 38 | 34 | 123 | 2k+ | Non-prefixed global variable | ||
| #1864 | Restrict Widgets | 38 | 135 | 40 | 4k+ | Non Singular String Literal Domain | ||
| #1865 | Like This | 38 | 60 | 17 | 1k+ | Output is not escaped | ||
| #1866 | Schema App Structured Data | 38 | 35 | 86 | 7k+ | Nonce verification recommended | ||
| #1867 | Author Image | 38 | 51 | 33 | 1k+ | Output is not escaped | ||
| #1868 | LinkBoss – Semantic AI Internal Linking | 38 | 28 | 57 | 2k+ | Missing Arg Domain | ||
| #1869 | Simple Google Sitemap XML | 38 | 38 | 8 | 2k+ | Output is not escaped | ||
| #1870 | SimpleShop | 38 | 52 | 50 | 1k+ | date date | ||
| #1871 | Smart Maintenance Mode | 38 | 137 | 128 | 1k+ | Output is not escaped | ||
| #1872 | Social Icons | 38 | 72 | 83 | 10k+ | Output is not escaped | ||
| #1873 | Social Snap — Social Share Buttons & Click to Tweet | 38 | 6 | 169 | 10k+ | Direct Query | ||
| #1874 | SRS Simple Hits Counter | 38 | 43 | 98 | 8k+ | Output is not escaped | ||
| #1875 | Tag Manager – Header, Body And Footer | 38 | 97 | 319 | 20k+ | Non-prefixed global variable | ||
| #1876 | Variation Swatches for WooCommerce | 38 | 45 | 65 | 2k+ | Output is not escaped | ||
| #1877 | Broadcast | 38 | 21 | 107 | 1k+ | Direct Query | ||
| #1878 | TinyPNG – JPEG, PNG & WebP image compression | 38 | 196 | 141 | 100k+ | Output is not escaped | ||
| #1879 | Accessibility Tools & Alt Text Finder | 38 | 36 | 56 | 3k+ | Text Domain Mismatch | ||
| #1880 | Trash Duplicate and 301 Redirect | 38 | 13 | 103 | 1k+ | Nonce verification recommended | ||
| #1881 | Unconfirmed | 38 | 20 | 79 | 1k+ | Nonce verification recommended | ||
| #1882 | Vertical News Scroller | 38 | 118 | 60 | 5k+ | Output is not escaped | ||
| #1883 | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | 38 | 205 | 31 | 10k+ | Output is not escaped | ||
| #1884 | WishSuite – Wishlist for WooCommerce | 38 | 75 | 127 | 1k+ | Output is not escaped | ||
| #1885 | WPC Frequently Bought Together for WooCommerce | 38 | 80 | 162 | 10k+ | Output is not escaped | ||
| #1886 | Wholesale for WooCommerce | 38 | 541 | 22 | 1k+ | Output is not escaped | ||
| #1887 | WP 404 Auto Redirect to Similar Post | 38 | 166 | 48 | 30k+ | Text Domain Mismatch | ||
| #1888 | WP Accessibility Helper (WAH) | 38 | 61 | 88 | 10k+ | Missing direct file access protection | ||
| #1889 | WP Client Reports | 38 | 95 | 80 | 6k+ | Unsafe printing function | ||
| #1890 | WP-DraftsForFriends | 38 | 141 | 71 | 1k+ | Output is not escaped | ||
| #1891 | Native PHP Sessions | 38 | 30 | 92 | 10k+ | Direct Query | ||
| #1892 | Real-Time Post Statistics for WordPress | 38 | 63 | 68 | 2k+ | SQL query is not prepared | ||
| #1893 | WP-ServerInfo | 38 | 162 | 55 | 10k+ | Output is not escaped | ||
| #1894 | ZeroBounce Email Verification & Validation | 38 | 299 | 162 | 1k+ | Text Domain Mismatch | ||
| #1895 | Zoho Campaigns | 38 | 3 | 129 | 3k+ | Non-prefixed global variable | ||
| #1896 | Smart Custom 404 Error Page | 39 | 90 | 44 | 100k+ | Output is not escaped | ||
| #1897 | Ad Invalid Click Protector (AICP) | 39 | 78 | 57 | 10k+ | Text Domain Mismatch | ||
| #1898 | Additional Order Filters for WooCommerce | 39 | 79 | 255 | 2k+ | Nonce verification recommended | ||
| #1899 | Advanced Woo Labels – Product Labels & Badges for WooCommerce | 39 | 172 | 122 | 10k+ | Output is not escaped | ||
| #1900 | Load More Anything | 39 | 38 | 73 | 5k+ | Output is not escaped |
