WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1901 | ELEX WooCommerce Role Based Pricing | 44 | 213 | 196 | 2k+ | Non-prefixed global variable | ||
| #1902 | Simple Full Screen Background Image | 44 | 23 | 13 | 10k+ | Output is not escaped | ||
| #1903 | Simple User Avatar | 44 | 22 | 15 | 20k+ | Output is not escaped | ||
| #1904 | Smart Archive Page Remove | 44 | 82 | 5 | 7k+ | Output is not escaped | ||
| #1905 | UiChemy — Figma Converter for Elementor, Gutenberg and Bricks | 44 | 7 | 85 | 9k+ | Nonce verification recommended | ||
| #1906 | Calculadora de Frete e Campos Checkout para o Brasil | 44 | 19 | 166 | 5k+ | Missing nonce verification | ||
| #1907 | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro | 45 | 26 | 117 | 20k+ | Non-prefixed hook name | ||
| #1908 | Icons Font Loader – Load Web Fonts and Icon Libraries | 45 | 47 | 33 | 2k+ | Text Domain Mismatch | ||
| #1909 | Inazo's flamingo automatically delete old messages | 45 | 33 | 20 | 4k+ | Output is not escaped | ||
| #1910 | Evergreen Countdown Timer | 45 | 193 | 35 | 2k+ | wp function not compatible with requires wp | ||
| #1911 | Jetpack Search | 45 | 925 | 426 | 5k+ | Text Domain Mismatch | ||
| #1912 | Popup Box – Easily Create WordPress Popups | 45 | 7 | 151 | 7k+ | Non-prefixed global variable | ||
| #1913 | Product Visibility by User Role for WooCommerce | 45 | 36 | 35 | 6k+ | Missing Translators Comment | ||
| #1914 | Related Posts By PickPlugins | 45 | 4 | 84 | 4k+ | Non-prefixed global variable | ||
| #1915 | Super Blank | 45 | 131 | 56 | 10k+ | Missing direct file access protection | ||
| #1916 | ARI Stream Quiz – WordPress Quizzes Builder | 46 | 21 | 239 | 2k+ | Non-prefixed global variable | ||
| #1917 | Gravity Forms Constant Contact | 46 | 36 | 27 | 3k+ | Non-prefixed class | ||
| #1918 | Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress | 46 | 16 | 247 | 10k+ | Non-prefixed global variable | ||
| #1919 | Podcast Player – Your Podcasting Companion | 46 | 14 | 131 | 10k+ | Non-prefixed global variable | ||
| #1920 | RY Tools for WooCommerce | 46 | 295 | 5k+ | Non-prefixed class | |||
| #1921 | Updater by BestWebSoft | 46 | 494 | 219 | 2k+ | Text Domain Mismatch | ||
| #1922 | Widget Disable | 46 | 19 | 19 | 10k+ | Output is not escaped | ||
| #1923 | WP All Import – Import SEO Settings for Yoast SEO | 46 | 19 | 26 | 20k+ | Nonce verification recommended | ||
| #1924 | Delete Duplicate Posts | 47 | 9 | 50 | 10k+ | Direct Query | ||
| #1925 | Show IDs by Echo | 47 | 21 | 13 | 2k+ | Output is not escaped | ||
| #1926 | GetAutoSEO AI Tool | 47 | 10 | 244 | 1k+ | Direct Query | ||
| #1927 | Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator | 47 | 44 | 83 | 10k+ | Missing direct file access protection | ||
| #1928 | Log Emails | 47 | 19 | 29 | 6k+ | Non-prefixed global variable | ||
| #1929 | Real Media Library: Media Library Folder & File Manager | 47 | 1 | 365 | 100k+ | Direct Query | ||
| #1930 | Tabby Checkout | 47 | 33 | 46 | 4k+ | Non-prefixed class | ||
| #1931 | Taxonomy Switcher | 47 | 23 | 36 | 2k+ | Nonce verification recommended | ||
| #1932 | Userback | 47 | 13 | 20 | 2k+ | Output is not escaped | ||
| #1933 | Simple Client Dashboard | 47 | 38 | 36 | 2k+ | Missing direct file access protection | ||
| #1934 | Website Article Monetization By MageNet | 47 | 17 | 24 | 10k+ | Output is not escaped | ||
| #1935 | QuadLayers TikTok Feed | 47 | 78 | 52 | 7k+ | Text Domain Mismatch | ||
| #1936 | Compress, Resize & Lazy Load Images – WPvivid Image Optimization | 47 | 107 | 58 | 10k+ | Missing direct file access protection | ||
| #1937 | XML Sitemap & Google News | 47 | 270 | 224 | 100k+ | Non-prefixed global variable | ||
| #1938 | AnWP Post Grid and Post Carousel Slider for Elementor | 48 | 758 | 171 | 20k+ | Text Domain Mismatch | ||
| #1939 | Disable Author Pages | 48 | 23 | 5 | 6k+ | Unsafe printing function | ||
| #1940 | Jetpack Social | 48 | 829 | 254 | 30k+ | Text Domain Mismatch | ||
| #1941 | Simple Custom Post Order | 48 | 10 | 77 | 300k+ | Direct Query | ||
| #1942 | Easy Updates Manager | 48 | 13 | 182 | 300k+ | Non-prefixed global variable | ||
| #1943 | WPC Smart Wishlist for WooCommerce | 48 | 44 | 38 | 100k+ | Output is not escaped | ||
| #1944 | WP Remote Users Sync | 48 | 355 | 117 | 6k+ | Text Domain Mismatch | ||
| #1945 | WS Action Scheduler Cleaner | 48 | 13 | 80 | 2k+ | error log error log | ||
| #1946 | Drag and Drop Multiple File Upload for WooCommerce | 49 | 114 | 29 | 5k+ | Text Domain Mismatch | ||
| #1947 | GDPR Tools: comment ip removement | 49 | 18 | 13 | 2k+ | Unsafe printing function | ||
| #1948 | Easy Property Listings | 49 | 60 | 66 | 5k+ | wp function not compatible with requires wp | ||
| #1949 | Anti-Spam Protection – No API Key, GDPR Friendly | 49 | 2 | 106 | 1k+ | Direct Query | ||
| #1950 | OneClick Chat to Order | 49 | 677 | 41 | 40k+ | Text Domain Mismatch |
