WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1951 | ReCrawler | 49 | 10 | 40 | 4k+ | Direct Query | ||
| #1952 | Search in Place | 49 | 74 | 57 | 3k+ | wp function not compatible with requires wp | ||
| #1953 | Secondary Product Image for WooCommerce | 49 | 25 | 29 | 2k+ | Output is not escaped | ||
| #1954 | SKT Themes Demo Import | 49 | 218 | 104 | 4k+ | Text Domain Mismatch | ||
| #1955 | Taxonomy Images | 49 | 38 | 50 | 9k+ | Output is not escaped | ||
| #1956 | PDF Invoices & Packing Slips for WooCommerce – Challan | 49 | 56 | 151 | 3k+ | Non-prefixed global variable | ||
| #1957 | WP Sitemap Page | 49 | 43 | 14 | 200k+ | Missing Translators Comment | ||
| #1958 | File Manager | 50 | 42 | 72 | 10k+ | Missing direct file access protection | ||
| #1959 | Send Emails with Mandrill | 50 | 36 | 141 | 6k+ | Non-prefixed global variable | ||
| #1960 | Server Info – System Health & Diagnostics Suite | 50 | 15 | 46 | 3k+ | Input is not sanitized | ||
| #1961 | Table Addons for Elementor | 50 | 92 | 29 | 20k+ | wp function not compatible with requires wp | ||
| #1962 | Theme Demo Import | 50 | 101 | 95 | 5k+ | Non-prefixed hook name | ||
| #1963 | WPML Multilingual for BuddyPress and BuddyBoss | 51 | 18 | 21 | 6k+ | SQL query is not prepared | ||
| #1964 | Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress | 51 | 3 | 116 | 1k+ | Missing nonce verification | ||
| #1965 | Firelight Lightbox | 51 | 78 | 97 | 200k+ | Non-prefixed global variable | ||
| #1966 | Lite Video Embed | 51 | 35 | 7 | 1k+ | Output is not escaped | ||
| #1967 | OnSale Page for WooCommerce | 51 | 30 | 44 | 2k+ | Text Domain Mismatch | ||
| #1968 | Quotes and Tips by BestWebSoft | 51 | 485 | 190 | 1k+ | Text Domain Mismatch | ||
| #1969 | SePay Gateway | 51 | 12 | 39 | 2k+ | Nonce verification recommended | ||
| #1970 | Popular Brand Icons – Simple Icons | 51 | 20 | 12 | 3k+ | Output is not escaped | ||
| #1971 | Trustpilot Reviews | 51 | 14 | 52 | 30k+ | Missing nonce verification | ||
| #1972 | User Activity Tracking and Log | 51 | 28 | 237 | 3k+ | Non-prefixed global variable | ||
| #1973 | Swift SMTP (formerly Welcome Email Editor) | 51 | 12 | 62 | 7k+ | Missing nonce verification | ||
| #1974 | REST API Log | 51 | 44 | 95 | 5k+ | Non-prefixed hook name | ||
| #1975 | YayMail – WooCommerce Email Customizer | 51 | 163 | 788 | 50k+ | Non-prefixed global variable | ||
| #1976 | Request a Quote for WooCommerce – Get a Quote Button | 52 | 25 | 12 | 6k+ | Output is not escaped | ||
| #1977 | MB Custom Post Types & Custom Taxonomies | 52 | 9 | 49 | 10k+ | Nonce verification recommended | ||
| #1978 | Metronet Tag Manager | 52 | 17 | 36 | 20k+ | Input is not validated | ||
| #1979 | Post Notification by Email | 52 | 36 | 13 | 2k+ | Output is not escaped | ||
| #1980 | SEOWriting | 52 | 10 | 24 | 30k+ | Output is not escaped | ||
| #1981 | SKU Generator for WooCommerce | 52 | 29 | 12 | 2k+ | Output is not escaped | ||
| #1982 | Wenprise Pinyin Slug | 52 | 30 | 34 | 4k+ | Text Domain Mismatch | ||
| #1983 | Price Based on Country for WooCommerce | 52 | 43 | 126 | 20k+ | Non-prefixed hook name | ||
| #1984 | Automattic For Agencies Client | 53 | 249 | 184 | 20k+ | Text Domain Mismatch | ||
| #1985 | Connect Contact Form 7 and Mailchimp | 53 | 236 | 52 | 40k+ | Text Domain Mismatch | ||
| #1986 | FakerPress | 53 | 66 | 152 | 10k+ | Non-prefixed global variable | ||
| #1987 | LearnPress – bbPress Integration | 53 | 19 | 14 | 2k+ | Output is not escaped | ||
| #1988 | Multiple Post Thumbnails | 53 | 25 | 18 | 20k+ | Output is not escaped | ||
| #1989 | Pinterest for WooCommerce | 53 | 44 | 30 | 300k+ | Exception output is not escaped | ||
| #1990 | Preserved HTML Editor Markup Plus | 53 | 12 | 22 | 3k+ | Output is not escaped | ||
| #1991 | Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely | 53 | 34 | 90 | 20k+ | Database parameter is not escaped | ||
| #1992 | Texty – SMS Notification for WordPress, WooCommerce, Dokan and more | 53 | 31 | 34 | 8k+ | Output is not escaped | ||
| #1993 | Cyr-To-Lat | 54 | 16 | 48 | 300k+ | Dynamic hook name | ||
| #1994 | Expanding Archives | 54 | 37 | 9 | 3k+ | Output is not escaped | ||
| #1995 | Helpie FAQ — Accordion, Docs & Knowledge Base | 54 | 96 | 89 | 9k+ | Nonce verification recommended | ||
| #1996 | SimplyBook.me – Booking and reservations calendar | 54 | 31 | 13 | 30k+ | Exception output is not escaped | ||
| #1997 | WP Call Button – Easy Click to Call Button for WordPress | 54 | 21 | 38 | 40k+ | Non-prefixed global variable | ||
| #1998 | WP Menu Icons | 54 | 68 | 52 | 20k+ | Text Domain Mismatch | ||
| #1999 | Accordions | 55 | 1 | 101 | 20k+ | slow db query meta query | ||
| #2000 | Quick Buy Now Button for WooCommerce | 55 | 37 | 39 | 5k+ | Output is not escaped |
