WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2051 | Bulk Page Creator | 62 | 9 | 17 | 10k+ | Request data is not unslashed | ||
| #2052 | Cloudways WordPress Migrator | 62 | 15 | 25 | 20k+ | Output is not escaped | ||
| #2053 | Carousel Slider | 62 | 71 | 30k+ | Non-prefixed global variable | |||
| #2054 | Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages | 62 | 81 | 100 | 40k+ | Missing direct file access protection | ||
| #2055 | DreamHost Automated Migration | 62 | 15 | 23 | 20k+ | Output is not escaped | ||
| #2056 | exovia GDPR Google Maps | 62 | 40 | 6 | 4k+ | Output is not escaped | ||
| #2057 | Migrate To Liquid Web & Nexcess | 62 | 15 | 23 | 2k+ | Output is not escaped | ||
| #2058 | Pressable Automated Migration | 62 | 15 | 23 | 3k+ | Output is not escaped | ||
| #2059 | Proofreading | 62 | 11 | 74 | 5k+ | Direct Query | ||
| #2060 | Woo Product Remover | 62 | 23 | 14 | 1k+ | SQL query is not prepared | ||
| #2061 | XPoster – Share to Bluesky and Mastodon | 62 | 26 | 36 | 10k+ | Missing nonce verification | ||
| #2062 | Migrate to WordPress.com | 62 | 15 | 28 | 2k+ | Output is not escaped | ||
| #2063 | Automatic Featured Images from Videos | 63 | 14 | 13 | 7k+ | Missing direct file access protection | ||
| #2064 | Classic Editor and Classic Widgets | 63 | 18 | 41 | 20k+ | Nonce verification recommended | ||
| #2065 | Missed Scheduled Posts Publisher by WPBeginner | 63 | 16 | 17 | 30k+ | Text Domain Mismatch | ||
| #2066 | Contact Form to Chat Apps | Click to Chat to Order – FormyChat | 63 | 18 | 136 | 3k+ | Direct Query | ||
| #2067 | Collapsing Archives | 64 | 36 | 9 | 3k+ | date date | ||
| #2068 | ELEX WooCommerce Product Price Custom Text (Before & After Text) and Discount | 64 | 444 | 137 | 2k+ | Missing Arg Domain | ||
| #2069 | Icon Element – Icon Pack for Elementor Page Builder (6718 icons) | 64 | 30 | 16 | 40k+ | wp function not compatible with requires wp | ||
| #2070 | Inactive Logout | 64 | 30 | 71 | 10k+ | Non-prefixed global variable | ||
| #2071 | Inline Related Posts | 64 | 17 | 39 | 100k+ | Nonce verification recommended | ||
| #2072 | Layouts for Divi | 64 | 3 | 27 | 1k+ | Non-prefixed global variable | ||
| #2073 | Royal MCP – Secure AI Connector for Claude, ChatGPT & Gemini | 64 | 6 | 32 | 5k+ | Interpolated SQL is not prepared | ||
| #2074 | JTL-Connector for WooCommerce | 64 | 7 | 166 | 1k+ | Direct Query | ||
| #2075 | WP REST API Controller | 64 | 8 | 22 | 8k+ | Nonce verification recommended | ||
| #2076 | WP REST Cache | 64 | 11 | 113 | 10k+ | Direct Query | ||
| #2077 | WP Term Order | 64 | 2 | 26 | 6k+ | Nonce verification recommended | ||
| #2078 | Custom Share Buttons with Floating Sidebar | 65 | 164 | 20 | 4k+ | Text Domain Mismatch | ||
| #2079 | Cyr to Lat Reloaded – Transliteration of Links and File Names | 65 | 13 | 36 | 30k+ | Direct Query | ||
| #2080 | Integration for Elementor forms – Sendinblue | 65 | 94 | 56 | 7k+ | Text Domain Mismatch | ||
| #2081 | Notibar – Notification Bar for WordPress | 65 | 43 | 60 | 8k+ | wp function not compatible with requires wp | ||
| #2082 | SQL Buddy – Database Management Made Easy | 65 | 12 | 16 | 5k+ | SQL query is not prepared | ||
| #2083 | Return Refund and Exchange For WooCommerce | 65 | 21 | 653 | 4k+ | Non-prefixed global variable | ||
| #2084 | CP Media Player – Audio Player and Video Player | 66 | 224 | 48 | 3k+ | Text Domain Mismatch | ||
| #2085 | Easy PHP Settings | 66 | 34 | 48 | 2k+ | Missing Translators Comment | ||
| #2086 | Flexible Product Fields (WooCommerce Product Addons) – WooCommerce Product Page Editor | 66 | 59 | 98 | 10k+ | Non-prefixed global variable | ||
| #2087 | FluentBoards – Project Management, Task Management, Goal Tracking, Kanban Board, and, Team Collaboration | 66 | 26 | 30 | 6k+ | Missing direct file access protection | ||
| #2088 | Leadpages | 66 | 6 | 62 | 10k+ | Direct Query | ||
| #2089 | Plugin Compatibility Checker | 66 | 73 | 18 | 9k+ | Text Domain Mismatch | ||
| #2090 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | 66 | 51 | 690 | 700k+ | Non-prefixed hook name | ||
| #2091 | Safe Redirect Manager | 66 | 9 | 60 | 40k+ | Non-prefixed hook name | ||
| #2092 | Ajax add to cart for WooCommerce | 66 | 67 | 31 | 10k+ | Text Domain Mismatch | ||
| #2093 | Frenet Shipping Gateway for WooCommerce – Correios, Etiquetas e Rastreio | 66 | 22 | 31 | 4k+ | Non-prefixed global variable | ||
| #2094 | WP Redis | 66 | 11 | 25 | 9k+ | Interpolated SQL is not prepared | ||
| #2095 | Caddy – WooCommerce Side Cart & Free Shipping Bar | 67 | 38 | 199 | 4k+ | Non-prefixed global variable | ||
| #2096 | Missed Schedule Post Publisher | 67 | 11 | 10 | 7k+ | Output is not escaped | ||
| #2097 | Printful Integration for WooCommerce | 67 | 218 | 76 | 50k+ | Text Domain Mismatch | ||
| #2098 | Product Specifications for Woocommerce | 67 | 12 | 80 | 1k+ | Non-prefixed global variable | ||
| #2099 | wp-Typography | 67 | 91 | 33 | 20k+ | Missing direct file access protection | ||
| #2100 | Collapsing Categories | 68 | 29 | 8 | 4k+ | Missing direct file access protection |
