WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2101 | Desktop Mode | 36 | 1 | 587 | 2k+ | Direct Query | ||
| #2102 | Doneren met Mollie | 36 | 420 | 351 | 4k+ | SQL query is not prepared | ||
| #2103 | Duplicate Post – duplicate pages, copy content, clone posts | 36 | 71 | 81 | 5k+ | wp function not compatible with requires wp | ||
| #2104 | Dynamic Copyright Year | 36 | 972 | 43 | 800 | Output is not escaped | ||
| #2105 | Dynamic Front-End Heartbeat Control | 36 | 217 | 111 | 1k+ | Text Domain Mismatch | ||
| #2106 | Dynamic Visibility for Elementor | 36 | 56 | 89 | 50k+ | Non-prefixed hook name | ||
| #2107 | WP CTA – Call Now Button, Sticky Button & Call to Action Builder | 36 | 1 | 433 | 2k+ | Non-prefixed global variable | ||
| #2108 | Easy Support Videos – Embed videos in the admin | 36 | 160 | 95 | 500 | Output is not escaped | ||
| #2109 | Enhanced Media Library | 36 | 361 | 117 | 60k+ | Unsafe printing function | ||
| #2110 | Enormail Sign Up Forms | 36 | 133 | 126 | 400 | Output is not escaped | ||
| #2111 | Events Manager and WPML Compatibility | 36 | 101 | 177 | 1k+ | Direct Query | ||
| #2112 | FreePay for WooCommerce | 36 | 114 | 102 | 400 | Output is not escaped | ||
| #2113 | Friendly Functions for Welcart | 36 | 311 | 83 | 1k+ | Non Singular String Literal Domain | ||
| #2114 | Genesis Sandbox Featured Content Widget | 36 | 229 | 24 | 1k+ | Text Domain Mismatch | ||
| #2115 | GetPaid > Wallet | 36 | 149 | 174 | 700 | Text Domain Mismatch | ||
| #2116 | Google SEO Pressor for Rich snippets | 36 | 51 | 160 | 400 | Missing nonce verification | ||
| #2117 | Google Webfont Optimizer | 36 | 45 | 49 | 700 | Output is not escaped | ||
| #2118 | Header Footer Script Adder – Insert Code in Header, Body & Footer | 36 | 203 | 78 | 1k+ | Text Domain Mismatch | ||
| #2119 | Header Footer Code Manager | 36 | 81 | 180 | 600k+ | Non-prefixed global variable | ||
| #2120 | Optimize Social Share | 36 | 203 | 61 | 3k+ | Unsafe printing function | ||
| #2121 | HTML Forms – Simple WordPress Forms Plugin | 36 | 231 | 166 | 10k+ | Output is not escaped | ||
| #2122 | HTTP Requests Manager | 36 | 98 | 90 | 1k+ | Output is not escaped | ||
| #2123 | IntelliWidget Per Page Custom Menus and Dynamic Content | 36 | 586 | 162 | 600 | Output is not escaped | ||
| #2124 | Italy Cookie Choices (for EU Cookie Law & Cookie Notice) | 36 | 115 | 77 | 10k+ | Unsafe printing function | ||
| #2125 | Jetpack VideoPress | 36 | 618 | 224 | 7k+ | Text Domain Mismatch | ||
| #2126 | Lara's Google Analytics (GA4) | 36 | 303 | 57 | 9k+ | Unsafe printing function | ||
| #2127 | Legal Text Connector of the IT-Recht Kanzlei | 36 | 45 | 46 | 10k+ | Exception output is not escaped | ||
| #2128 | Libro de Reclamaciones y Quejas | 36 | 266 | 124 | 4k+ | Text Domain Mismatch | ||
| #2129 | LONG URL MAKER | 36 | 39 | 71 | 1k+ | Direct Query | ||
| #2130 | MailMunch – Grow your Email List | 36 | 102 | 49 | 6k+ | Output is not escaped | ||
| #2131 | Manage Notification E-mails | 36 | 129 | 98 | 100k+ | Non-prefixed function | ||
| #2132 | Materialis Companion | 36 | 129 | 67 | 6k+ | Unsafe printing function | ||
| #2133 | Media Deduper | 36 | 60 | 99 | 9k+ | Missing Arg Domain | ||
| #2134 | Microsoft Clarity | 36 | 48 | 163 | 200k+ | Nonce verification recommended | ||
| #2135 | Multiple Sidebars | 36 | 109 | 75 | 600 | Non Singular String Literal Domain | ||
| #2136 | News Manager | 36 | 134 | 57 | 600 | Output is not escaped | ||
| #2137 | NextGEN Custom Fields | 36 | 215 | 131 | 1k+ | SQL query is not prepared | ||
| #2138 | MailerLite – Signup forms (official) | 36 | 430 | 158 | 100k+ | Output is not escaped | ||
| #2139 | We’re Open! | 36 | 273 | 187 | 5k+ | Unsafe printing function | ||
| #2140 | Order Status History for WooCommerce | 36 | 210 | 171 | 1k+ | Output is not escaped | ||
| #2141 | Ovation Elements | 36 | 23 | 399 | 10k+ | Non-prefixed global variable | ||
| #2142 | Peter’s Post Notes | 36 | 224 | 102 | 3k+ | Output is not escaped | ||
| #2143 | Photonic Gallery & Lightbox for Flickr, SmugMug & Others | 36 | 180 | 163 | 10k+ | Missing Translators Comment | ||
| #2144 | Photoswipe Masonry Gallery | 36 | 57 | 47 | 6k+ | Non Singular String Literal Text | ||
| #2145 | Plugins Garbage Collector (Database Cleanup) | 36 | 32 | 51 | 10k+ | Missing nonce verification | ||
| #2146 | Post Views Stats Counter | 36 | 142 | 241 | 700 | Non-prefixed global variable | ||
| #2147 | ActiveCampaign Postmark for WordPress | 36 | 47 | 75 | 50k+ | Text Domain Mismatch | ||
| #2148 | WowStore – Store Builder & Product Blocks for WooCommerce | 36 | 56 | 437 | 4k+ | Non-prefixed global variable | ||
| #2149 | افزونه رسمی ترب | 36 | 42 | 86 | 20k+ | Exception output is not escaped | ||
| #2150 | Rara One Click Demo Import | 36 | 122 | 98 | 20k+ | Missing Translators Comment |