WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2151 | TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More | 37 | 878 | 59 | 800 | Output is not escaped | ||
| #2152 | WP VR – 360 Panorama and Virtual Tour Builder | 37 | 3 | 275 | 10k+ | Non-prefixed hook name | ||
| #2153 | XT Visitor Counter | 37 | 177 | 52 | 7k+ | Output is not escaped | ||
| #2154 | Yada Wiki | 37 | 207 | 45 | 2k+ | Text Domain Mismatch | ||
| #2155 | YOURLS Link Creator | 37 | 196 | 39 | 500 | Text Domain Mismatch | ||
| #2156 | Zoho Marketing Automation | 37 | 24 | 194 | 1k+ | Non-prefixed global variable | ||
| #2157 | Accessibility | 38 | 66 | 61 | 1k+ | Non-prefixed global variable | ||
| #2158 | Action Scheduler | 38 | 92 | 134 | 20k+ | Exception output is not escaped | ||
| #2159 | Admin Management Xtended | 38 | 280 | 161 | 5k+ | Output is not escaped | ||
| #2160 | Advanced 301 and 302 Redirect | 38 | 81 | 339 | 1k+ | Non-prefixed global variable | ||
| #2161 | Anant Sites — Elementor & Gutenberg Readymade Template Library Free & Pro Templates | 38 | 20 | 156 | 1k+ | Non-prefixed global variable | ||
| #2162 | Activity Log – Monitor & Record User Changes | 38 | 81 | 149 | 200k+ | Nonce verification recommended | ||
| #2163 | Ashe Extra | 38 | 109 | 54 | 3k+ | Text Domain Mismatch | ||
| #2164 | Autologin Links | 38 | 73 | 74 | 8k+ | Output is not escaped | ||
| #2165 | Automatic Post Tagger | 38 | 592 | 307 | 2k+ | Output is not escaped | ||
| #2166 | Blogger Importer | 38 | 44 | 39 | 50k+ | Output is not escaped | ||
| #2167 | Bot Block – Stop Spam Referrals in Google Analytics | 38 | 28 | 42 | 600 | Output is not escaped | ||
| #2168 | BuddyPress Follow | 38 | 114 | 67 | 1k+ | Text Domain Mismatch | ||
| #2169 | Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO) | 38 | 56 | 39 | 1k+ | Text Domain Mismatch | ||
| #2170 | CC Child Pages | 38 | 63 | 152 | 9k+ | Non-prefixed global variable | ||
| #2171 | Certificate Verification | 38 | 33 | 40 | 1k+ | Output is not escaped | ||
| #2172 | Database for Contact Form 7 | 38 | 34 | 128 | 7k+ | Missing nonce verification | ||
| #2173 | WPAppsDev – CF7 Form Submission Limit | 38 | 104 | 33 | 1k+ | Text Domain Mismatch | ||
| #2174 | Clever Mega Menu for Visual Composer | 38 | 500 | 87 | 1k+ | Output is not escaped | ||
| #2175 | Clever Mega Menu for Elementor | 38 | 835 | 44 | 1k+ | Output is not escaped | ||
| #2176 | CMS Tree Page View | 38 | 135 | 104 | 50k+ | Output is not escaped | ||
| #2177 | CodePeople Post Map for Google Maps | 38 | 240 | 37 | 3k+ | Unsafe printing function | ||
| #2178 | Crop-Thumbnails | 38 | 33 | 27 | 40k+ | Missing direct file access protection | ||
| #2179 | CRUDLab Disable Comments | 38 | 20 | 54 | 700 | Missing nonce verification | ||
| #2180 | Custom Menu Wizard Widget | 38 | 326 | 30 | 2k+ | Output is not escaped | ||
| #2181 | Customize Posts | 38 | 31 | 77 | 1k+ | Non-prefixed hook name | ||
| #2182 | Darkify – Dark Mode & Night Mode for Website & Admin (Dark Theme Included) | 38 | 38 | 183 | 600 | Non-prefixed global variable | ||
| #2183 | Datafeedr Comparison Sets | 38 | 450 | 53 | 3k+ | Output is not escaped | ||
| #2184 | Datafeedr WooCommerce Importer | 38 | 112 | 56 | 5k+ | Text Domain Mismatch | ||
| #2185 | Availability Datepicker – Booking Calendar for Contact Form 7 – Input WP | 38 | 344 | 30 | 20k+ | Text Domain Mismatch | ||
| #2186 | Decent Comments | 38 | 93 | 28 | 2k+ | Output is not escaped | ||
| #2187 | Product Badge, Label, Countdown Timer for WooCommerce – Sale Booster | 38 | 37 | 98 | 5k+ | Interpolated SQL is not prepared | ||
| #2188 | Easy WP Cleaner | 38 | 58 | 124 | 2k+ | Non-prefixed global variable | ||
| #2189 | Export User Data | 38 | 187 | 62 | 6k+ | Text Domain Mismatch | ||
| #2190 | Goal Tracker – Custom Event Tracking for GA4 | 38 | 541 | 25 | 2k+ | Output is not escaped | ||
| #2191 | GoDaddy Payments for WooCommerce | 38 | 58 | 65 | 2k+ | Output is not escaped | ||
| #2192 | GoodBarber | 38 | 38 | 73 | 1k+ | Nonce verification recommended | ||
| #2193 | GoUrl WooCommerce – Bitcoin Altcoin Payment Gateway Addon | 38 | 279 | 24 | 600 | Non Singular String Literal Domain | ||
| #2194 | Great Caroussel | 38 | 60 | 131 | 500 | SQL query is not prepared | ||
| #2195 | Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration | 38 | 160 | 82 | 1k+ | Unsafe printing function | ||
| #2196 | HashThemes Demo Importer | 38 | 71 | 44 | 6k+ | Output is not escaped | ||
| #2197 | Insert PHP Code Snippet | 38 | 164 | 227 | 90k+ | Output is not escaped | ||
| #2198 | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | 38 | 353 | 77 | 80k+ | Non Singular String Literal Domain | ||
| #2199 | JC Submenu | 38 | 279 | 32 | 4k+ | Output is not escaped | ||
| #2200 | Maintenance Redirect | 38 | 244 | 132 | 10k+ | Missing Arg Domain |
