WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2201 | Additional Order Filters for WooCommerce | 39 | 79 | 255 | 2k+ | Nonce verification recommended | ||
| #2202 | Advanced Woo Labels – Product Labels & Badges for WooCommerce | 39 | 172 | 122 | 10k+ | Output is not escaped | ||
| #2203 | Load More Anything | 39 | 38 | 73 | 5k+ | Output is not escaped | ||
| #2204 | Accessibility by AllAccessible | 39 | 200 | 82 | 2k+ | Unsafe printing function | ||
| #2205 | Andreani WooCommerce | 39 | 21 | 86 | 700 | Non-prefixed global variable | ||
| #2206 | Anything Order by Terms | 39 | 48 | 93 | 1k+ | Direct Query | ||
| #2207 | Better Random Redirect | 39 | 88 | 40 | 700 | Text Domain Mismatch | ||
| #2208 | Better Search Replace | 39 | 96 | 43 | 1m+ | Unsafe printing function | ||
| #2209 | Better User Search | 39 | 24 | 44 | 700 | SQL query is not prepared | ||
| #2210 | Billplz for WooCommerce | 39 | 289 | 65 | 6k+ | Text Domain Mismatch | ||
| #2211 | Blackhole for Bad Bots | 39 | 123 | 69 | 30k+ | Output is not escaped | ||
| #2212 | Blogger Importer Extended | 39 | 55 | 45 | 4k+ | Output is not escaped | ||
| #2213 | Bogo | 39 | 30 | 139 | 10k+ | Request data is not unslashed | ||
| #2214 | BuddyPress Notification Widget | 39 | 54 | 31 | 600 | Output is not escaped | ||
| #2215 | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | 39 | 17 | 50 | 10k+ | Request data is not unslashed | ||
| #2216 | Cache Images | 39 | 72 | 27 | 1k+ | Unsafe printing function | ||
| #2217 | Calculator Builder – Create an Online Calculator | 39 | 16 | 221 | 1k+ | Non-prefixed global variable | ||
| #2218 | CatFolders Document Gallery & PDF Library | 39 | 66 | 32 | 3k+ | Output is not escaped | ||
| #2219 | Constant Contact + WooCommerce | 39 | 27 | 91 | 1k+ | Nonce verification recommended | ||
| #2220 | Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR) | 39 | 28 | 45 | 80k+ | Missing nonce verification | ||
| #2221 | Content Visibility for Divi Builder | 39 | 184 | 59 | 2k+ | Non Singular String Literal Domain | ||
| #2222 | Cryptocurrency Widgets Pack | 39 | 246 | 48 | 700 | Unsafe printing function | ||
| #2223 | Custom Contact Forms | 39 | 13 | 106 | 6k+ | Missing nonce verification | ||
| #2224 | Custom Related Posts | 39 | 131 | 34 | 3k+ | Output is not escaped | ||
| #2225 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non-prefixed global variable | ||
| #2226 | Duplicate Killer – Prevent Duplicate Form Submissions | 39 | 57 | 103 | 1k+ | Non-prefixed global variable | ||
| #2227 | Caldera Forms styler for Elementor Page Builder | 39 | 173 | 12 | 800 | Text Domain Mismatch | ||
| #2228 | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | 39 | 73 | 348 | 1m+ | Non-prefixed global variable | ||
| #2229 | Email Marketing by EmailOctopus | 39 | 43 | 62 | 3k+ | Non-prefixed global variable | ||
| #2230 | BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress | 39 | 480 | 226 | 4k+ | Text Domain Mismatch | ||
| #2231 | First Order Discount Woocommerce | 39 | 55 | 30 | 1k+ | Output is not escaped | ||
| #2232 | Fix Duplicates | 39 | 76 | 73 | 800 | Output is not escaped | ||
| #2233 | GL Import External Images | 39 | 118 | 19 | 800 | wp function not compatible with requires wp | ||
| #2234 | GS Only PDF Preview | 39 | 46 | 36 | 1k+ | Output is not escaped | ||
| #2235 | Maintenance Mode | 39 | 86 | 109 | 7k+ | Output is not escaped | ||
| #2236 | Improved Save Button | 39 | 44 | 52 | 4k+ | Missing Translators Comment | ||
| #2237 | Insert Html Snippet | 39 | 159 | 205 | 20k+ | Output is not escaped | ||
| #2238 | JJ NextGen JQuery Slider | 39 | 221 | 7 | 800 | Output is not escaped | ||
| #2239 | LH Add Media From Url | 39 | 42 | 26 | 2k+ | Output is not escaped | ||
| #2240 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | 39 | 65 | 72 | 6k+ | block api version too low | ||
| #2241 | Mail Subscribe List | 39 | 17 | 94 | 3k+ | Input is not validated | ||
| #2242 | Markup by Attribute for WooCommerce | 39 | 46 | 102 | 2k+ | Direct Query | ||
| #2243 | Menubar | 39 | 171 | 46 | 1k+ | Output is not escaped | ||
| #2244 | Movable Type and TypePad Importer | 39 | 42 | 25 | 20k+ | Output is not escaped | ||
| #2245 | Social Proof Popups & Real-Time Notifications – Herd Effects | 39 | 5 | 181 | 1k+ | Non-prefixed global variable | ||
| #2246 | payever – WooCommerce Gateway | 39 | 263 | 131 | 700 | Text Domain Mismatch | ||
| #2247 | Permalink Manager for WooCommerce | 39 | 116 | 24 | 8k+ | Short PHP open tag found | ||
| #2248 | Quform Mailchimp | 39 | 65 | 147 | 800 | Nonce verification recommended | ||
| #2249 | Quform Zapier | 39 | 60 | 123 | 1k+ | Nonce verification recommended | ||
| #2250 | Redirect 404 Error Page to Homepage or Custom Page with Logs | 39 | 27 | 53 | 10k+ | Nonce verification recommended |
