WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2251 | Multiple Featured Images | 40 | 50 | 22 | 5k+ | Output is not escaped | ||
| #2252 | Page Comments Off Please | 40 | 17 | 29 | 1k+ | Nonce verification recommended | ||
| #2253 | Plugin Load Filter | 40 | 76 | 112 | 7k+ | Text Domain Mismatch | ||
| #2254 | Requirements Checklist | 40 | 200 | 22 | 900 | Output is not escaped | ||
| #2255 | Private Google Calendars | 40 | 227 | 37 | 1k+ | Output is not escaped | ||
| #2256 | Quiz Cat – WordPress Quiz Plugin | 40 | 151 | 69 | 5k+ | Output is not escaped | ||
| #2257 | Random Banner | 40 | 59 | 125 | 1k+ | Output is not escaped | ||
| #2258 | Redirector | 40 | 48 | 32 | 7k+ | Output is not escaped | ||
| #2259 | Responsive Plus – Elementor Templates & Starter Sites | 40 | 46 | 305 | 10k+ | Non-prefixed global variable | ||
| #2260 | REST API Custom Fields | 40 | 44 | 16 | 800 | Text Domain Mismatch | ||
| #2261 | Role Based Redirect | 40 | 20 | 96 | 2k+ | Non-prefixed global variable | ||
| #2262 | Sales Tax Reports For WooCommerce | 40 | 50 | 65 | 900 | Output is not escaped | ||
| #2263 | Multipage | 40 | 72 | 28 | 900 | Unsafe printing function | ||
| #2264 | Shortcodes Finder | 40 | 22 | 188 | 4k+ | Nonce verification recommended | ||
| #2265 | Show Pages URL List | 40 | 29 | 234 | 1k+ | Non-prefixed global variable | ||
| #2266 | Simple Statistics for Feeds | 40 | 64 | 131 | 800 | Nonce verification recommended | ||
| #2267 | Simple Page Sidebars | 40 | 55 | 65 | 20k+ | Output is not escaped | ||
| #2268 | Statify Widget | 40 | 52 | 13 | 4k+ | Output is not escaped | ||
| #2269 | StifLi Flex MCP – MCP Server with undo for ChatGPT, Claude & Gemini | 40 | 7 | 111 | 1k+ | Interpolated SQL is not prepared | ||
| #2270 | Thin Out Revisions | 40 | 93 | 35 | 800 | Non Singular String Literal Domain | ||
| #2271 | Track Geolocation Of Users Using Contact Form 7 | 40 | 17 | 173 | 900 | Nonce verification recommended | ||
| #2272 | Visibility Control for LearnDash | 40 | 55 | 23 | 1k+ | Missing Arg Domain | ||
| #2273 | Visibility Control for LearnPress | 40 | 52 | 19 | 700 | Missing Arg Domain | ||
| #2274 | WC Search Orders By Product | 40 | 47 | 66 | 800 | Nonce verification recommended | ||
| #2275 | Payment Gateway – nexi Alpha Bank for WooCommerce | 40 | 28 | 45 | 1k+ | Missing nonce verification | ||
| #2276 | Total Sales Counts for WooCommerce | 40 | 121 | 62 | 700 | SQL query is not prepared | ||
| #2277 | Word Balloon | 40 | 20 | 125 | 10k+ | Request data is not unslashed | ||
| #2278 | WP All Import – Job Listing Import for WP Job Manager | 40 | 35 | 27 | 2k+ | Output is not escaped | ||
| #2279 | Media Library Categories | 40 | 29 | 49 | 20k+ | Output is not escaped | ||
| #2280 | WP Multisite Content Copier/Updater | 40 | 19 | 144 | 800 | Interpolated SQL is not prepared | ||
| #2281 | WP Reroute Email | 40 | 141 | 106 | 1k+ | Output is not escaped | ||
| #2282 | WPFront Notification Bar | 40 | 222 | 44 | 50k+ | Output is not escaped | ||
| #2283 | WPS Menu Exporter | 40 | 47 | 22 | 10k+ | Output is not escaped | ||
| #2284 | Yektanet Ecommerce | 40 | 45 | 103 | 900 | Request data is not unslashed | ||
| #2285 | My YouTube Channel | 40 | 54 | 38 | 5k+ | Output is not escaped | ||
| #2286 | Zippy | 40 | 43 | 31 | 9k+ | Output is not escaped | ||
| #2287 | AMP for WP – Accelerated Mobile Pages | 41 | 656 | 2,401 | 80k+ | Non-prefixed global variable | ||
| #2288 | Alma – Pay in installments or later for WooCommerce | 41 | 116 | 68 | 1k+ | Exception output is not escaped | ||
| #2289 | Authenticator | 41 | 59 | 44 | 1k+ | Output is not escaped | ||
| #2290 | Auto Focus Keyword for SEO | 41 | 12 | 38 | 2k+ | Input is not validated | ||
| #2291 | Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) | 41 | 175 | 26 | 100k+ | Unsafe printing function | ||
| #2292 | Beautiful Cookie Consent Banner | 41 | 33 | 76 | 40k+ | Non-prefixed global variable | ||
| #2293 | BuddyPress Xprofile Custom Field Types | 41 | 39 | 189 | 4k+ | Missing nonce verification | ||
| #2294 | Custom Post Type Cleanup | 41 | 70 | 12 | 1k+ | Output is not escaped | ||
| #2295 | Database for CF7 | 41 | 37 | 32 | 2k+ | Text Domain Mismatch | ||
| #2296 | DevVN Local Store | 41 | 84 | 28 | 1k+ | Unsafe printing function | ||
| #2297 | Disable Everything | 41 | 90 | 16 | 30k+ | Output is not escaped | ||
| #2298 | Duplicate Post Page Menu & Custom Post Type | 41 | 35 | 11 | 10k+ | Text Domain Mismatch | ||
| #2299 | Duplicate Page and Post | 41 | 26 | 21 | 80k+ | Unsafe printing function | ||
| #2300 | Multiple Themes | 41 | 112 | 41 | 10k+ | Output is not escaped |
