WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2251 | Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder | 37 | 83 | 113 | 20k+ | SQL query is not prepared | ||
| #2252 | HandL UTM Grabber / Tracker | 37 | 27 | 141 | 10k+ | Missing nonce verification | ||
| #2253 | Horizontal scrolling announcements | 37 | 215 | 140 | 8k+ | Output is not escaped | ||
| #2254 | Humans TXT | 37 | 159 | 86 | 400 | Output is not escaped | ||
| #2255 | Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs | 37 | 37 | 102 | 1k+ | Non-prefixed global variable | ||
| #2256 | JS Help Desk – AI-Powered Support & Ticketing System | 37 | 17 | 406 | 7k+ | Missing nonce verification | ||
| #2257 | Language Switcher | 37 | 81 | 105 | 1k+ | Missing Translators Comment | ||
| #2258 | LearnPress – Course Review | 37 | 67 | 43 | 20k+ | Output is not escaped | ||
| #2259 | Lightbox with PhotoSwipe | 37 | 179 | 24 | 20k+ | Output is not escaped | ||
| #2260 | LiveJournal Importer | 37 | 86 | 67 | 8k+ | Output is not escaped | ||
| #2261 | MailMunch – Grow your Email List | 37 | 82 | 84 | 6k+ | Output is not escaped | ||
| #2262 | Maintenance Page | 37 | 62 | 33 | 3k+ | Output is not escaped | ||
| #2263 | Media Sweep – WordPress Media Cleaner | 37 | 54 | 134 | 1k+ | Interpolated SQL is not prepared | ||
| #2264 | Metorik – Reports & Email Automation for WooCommerce | 37 | 75 | 70 | 10k+ | Output is not escaped | ||
| #2265 | My Post Order | 37 | 100 | 114 | 400 | Output is not escaped | ||
| #2266 | news ticker benaceur | 37 | 1,097 | 31 | 1k+ | Output is not escaped | ||
| #2267 | NextGEN Scroll Gallery | 37 | 33 | 28 | 1k+ | Output is not escaped | ||
| #2268 | Ninja Van (MY) | 37 | 21 | 258 | 1k+ | Non-prefixed global variable | ||
| #2269 | Oliver POS – WooCommerce POS for iPhone, iPad & Android | 37 | 15 | 242 | 800 | Interpolated SQL is not prepared | ||
| #2270 | WP All Export – Order Export for WooCommerce | 37 | 109 | 111 | 3k+ | Text Domain Mismatch | ||
| #2271 | OSM – OpenStreetMap | 37 | 130 | 64 | 10k+ | Output is not escaped | ||
| #2272 | Page scroll to id | 37 | 38 | 120 | 100k+ | Missing nonce verification | ||
| #2273 | Panda Pods Repeater Field | 37 | 9 | 260 | 600 | Non-prefixed global variable | ||
| #2274 | Phoenix Media Rename | 37 | 175 | 104 | 50k+ | Output is not escaped | ||
| #2275 | PNG to JPG | 37 | 130 | 173 | 9k+ | Interpolated SQL is not prepared | ||
| #2276 | Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales | 37 | 59 | 64 | 2k+ | SQL query is not prepared | ||
| #2277 | Product Image Hover Effects WOOC – WPSHARE247 | 37 | 161 | 94 | 800 | Output is not escaped | ||
| #2278 | Publish to Schedule | 37 | 195 | 43 | 4k+ | Text Domain Mismatch | ||
| #2279 | Quentn WP | 37 | 4 | 251 | 500 | Nonce verification recommended | ||
| #2280 | Recent Posts Widget With Thumbnails | 37 | 222 | 46 | 100k+ | Output is not escaped | ||
| #2281 | RSS Image Feed | 37 | 147 | 16 | 2k+ | Output is not escaped | ||
| #2282 | Ryviu – Review Importer & Product Reviews | 37 | 72 | 95 | 1k+ | Output is not escaped | ||
| #2283 | Invoice123 | 37 | 138 | 98 | 400 | Text Domain Mismatch | ||
| #2284 | Send PDF for Contact Form 7 | 37 | 22 | 308 | 9k+ | Non-prefixed global variable | ||
| #2285 | Sensei LMS Certificates | 37 | 97 | 362 | 4k+ | Non-prefixed global variable | ||
| #2286 | Sezzle Woocommerce Payment | 37 | 108 | 105 | 1k+ | Text Domain Mismatch | ||
| #2287 | Snippet Shortcodes | 37 | 359 | 133 | 4k+ | Non Singular String Literal Domain | ||
| #2288 | Simple Image XML Sitemap | 37 | 119 | 16 | 1k+ | Output is not escaped | ||
| #2289 | Time Clock – A WordPress Employee & Volunteer Time Clock Plugin | 37 | 166 | 107 | 500 | Output is not escaped | ||
| #2290 | Tracking Code Manager | 37 | 55 | 42 | 90k+ | Output is not escaped | ||
| #2291 | Tracking Script Manager | 37 | 82 | 57 | 2k+ | Non Singular String Literal Domain | ||
| #2292 | Ultimate WordPress Auction Plugin | 37 | 623 | 146 | 1k+ | Text Domain Mismatch | ||
| #2293 | User Meta Display | 37 | 78 | 74 | 500 | Output is not escaped | ||
| #2294 | UsersWP – Social Login | 37 | 299 | 91 | 2k+ | Text Domain Mismatch | ||
| #2295 | ValidateCertify Free | 37 | 123 | 97 | 1k+ | Text Domain Mismatch | ||
| #2296 | Featured Video for WordPress – VideographyWP | 37 | 287 | 93 | 1k+ | Unsafe printing function | ||
| #2297 | Views for WPForms – Display & Edit WPForms Entries on your site frontend | 37 | 80 | 64 | 1k+ | Output is not escaped | ||
| #2298 | Weather Atlas Widget | 37 | 630 | 111 | 9k+ | Output is not escaped | ||
| #2299 | Affiliate Sales in Google Analytics and other tools | 37 | 24 | 84 | 1k+ | Request data is not unslashed | ||
| #2300 | Widget Box Lite | 37 | 318 | 17 | 900 | Output is not escaped |
