WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2351 | Datafeedr WooCommerce Importer | 38 | 112 | 56 | 5k+ | Text Domain Mismatch | ||
| #2352 | Availability Datepicker – Booking Calendar for Contact Form 7 – Input WP | 38 | 344 | 30 | 20k+ | Text Domain Mismatch | ||
| #2353 | Decent Comments | 38 | 93 | 28 | 2k+ | Output is not escaped | ||
| #2354 | Product Badge, Label, Countdown Timer for WooCommerce – Sale Booster | 38 | 37 | 102 | 5k+ | Interpolated SQL is not prepared | ||
| #2355 | Easy WP Cleaner | 38 | 58 | 124 | 2k+ | Non-prefixed global variable | ||
| #2356 | Export User Data | 38 | 187 | 62 | 6k+ | Text Domain Mismatch | ||
| #2357 | Front-end Editor | 38 | 78 | 62 | 500 | Output is not escaped | ||
| #2358 | Goal Tracker – Custom Event Tracking for GA4 | 38 | 541 | 25 | 2k+ | Output is not escaped | ||
| #2359 | GoDaddy Payments for WooCommerce | 38 | 58 | 65 | 2k+ | Output is not escaped | ||
| #2360 | GoodBarber | 38 | 38 | 73 | 1k+ | Nonce verification recommended | ||
| #2361 | GoUrl WooCommerce – Bitcoin Altcoin Payment Gateway Addon | 38 | 279 | 24 | 600 | Non Singular String Literal Domain | ||
| #2362 | Great Caroussel | 38 | 60 | 131 | 500 | SQL query is not prepared | ||
| #2363 | Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration | 38 | 160 | 82 | 1k+ | Unsafe printing function | ||
| #2364 | HashThemes Demo Importer | 38 | 71 | 44 | 6k+ | Output is not escaped | ||
| #2365 | Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs | 38 | 36 | 106 | 2k+ | Non-prefixed global variable | ||
| #2366 | ThumbPress – Compress Images, Manage Thumbnails, Detect Image Issues, WebP/AVIF, Lazy Loading, Hotlinking & More | 38 | 21 | 88 | 30k+ | Direct Query | ||
| #2367 | Import to Photo Gallery from NextGen gallery | 38 | 80 | 83 | 400 | Direct Query | ||
| #2368 | Coding Chicken – JetEngine Importer | 38 | 55 | 29 | 400 | Missing direct file access protection | ||
| #2369 | Insert PHP Code Snippet | 38 | 164 | 227 | 90k+ | Output is not escaped | ||
| #2370 | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | 38 | 353 | 77 | 80k+ | Non Singular String Literal Domain | ||
| #2371 | JC Submenu | 38 | 279 | 32 | 4k+ | Output is not escaped | ||
| #2372 | Maintenance Redirect | 38 | 244 | 132 | 10k+ | Missing Arg Domain | ||
| #2373 | Jock On Air Now (JOAN) | 38 | 121 | 224 | 500 | Output is not escaped | ||
| #2374 | jQuery Pin It Button for Images | 38 | 129 | 36 | 10k+ | Output is not escaped | ||
| #2375 | Kali Forms — Contact Form & Drag-and-Drop Builder | 38 | 4 | 252 | 10k+ | Dynamic hook name | ||
| #2376 | Lana Downloads Manager | 38 | 146 | 78 | 3k+ | Unsafe printing function | ||
| #2377 | Log Deprecated Notices | 38 | 92 | 73 | 900 | Text Domain Mismatch | ||
| #2378 | LWS Cleaner | 38 | 81 | 129 | 20k+ | Direct Query | ||
| #2379 | Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin | 38 | 2 | 457 | 3k+ | Input is not sanitized | ||
| #2380 | Most And Least Read Posts Widget | 38 | 130 | 24 | 1k+ | Output is not escaped | ||
| #2381 | Customize My Account for WooCommerce – Custom Tabs, Login, Registration, 2FA & Design | 38 | 78 | 172 | 800 | Non-prefixed global variable | ||
| #2382 | Name Directory | 38 | 520 | 309 | 3k+ | Output is not escaped | ||
| #2383 | Contact Form Widget | 38 | 54 | 107 | 1k+ | Request data is not unslashed | ||
| #2384 | Ozh' Better Feed | 38 | 45 | 35 | 600 | Heredoc Output Not Escaped | ||
| #2385 | Page Links To | 38 | 31 | 40 | 100k+ | Unsafe printing function | ||
| #2386 | YAPE A1 Tiendas | 38 | 24 | 43 | 900 | Missing nonce verification | ||
| #2387 | Podlove Subscribe button | 38 | 148 | 45 | 2k+ | Output is not escaped | ||
| #2388 | PopCash Code Integration Tool | 38 | 77 | 109 | 400 | Nonce verification recommended | ||
| #2389 | Popular Widget | 38 | 61 | 30 | 700 | Unsafe printing function | ||
| #2390 | Post views Stats | 38 | 37 | 51 | 1k+ | Non-prefixed global variable | ||
| #2391 | PostLinks | 38 | 107 | 10 | 700 | Output is not escaped | ||
| #2392 | qTranslate X Cleanup and WPML Import | 38 | 167 | 102 | 800 | Text Domain Mismatch | ||
| #2393 | Quick Download Button | 38 | 34 | 123 | 2k+ | Non-prefixed global variable | ||
| #2394 | RDP Wiki Embed | 38 | 69 | 26 | 400 | Output is not escaped | ||
| #2395 | Restrict Widgets | 38 | 135 | 40 | 4k+ | Non Singular String Literal Domain | ||
| #2396 | Like This | 38 | 60 | 17 | 1k+ | Output is not escaped | ||
| #2397 | Invoice123 | 38 | 139 | 88 | 400 | Text Domain Mismatch | ||
| #2398 | Schema App Structured Data | 38 | 35 | 86 | 7k+ | Nonce verification recommended | ||
| #2399 | Author Image | 38 | 51 | 33 | 1k+ | Output is not escaped | ||
| #2400 | LinkBoss – Semantic AI Internal Linking | 38 | 28 | 57 | 2k+ | Missing Arg Domain |