WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2401 | Simple Expires | 38 | 32 | 39 | 500 | Non Singular String Literal Domain | ||
| #2402 | Simple Google Sitemap XML | 38 | 38 | 8 | 2k+ | Output is not escaped | ||
| #2403 | Simple Visitor Counter | 38 | 41 | 27 | 700 | Output is not escaped | ||
| #2404 | SimpleShop | 38 | 52 | 51 | 1k+ | date date | ||
| #2405 | Slickplan Importer | 38 | 40 | 58 | 400 | Non-prefixed global variable | ||
| #2406 | Smart Maintenance Mode | 38 | 137 | 128 | 1k+ | Output is not escaped | ||
| #2407 | Social Icons | 38 | 72 | 83 | 10k+ | Output is not escaped | ||
| #2408 | Social Snap — Social Share Buttons & Click to Tweet | 38 | 6 | 169 | 10k+ | Direct Query | ||
| #2409 | SRS Simple Hits Counter | 38 | 43 | 98 | 8k+ | Output is not escaped | ||
| #2410 | Tag Manager – Header, Body And Footer | 38 | 97 | 319 | 20k+ | Non-prefixed global variable | ||
| #2411 | Templatiq | 38 | 31 | 94 | 900 | Non-prefixed hook name | ||
| #2412 | Variation Swatches for WooCommerce | 38 | 45 | 65 | 2k+ | Output is not escaped | ||
| #2413 | Broadcast | 38 | 21 | 107 | 1k+ | Direct Query | ||
| #2414 | Accessibility Tools & Alt Text Finder | 38 | 36 | 56 | 3k+ | Text Domain Mismatch | ||
| #2415 | TopList.cz | 38 | 138 | 7 | 400 | Output is not escaped | ||
| #2416 | Trackserver | 38 | 17 | 356 | 400 | Input is not sanitized | ||
| #2417 | Plugin Name: Traffic Stats Widget Plugin | 38 | 69 | 107 | 600 | Output is not escaped | ||
| #2418 | Trash Duplicate and 301 Redirect | 38 | 13 | 103 | 1k+ | Nonce verification recommended | ||
| #2419 | Ultimate Member Widgets for Elementor – Login Form, Register Form & User Directory | 38 | 17 | 110 | 400 | Non-prefixed namespace | ||
| #2420 | Unconfirmed | 38 | 20 | 79 | 1k+ | Nonce verification recommended | ||
| #2421 | Vertical News Scroller | 38 | 118 | 60 | 5k+ | Output is not escaped | ||
| #2422 | VidShop – Shoppable Videos for WooCommerce | 38 | 49 | 144 | 1k+ | Database parameter is not escaped | ||
| #2423 | Visual Admin Customizer | 38 | 20 | 51 | 500 | Input is not sanitized | ||
| #2424 | Shipping Packages for WooCommerce – Dropship from multiple locations like AliExpress, eBay, Amazon, Etsy | 38 | 94 | 26 | 900 | Non Singular String Literal Domain | ||
| #2425 | Affiliate Sales in Google Analytics and other tools | 38 | 23 | 84 | 1k+ | Request data is not unslashed | ||
| #2426 | White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard | 38 | 205 | 31 | 10k+ | Output is not escaped | ||
| #2427 | WishSuite – Wishlist for WooCommerce | 38 | 76 | 133 | 1k+ | Output is not escaped | ||
| #2428 | Products Coming Soon for WooCommerce | 38 | 151 | 62 | 700 | Output is not escaped | ||
| #2429 | Wholesale for WooCommerce | 38 | 541 | 22 | 1k+ | Output is not escaped | ||
| #2430 | Connect WooCommerce Shop to ERP/CRM, Verifactu and EU/VAT Compliance | 38 | 23 | 104 | 1k+ | Direct Query | ||
| #2431 | WP 404 Auto Redirect to Similar Post | 38 | 166 | 48 | 30k+ | Text Domain Mismatch | ||
| #2432 | WP Accessibility Helper (WAH) | 38 | 61 | 88 | 10k+ | Missing direct file access protection | ||
| #2433 | WP-DraftsForFriends | 38 | 141 | 71 | 1k+ | Output is not escaped | ||
| #2434 | WP Media Categories | 38 | 40 | 103 | 800 | Nonce verification recommended | ||
| #2435 | Native PHP Sessions | 38 | 30 | 92 | 10k+ | Direct Query | ||
| #2436 | Real-Time Post Statistics for WordPress | 38 | 63 | 68 | 1k+ | SQL query is not prepared | ||
| #2437 | WP-ServerInfo | 38 | 162 | 55 | 10k+ | Output is not escaped | ||
| #2438 | Responsive Vertical Icon Menu | 38 | 188 | 85 | 700 | Output is not escaped | ||
| #2439 | ZeroBounce Email Verification & Validation | 38 | 299 | 162 | 900 | Text Domain Mismatch | ||
| #2440 | Zoho Campaigns | 38 | 3 | 129 | 3k+ | Non-prefixed global variable | ||
| #2441 | Smart Custom 404 Error Page | 39 | 90 | 44 | 100k+ | Output is not escaped | ||
| #2442 | Ad Invalid Click Protector (AICP) | 39 | 78 | 57 | 10k+ | Text Domain Mismatch | ||
| #2443 | Add-on Gravity Forms – MailPoet 3 | 39 | 31 | 33 | 600 | Output is not escaped | ||
| #2444 | Additional Order Filters for WooCommerce | 39 | 79 | 255 | 2k+ | Nonce verification recommended | ||
| #2445 | Advanced Woo Labels – Product Labels & Badges for WooCommerce | 39 | 171 | 125 | 10k+ | Output is not escaped | ||
| #2446 | Affiliate Links – Link Cloaking and Management | 39 | 23 | 113 | 3k+ | Non-prefixed global variable | ||
| #2447 | Load More Anything | 39 | 38 | 73 | 5k+ | Output is not escaped | ||
| #2448 | Accessibility by AllAccessible | 39 | 200 | 82 | 2k+ | Unsafe printing function | ||
| #2449 | Alt Magic: AI Image Alt Text Generator for WP & Image Rename | 39 | 61 | 112 | 1k+ | Direct Query | ||
| #2450 | Andreani WooCommerce | 39 | 21 | 86 | 800 | Non-prefixed global variable |