WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2451 | Bogo | 39 | 30 | 139 | 10k+ | Request data is not unslashed | ||
| #2452 | BuddyPress Notification Widget | 39 | 54 | 31 | 600 | Output is not escaped | ||
| #2453 | Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | 39 | 16 | 47 | 10k+ | Request data is not unslashed | ||
| #2454 | Cache Images | 39 | 72 | 27 | 1k+ | Unsafe printing function | ||
| #2455 | Calculator Builder – Create an Online Calculator | 39 | 16 | 221 | 1k+ | Non-prefixed global variable | ||
| #2456 | CatFolders Document Gallery & PDF Library | 39 | 66 | 32 | 3k+ | Output is not escaped | ||
| #2457 | Constant Contact + WooCommerce | 39 | 27 | 91 | 1k+ | Nonce verification recommended | ||
| #2458 | Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR) | 39 | 28 | 45 | 80k+ | Missing nonce verification | ||
| #2459 | Content Visibility for Divi Builder | 39 | 184 | 59 | 2k+ | Non Singular String Literal Domain | ||
| #2460 | Custom Post Type Auto Menu | 39 | 54 | 33 | 500 | Text Domain Mismatch | ||
| #2461 | Custom Related Posts | 39 | 131 | 34 | 3k+ | Output is not escaped | ||
| #2462 | Custom Thank You for WooCommerce | 39 | 107 | 57 | 400 | Output is not escaped | ||
| #2463 | Datalogics Ecommerce Delivery – Datalogics | 39 | 13 | 115 | 500 | Nonce verification recommended | ||
| #2464 | DefendWP Firewall | 39 | 16 | 203 | 3k+ | Non-prefixed global variable | ||
| #2465 | Drip for Gravity Forms | 39 | 41 | 21 | 500 | Unsafe printing function | ||
| #2466 | Duplicate Killer – Prevent Duplicate Form Submissions | 39 | 57 | 103 | 1k+ | Non-prefixed global variable | ||
| #2467 | Caldera Forms styler for Elementor Page Builder | 39 | 173 | 12 | 800 | Text Domain Mismatch | ||
| #2468 | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | 39 | 73 | 350 | 1m+ | Non-prefixed global variable | ||
| #2469 | Email Marketing by EmailOctopus | 39 | 43 | 62 | 3k+ | Non-prefixed global variable | ||
| #2470 | BestWebSoft's Like & Share – Posts, Pages and Widget Social Extension plugin for WordPress | 39 | 480 | 226 | 4k+ | Text Domain Mismatch | ||
| #2471 | Favorites | 39 | 187 | 123 | 10k+ | Unsafe printing function | ||
| #2472 | First Order Discount Woocommerce | 39 | 55 | 30 | 1k+ | Output is not escaped | ||
| #2473 | Fix Duplicates | 39 | 76 | 73 | 800 | Output is not escaped | ||
| #2474 | Flamix: Bitrix24 and WooCommerce Orders integration | 39 | 81 | 31 | 500 | Output is not escaped | ||
| #2475 | Gallery Widget | 39 | 122 | 11 | 500 | Output is not escaped | ||
| #2476 | GL Import External Images | 39 | 118 | 19 | 800 | wp function not compatible with requires wp | ||
| #2477 | GS Only PDF Preview | 39 | 46 | 36 | 1k+ | Output is not escaped | ||
| #2478 | Maintenance Mode | 39 | 86 | 109 | 7k+ | Output is not escaped | ||
| #2479 | Improved Save Button | 39 | 44 | 52 | 4k+ | Missing Translators Comment | ||
| #2480 | Insert Html Snippet | 39 | 159 | 205 | 20k+ | Output is not escaped | ||
| #2481 | JJ NextGen JQuery Carousel | 39 | 122 | 9 | 400 | Output is not escaped | ||
| #2482 | JJ NextGen JQuery Slider | 39 | 221 | 7 | 800 | Output is not escaped | ||
| #2483 | LH Add Media From Url | 39 | 42 | 26 | 2k+ | Output is not escaped | ||
| #2484 | Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid | 39 | 65 | 72 | 6k+ | block api version too low | ||
| #2485 | Mail Subscribe List | 39 | 17 | 94 | 3k+ | Input is not validated | ||
| #2486 | Manage Enrollment for LearnDash | 39 | 48 | 79 | 400 | Unsafe printing function | ||
| #2487 | Markup by Attribute for WooCommerce | 39 | 46 | 102 | 2k+ | Direct Query | ||
| #2488 | Menubar | 39 | 171 | 46 | 1k+ | Output is not escaped | ||
| #2489 | Movable Type and TypePad Importer | 39 | 42 | 25 | 20k+ | Output is not escaped | ||
| #2490 | Social Proof Popups & Real-Time Notifications – Herd Effects | 39 | 5 | 181 | 1k+ | Non-prefixed global variable | ||
| #2491 | payever – WooCommerce Gateway | 39 | 263 | 131 | 700 | Text Domain Mismatch | ||
| #2492 | Paystack Add-On for Gravity Forms | 39 | 96 | 31 | 400 | Text Domain Mismatch | ||
| #2493 | Query Multiple Taxonomies | 39 | 55 | 41 | 500 | Output is not escaped | ||
| #2494 | Quform Mailchimp | 39 | 65 | 147 | 800 | Nonce verification recommended | ||
| #2495 | Quform Zapier | 39 | 60 | 123 | 1k+ | Nonce verification recommended | ||
| #2496 | Redirect 404 Error Page to Homepage or Custom Page with Logs | 39 | 27 | 53 | 10k+ | Nonce verification recommended | ||
| #2497 | Re Gallery – Responsive Image & Photo Gallery | 39 | 16 | 121 | 700 | Missing nonce verification | ||
| #2498 | Reorder by Term | 39 | 20 | 84 | 1k+ | Request data is not unslashed | ||
| #2499 | Responsify WP | 39 | 90 | 11 | 600 | Unsafe printing function | ||
| #2500 | REST API Helper | 39 | 108 | 85 | 500 | Unsafe printing function |