WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2501 | RioVizual — Table Blocks for Comparison, Pricing and Pros & Cons | 39 | 32 | 75 | 1k+ | Nonce verification recommended | ||
| #2502 | Serial Number for Contact Form 7 | 39 | 105 | 53 | 2k+ | Non Singular String Literal Domain | ||
| #2503 | Taxonomy Thumbnail | 39 | 27 | 58 | 3k+ | Non-prefixed function | ||
| #2504 | Shared Files – File Upload & Download Manager | 39 | 5 | 184 | 4k+ | Nonce verification recommended | ||
| #2505 | Shipping Simulator for WooCommerce | 39 | 120 | 39 | 5k+ | Text Domain Mismatch | ||
| #2506 | Show All Comments | 39 | 108 | 92 | 400 | Nonce verification recommended | ||
| #2507 | Simple Membership WP user Import | 39 | 22 | 46 | 4k+ | Request data is not unslashed | ||
| #2508 | Simple Posts Ticker – Easy, Lightweight & Flexible | 39 | 151 | 28 | 2k+ | Output is not escaped | ||
| #2509 | Smaily for WP | 39 | 52 | 36 | 700 | Output is not escaped | ||
| #2510 | Smart Archives Reloaded | 39 | 78 | 36 | 1k+ | Non Singular String Literal Domain | ||
| #2511 | Solid Post Likes | 39 | 96 | 52 | 500 | Text Domain Mismatch | ||
| #2512 | Stock Ticker | 39 | 92 | 49 | 2k+ | Output is not escaped | ||
| #2513 | Substack Importer | 39 | 33 | 33 | 1k+ | Missing nonce verification | ||
| #2514 | Easy Category Icons | 39 | 50 | 43 | 600 | Text Domain Mismatch | ||
| #2515 | ThemeKit For WordPress | 39 | 149 | 49 | 700 | Output is not escaped | ||
| #2516 | TomS reCAPTCHA | 39 | 128 | 256 | 500 | Missing nonce verification | ||
| #2517 | Traffic Monitor | 39 | 6 | 143 | 1k+ | Direct Query | ||
| #2518 | UiChemy — Figma Converter for Elementor, Gutenberg and Bricks | 39 | 7 | 100 | 9k+ | Nonce verification recommended | ||
| #2519 | User Blocker | 39 | 6 | 276 | 3k+ | Nonce verification recommended | ||
| #2520 | Accessibility by UserWay | 39 | 22 | 35 | 80k+ | Direct Query | ||
| #2521 | Smart Variation Swatches and Attribute Filters for WooCommerce | 39 | 39 | 50 | 3k+ | Output is not escaped | ||
| #2522 | Virtuaria Correios – Frete, Etiqueta, Rastreio e Declaração | 39 | 18 | 81 | 500 | Nonce verification recommended | ||
| #2523 | Smart COD for WooCommerce | 39 | 50 | 28 | 30k+ | Output is not escaped | ||
| #2524 | Website LLMs.txt | 39 | 13 | 145 | 40k+ | Non-prefixed global variable | ||
| #2525 | Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types | 39 | 89 | 117 | 20k+ | Unsafe printing function | ||
| #2526 | Payment Gateway – nexi Alpha Bank for WooCommerce | 39 | 96 | 40 | 1k+ | Non Singular String Literal Domain | ||
| #2527 | Combo Offers WooCommerce | 39 | 38 | 89 | 2k+ | Missing nonce verification | ||
| #2528 | WooCommerce Product Dependencies | 39 | 44 | 60 | 3k+ | Missing nonce verification | ||
| #2529 | WP Accessibility | 39 | 199 | 104 | 60k+ | Unsafe printing function | ||
| #2530 | WP Attachments | 39 | 49 | 44 | 3k+ | Output is not escaped | ||
| #2531 | WPEPP – Essential Security, Password Protect & Login Page Customizer | 39 | 34 | 29 | 3k+ | Unsupported Identifier Placeholder | ||
| #2532 | WP Limit Login Attempts | 39 | 26 | 67 | 10k+ | Direct Query | ||
| #2533 | WP Most Popular | 39 | 50 | 35 | 2k+ | Output is not escaped | ||
| #2534 | WP Server Health Stats | 39 | 66 | 31 | 10k+ | Output is not escaped | ||
| #2535 | WP Sitemaps Config | 39 | 88 | 37 | 700 | Output is not escaped | ||
| #2536 | AidWP – Donation & Payment Forms (Stripe Powered) | 39 | 193 | 800 | Non-prefixed global variable | |||
| #2537 | Categories to Tags Converter | 39 | 86 | 38 | 50k+ | Output is not escaped | ||
| #2538 | WPS Limit Login | 39 | 152 | 76 | 100k+ | Output is not escaped | ||
| #2539 | YITH Custom Login | 39 | 86 | 33 | 5k+ | Output is not escaped | ||
| #2540 | 404 Notifier | 40 | 39 | 41 | 700 | Output is not escaped | ||
| #2541 | ACF Theme Code for Advanced Custom Fields | 40 | 478 | 40 | 10k+ | Output is not escaped | ||
| #2542 | ACF to Custom Database Tables | 40 | 36 | 64 | 600 | Nonce verification recommended | ||
| #2543 | Add & Replace Affiliate Links for Amazon | 40 | 39 | 52 | 600 | Output is not escaped | ||
| #2544 | Admin Search | 40 | 31 | 47 | 1k+ | Output is not escaped | ||
| #2545 | Advanced Admin Search | 40 | 79 | 48 | 600 | Non Singular String Literal Text | ||
| #2546 | Advanced Country Blocker | 40 | 23 | 77 | 2k+ | Exception output is not escaped | ||
| #2547 | Advanced IP Blocker | 40 | 94 | 44 | 2k+ | Exception output is not escaped | ||
| #2548 | Advanced WPLink | 40 | 67 | 19 | 1k+ | Text Domain Mismatch | ||
| #2549 | AJAX Thumbnail Rebuild | 40 | 38 | 14 | 30k+ | Unsafe printing function | ||
| #2550 | Allow Multiple Accounts | 40 | 115 | 19 | 9k+ | Non Singular String Literal Domain |