WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2651 | My YouTube Channel | 40 | 54 | 38 | 5k+ | Output is not escaped | ||
| #2652 | Zippy | 40 | 43 | 31 | 9k+ | Output is not escaped | ||
| #2653 | AMP for WP – Accelerated Mobile Pages | 41 | 656 | 2,401 | 80k+ | Non-prefixed global variable | ||
| #2654 | Alma – Pay in installments or later for WooCommerce | 41 | 116 | 68 | 1k+ | Exception output is not escaped | ||
| #2655 | Antispam | 41 | 11 | 41 | 400 | Missing nonce verification | ||
| #2656 | Authenticator | 41 | 59 | 44 | 1k+ | Output is not escaped | ||
| #2657 | Auto Focus Keyword for SEO | 41 | 12 | 38 | 2k+ | Input is not validated | ||
| #2658 | Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) | 41 | 175 | 26 | 100k+ | Unsafe printing function | ||
| #2659 | Beautiful Cookie Consent Banner | 41 | 33 | 76 | 40k+ | Non-prefixed global variable | ||
| #2660 | BuddyPress Xprofile Custom Field Types | 41 | 39 | 189 | 4k+ | Missing nonce verification | ||
| #2661 | Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO) | 41 | 16 | 37 | 1k+ | Missing nonce verification | ||
| #2662 | Cache control by Cacholong | 41 | 87 | 30 | 500 | Non Singular String Literal Domain | ||
| #2663 | CMS Tree Page View – Reorder Pages with a Drag-and-Drop Tree | 41 | 121 | 96 | 50k+ | Unsafe printing function | ||
| #2664 | Custom Post Type Cleanup | 41 | 70 | 12 | 1k+ | Output is not escaped | ||
| #2665 | Database for CF7 | 41 | 37 | 32 | 2k+ | Text Domain Mismatch | ||
| #2666 | DevVN Local Store | 41 | 84 | 28 | 1k+ | Unsafe printing function | ||
| #2667 | Disable Everything | 41 | 90 | 16 | 30k+ | Output is not escaped | ||
| #2668 | Duplicate Post Page Menu & Custom Post Type | 41 | 35 | 11 | 10k+ | Text Domain Mismatch | ||
| #2669 | Duplicate Page and Post | 41 | 26 | 21 | 80k+ | Unsafe printing function | ||
| #2670 | SNORDIAN's H5PxAPIkatchu | 41 | 119 | 88 | 500 | SQL query is not prepared | ||
| #2671 | Multiple Themes | 41 | 112 | 41 | 10k+ | Output is not escaped | ||
| #2672 | Log cleaner for Solid Security | 41 | 65 | 47 | 8k+ | Text Domain Mismatch | ||
| #2673 | Mobile Contact Bar | 41 | 94 | 36 | 10k+ | Unsafe printing function | ||
| #2674 | Mollie Forms | 41 | 14 | 565 | 3k+ | Request data is not unslashed | ||
| #2675 | Most Popular Categories | 41 | 67 | 2 | 600 | Output is not escaped | ||
| #2676 | Native Emoji | 41 | 54 | 37 | 5k+ | Unsafe printing function | ||
| #2677 | Social Login | 41 | 8 | 110 | 5k+ | Input is not sanitized | ||
| #2678 | Omnibus — show the lowest price | 41 | 35 | 37 | 10k+ | Output is not escaped | ||
| #2679 | Optimus – WordPress Image Optimizer | 41 | 52 | 20 | 30k+ | Unsafe printing function | ||
| #2680 | OSS Aliyun | 41 | 19 | 40 | 3k+ | Request data is not unslashed | ||
| #2681 | Page & Post Notes | 41 | 12 | 77 | 1k+ | Non-prefixed global variable | ||
| #2682 | Plugin Activation Tracker | 41 | 36 | 24 | 900 | Text Domain Mismatch | ||
| #2683 | Pods – Custom Content Types and Fields | 41 | 5 | 233 | 100k+ | Direct Query | ||
| #2684 | Smart Post – Post Grid, Post Carousel, Post Slider Gutenberg Blocks for Blog & News | 41 | 537 | 20k+ | Non-prefixed global variable | |||
| #2685 | Posts 2 Posts | 41 | 42 | 73 | 10k+ | Non Singular String Literal Domain | ||
| #2686 | Product Expiry for WooCommerce | 41 | 31 | 85 | 2k+ | Request data is not unslashed | ||
| #2687 | Simple Product Options for WooCommerce | 41 | 62 | 41 | 3k+ | Output is not escaped | ||
| #2688 | ShinyStat Analytics | 41 | 88 | 25 | 1k+ | Output is not escaped | ||
| #2689 | Simple Google Photos Grid | 41 | 48 | 2 | 1k+ | Output is not escaped | ||
| #2690 | Simple Lightbox | 41 | 21 | 48 | 100k+ | Nonce verification recommended | ||
| #2691 | Simple Page Access Restriction | 41 | 66 | 51 | 6k+ | Unsafe printing function | ||
| #2692 | Simple Revision Control | 41 | 34 | 43 | 1k+ | Dynamic hook name | ||
| #2693 | Smoove connector for Elementor forms | 41 | 22 | 60 | 600 | Nonce verification recommended | ||
| #2694 | Squeeze – Image Optimization & Compression, WEBP Conversion | 41 | 20 | 70 | 2k+ | Nonce verification recommended | ||
| #2695 | StifLi Flex MCP – MCP Server with undo for ChatGPT, Claude & Gemini | 41 | 2 | 111 | 1k+ | Interpolated SQL is not prepared | ||
| #2696 | Feedback Company | 41 | 63 | 36 | 800 | Output is not escaped | ||
| #2697 | Threat Scan Plugin | 41 | 29 | 17 | 400 | Output is not escaped | ||
| #2698 | Visibility Logic for Elementor | 41 | 27 | 43 | 30k+ | Output is not escaped | ||
| #2699 | Abandoned Cart Recovery for WooCommerce | 41 | 20 | 202 | 4k+ | Request data is not unslashed | ||
| #2700 | M-Pesa(Kenya) Checkout for Woocommerce | 41 | 46 | 38 | 1k+ | Text Domain Mismatch |
