WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2701 | WPC Product Bundles for WooCommerce | 41 | 23 | 141 | 30k+ | Request data is not unslashed | ||
| #2702 | Country Based Restrictions for WooCommerce | 41 | 27 | 67 | 5k+ | Request data is not unslashed | ||
| #2703 | WP Lorem ipsum | 41 | 37 | 29 | 500 | Unsafe printing function | ||
| #2704 | WP Media folders | 41 | 19 | 74 | 3k+ | Direct Query | ||
| #2705 | WP Test Email | 41 | 32 | 28 | 20k+ | Unsafe printing function | ||
| #2706 | WPS Hide Login | 41 | 34 | 72 | 2m+ | Nonce verification recommended | ||
| #2707 | Agoda Affiliate Partners Text Link Generator | 42 | 4 | 40 | 500 | Interpolated SQL is not prepared | ||
| #2708 | Post Grid Master — Post Grids & AJAX Filters | 42 | 44 | 115 | 1k+ | Non-prefixed global variable | ||
| #2709 | BP Auto Group Join | 42 | 55 | 55 | 700 | Output is not escaped | ||
| #2710 | Comment Reply Email | 42 | 21 | 23 | 500 | Unsafe printing function | ||
| #2711 | Companion Revision Manager – Revision Control | 42 | 18 | 28 | 4k+ | Unsafe printing function | ||
| #2712 | Custom Admin Page by BestWebSoft – Configurable WordPress Dashboard Pages Plugin | 42 | 472 | 181 | 400 | Text Domain Mismatch | ||
| #2713 | Custom Fields for Gutenberg | 42 | 24 | 24 | 1k+ | Output is not escaped | ||
| #2714 | Custom Taxonomy Order | 42 | 20 | 56 | 50k+ | Output is not escaped | ||
| #2715 | Delete Expired Transients | 42 | 49 | 65 | 5k+ | Direct Query | ||
| #2716 | Enable Classic Editor & Widgets | 42 | 106 | 6 | 3k+ | Non Singular String Literal Domain | ||
| #2717 | Etsy Shop | 42 | 58 | 21 | 3k+ | Unsafe printing function | ||
| #2718 | Exclude Pages | 42 | 31 | 14 | 30k+ | Non Singular String Literal Domain | ||
| #2719 | FormCraft – Form Builder | 42 | 186 | 156 | 2k+ | Text Domain Mismatch | ||
| #2720 | Gelato Integration for WooCommerce | 42 | 36 | 32 | 5k+ | Output is not escaped | ||
| #2721 | Geo Blocker – Control Site Access by Region and IP | 42 | 10 | 64 | 900 | Direct Query | ||
| #2722 | Hide Cart Functions | 42 | 12 | 50 | 3k+ | Nonce verification recommended | ||
| #2723 | Image Uploader for Welcart | 42 | 27 | 24 | 3k+ | Output is not escaped | ||
| #2724 | WP All Import – Import SEO Settings for Rank Math SEO | 42 | 18 | 44 | 7k+ | Nonce verification recommended | ||
| #2725 | LeadSnap | 42 | 14 | 84 | 1k+ | Input is not validated | ||
| #2726 | Manage User Columns | 42 | 15 | 27 | 1k+ | Request data is not unslashed | ||
| #2727 | Mass Delete Unused Tags | 42 | 21 | 9 | 900 | Output is not escaped | ||
| #2728 | Nav Menu Collapse | 42 | 17 | 39 | 3k+ | Missing nonce verification | ||
| #2729 | PDF Thumbnail Generator | 42 | 26 | 16 | 2k+ | Output is not escaped | ||
| #2730 | Post Types Order | 42 | 45 | 43 | 600k+ | wp function not compatible with requires wp | ||
| #2731 | WP Email Log – PostBox | 42 | 2 | 81 | 700 | Nonce verification recommended | ||
| #2732 | Product Price History for WooCommerce | 42 | 101 | 800 | Nonce verification recommended | |||
| #2733 | Proxy & VPN Blocker | 42 | 10 | 72 | 1k+ | Nonce verification recommended | ||
| #2734 | Rename wp-admin login | 42 | 23 | 38 | 8k+ | Output is not escaped | ||
| #2735 | Republish Old Posts | 42 | 83 | 24 | 2k+ | Output is not escaped | ||
| #2736 | Reusable Blocks Extended | 42 | 38 | 15 | 20k+ | Output is not escaped | ||
| #2737 | Secure Passkeys | 42 | 146 | 76 | 1k+ | Exception output is not escaped | ||
| #2738 | Sendcloud Shipping | 42 | 78 | 56 | 5k+ | Output is not escaped | ||
| #2739 | Set All First Images As Featured | 42 | 44 | 13 | 700 | Text Domain Mismatch | ||
| #2740 | Simple Googlebot Visit | 42 | 32 | 67 | 1k+ | Non Singular String Literal Domain | ||
| #2741 | Speed Contact Bar | 42 | 53 | 20 | 5k+ | Output is not escaped | ||
| #2742 | Starter Sites | 42 | 62 | 25 | 1k+ | Output is not escaped | ||
| #2743 | Transients Manager | 42 | 45 | 50 | 20k+ | Output is not escaped | ||
| #2744 | Ultimate Category Excluder | 42 | 22 | 26 | 50k+ | Missing nonce verification | ||
| #2745 | Ultimate Coming Soon Page, Maintenance Mode & Under Construction – Gutenberg Block Builder & Landing Page | 42 | 15 | 89 | 9k+ | Non-prefixed global variable | ||
| #2746 | WC Price History | 42 | 18 | 21 | 4k+ | Database parameter is not escaped | ||
| #2747 | Auto Coupons for WooCommerce | 42 | 81 | 68 | 4k+ | Output is not escaped | ||
| #2748 | WPC Order Notes for WooCommerce | 42 | 24 | 41 | 900 | Output is not escaped | ||
| #2749 | WP Author Security | 42 | 40 | 13 | 500 | Output is not escaped | ||
| #2750 | WP Before After Image Slider – Interactive Image and Video Comparison Plugin for WordPress | 42 | 112 | 17 | 1k+ | Text Domain Mismatch |
