WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2751 | WP Cron Cleaner | 42 | 51 | 38 | 500 | Unsafe printing function | ||
| #2752 | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | 42 | 2,583 | 1,823 | 10k+ | Text Domain Mismatch | ||
| #2753 | WP Fingerprint | 42 | 34 | 47 | 9k+ | Direct Query | ||
| #2754 | WP Mail Log | 42 | 42 | 29 | 10k+ | Text Domain Mismatch | ||
| #2755 | WP Post Redirect | 42 | 29 | 17 | 3k+ | Unsafe printing function | ||
| #2756 | Advanced All in One Admin Search by WP Spotlight | 42 | 25 | 25 | 1k+ | Missing Version | ||
| #2757 | Admin Menu Tree Page View | 43 | 17 | 69 | 10k+ | Nonce verification recommended | ||
| #2758 | Customize Snapshots | 43 | 9 | 42 | 500 | Nonce verification recommended | ||
| #2759 | Database Addon For WPForms ( wpforms entries ) – WPFormsDB | 43 | 17 | 53 | 20k+ | Nonce verification recommended | ||
| #2760 | F4 Total Stock Value for WooCommerce | 43 | 27 | 12 | 1k+ | Output is not escaped | ||
| #2761 | Floating Awesome Button (Sticky Button, Popup, Toast) & 200+ Website Custom Interactive Element | 43 | 66 | 109 | 800 | Missing direct file access protection | ||
| #2762 | Hash Form – Drag & Drop Form Builder | 43 | 9 | 273 | 4k+ | Non-prefixed global variable | ||
| #2763 | Live Copy Paste for Elementor – Cross Domain Copy Paste & Page Duplicator | 43 | 12 | 32 | 7k+ | Request data is not unslashed | ||
| #2764 | Pods Gravity Forms Add-On | 43 | 79 | 1k+ | Missing nonce verification | |||
| #2765 | Post title marquee scroll | 43 | 43 | 25 | 1k+ | Output is not escaped | ||
| #2766 | Qodax Checkout Manager – Checkout Field Editor for WooCommerce | 43 | 17 | 27 | 400 | Interpolated SQL is not prepared | ||
| #2767 | SQL Chart Builder | 43 | 12 | 39 | 600 | Non-prefixed global variable | ||
| #2768 | Term Management Tools | 43 | 9 | 26 | 10k+ | Non-prefixed hook name | ||
| #2769 | Terms Order WP – Categories And Taxonomies Order Plugin | 43 | 12 | 47 | 900 | Non-prefixed global variable | ||
| #2770 | Uber reCaptcha | 43 | 129 | 45 | 1k+ | Text Domain Mismatch | ||
| #2771 | Ultimate Member Widgets for Elementor – Login Form, Register Form & User Directory | 43 | 15 | 102 | 400 | Non-prefixed namespace | ||
| #2772 | User Role Editor | 43 | 117 | 145 | 700k+ | Output is not escaped | ||
| #2773 | User Session Control | 43 | 31 | 21 | 700 | Output is not escaped | ||
| #2774 | VA Simple Expires | 43 | 25 | 31 | 800 | Output is not escaped | ||
| #2775 | Checkout Field Manager (Checkout Manager) for WooCommerce | 43 | 161 | 154 | 90k+ | Non-prefixed global variable | ||
| #2776 | WP Hotel Booking WPML Support | 43 | 10 | 52 | 400 | Direct Query | ||
| #2777 | Creative Addons for Elementor | 44 | 63 | 100 | 800 | Missing Arg Domain | ||
| #2778 | Debug Bar Console | 44 | 23 | 9 | 1k+ | Missing Arg Domain | ||
| #2779 | ELEX WooCommerce Role Based Pricing | 44 | 213 | 196 | 2k+ | Non-prefixed global variable | ||
| #2780 | Github Embed | 44 | 18 | 35 | 1k+ | Non-prefixed global variable | ||
| #2781 | I Order Terms | 44 | 40 | 24 | 1k+ | Output is not escaped | ||
| #2782 | Narrative Publisher | 44 | 28 | 37 | 1k+ | Text Domain Mismatch | ||
| #2783 | Simple Full Screen Background Image | 44 | 23 | 13 | 10k+ | Output is not escaped | ||
| #2784 | Smart Archive Page Remove | 44 | 82 | 5 | 7k+ | Output is not escaped | ||
| #2785 | Smart Attachment Page Remove | 44 | 82 | 3 | 900 | Output is not escaped | ||
| #2786 | UiChemy — Figma Converter for Elementor, Gutenberg and Bricks | 44 | 7 | 85 | 9k+ | Nonce verification recommended | ||
| #2787 | Calculadora de Frete e Campos Checkout para o Brasil | 44 | 19 | 166 | 5k+ | Missing nonce verification | ||
| #2788 | WP Club Manager – WordPress Sports Club Plugin | 44 | 171 | 682 | 600 | Non-prefixed global variable | ||
| #2789 | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro | 45 | 26 | 117 | 20k+ | Non-prefixed hook name | ||
| #2790 | Extended Post Status | 45 | 27 | 27 | 1k+ | Output is not escaped | ||
| #2791 | Icons Font Loader – Load Web Fonts and Icon Libraries | 45 | 47 | 33 | 2k+ | Text Domain Mismatch | ||
| #2792 | Inazo's flamingo automatically delete old messages | 45 | 33 | 20 | 4k+ | Output is not escaped | ||
| #2793 | Evergreen Countdown Timer | 45 | 193 | 35 | 2k+ | wp function not compatible with requires wp | ||
| #2794 | JetHost Total Care – Security & Enhancements | 45 | 10 | 85 | 800 | Direct Query | ||
| #2795 | Jetpack Search | 45 | 925 | 426 | 5k+ | Text Domain Mismatch | ||
| #2796 | Popup Box – Easily Create WordPress Popups | 45 | 7 | 151 | 7k+ | Non-prefixed global variable | ||
| #2797 | Product Visibility by User Role for WooCommerce | 45 | 36 | 35 | 6k+ | Missing Translators Comment | ||
| #2798 | Related Posts By PickPlugins | 45 | 4 | 84 | 4k+ | Non-prefixed global variable | ||
| #2799 | Super Blank | 45 | 131 | 56 | 10k+ | Missing direct file access protection | ||
| #2800 | ARI Stream Quiz – WordPress Quizzes Builder | 46 | 21 | 239 | 2k+ | Non-prefixed global variable |
