WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2801 | SX User Name Security | 46 | 42 | 9 | 900 | Output is not escaped | ||
| #2802 | Widget Disable | 46 | 19 | 19 | 10k+ | Output is not escaped | ||
| #2803 | WP All Import – Import SEO Settings for Yoast SEO | 46 | 19 | 26 | 20k+ | Nonce verification recommended | ||
| #2804 | 404 Image Redirection (Replace Broken Images) | 47 | 118 | 85 | 500 | Text Domain Mismatch | ||
| #2805 | Delete Duplicate Posts | 47 | 9 | 50 | 10k+ | Direct Query | ||
| #2806 | DPO Pay for WooCommerce | 47 | 28 | 41 | 1k+ | Non Singular String Literal Text | ||
| #2807 | Show IDs by Echo | 47 | 21 | 13 | 2k+ | Output is not escaped | ||
| #2808 | Extended CRM for Users Insights | 47 | 11 | 23 | 400 | Missing nonce verification | ||
| #2809 | Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator | 47 | 44 | 83 | 10k+ | Missing direct file access protection | ||
| #2810 | Log Emails | 47 | 19 | 29 | 6k+ | Non-prefixed global variable | ||
| #2811 | Real Media Library: Media Library Folder & File Manager | 47 | 1 | 365 | 100k+ | Direct Query | ||
| #2812 | Security Ninja For MainWP | 47 | 246 | 71 | 500 | Text Domain Mismatch | ||
| #2813 | Tabby Checkout | 47 | 33 | 46 | 4k+ | Non-prefixed class | ||
| #2814 | Taxonomy Switcher | 47 | 23 | 36 | 2k+ | Nonce verification recommended | ||
| #2815 | The Tribal Plugin | 47 | 43 | 62 | 800 | Non-prefixed function | ||
| #2816 | Userback | 47 | 13 | 20 | 2k+ | Output is not escaped | ||
| #2817 | Simple Client Dashboard | 47 | 38 | 36 | 2k+ | Missing direct file access protection | ||
| #2818 | Website Article Monetization By MageNet | 47 | 17 | 24 | 10k+ | Output is not escaped | ||
| #2819 | FedaPay Gateway for WooCommerce | 47 | 24 | 11 | 700 | Output is not escaped | ||
| #2820 | WP Prefix Changer | 47 | 27 | 16 | 900 | Missing Arg Domain | ||
| #2821 | QuadLayers TikTok Feed | 47 | 78 | 52 | 7k+ | Text Domain Mismatch | ||
| #2822 | Post Status Notifications | 47 | 98 | 41 | 1k+ | Text Domain Mismatch | ||
| #2823 | Compress, Resize & Lazy Load Images – WPvivid Image Optimization | 47 | 107 | 58 | 10k+ | Missing direct file access protection | ||
| #2824 | XML Sitemap & Google News | 47 | 270 | 224 | 100k+ | Non-prefixed global variable | ||
| #2825 | Add-on WooCommerce – MailPoet 3 | 48 | 30 | 21 | 600 | Output is not escaped | ||
| #2826 | AffiliateWP – Store Credit | 48 | 47 | 21 | 400 | Output is not escaped | ||
| #2827 | AnWP Post Grid and Post Carousel Slider for Elementor | 48 | 758 | 171 | 20k+ | Text Domain Mismatch | ||
| #2828 | Comment Notifier | 48 | 10 | 55 | 400 | Non-prefixed global variable | ||
| #2829 | Better Badge – Custom Product Badges for WooCommerce | 48 | 21 | 47 | 500 | Non Singular String Literal Domain | ||
| #2830 | Disable Author Pages | 48 | 23 | 5 | 6k+ | Unsafe printing function | ||
| #2831 | Jetpack Social | 48 | 829 | 254 | 30k+ | Text Domain Mismatch | ||
| #2832 | Library Bookshelves | 48 | 12 | 59 | 500 | Nonce verification recommended | ||
| #2833 | Seznam Webmaster | 48 | 47 | 8 | 700 | Output is not escaped | ||
| #2834 | Simple Custom Post Order | 48 | 10 | 77 | 300k+ | Direct Query | ||
| #2835 | FlexStock – Product Stock Sync with Google Sheets for WooCommerce | 48 | 241 | 700 | Direct Query | |||
| #2836 | Easy Updates Manager | 48 | 13 | 182 | 300k+ | Non-prefixed global variable | ||
| #2837 | Tako Movable Comments | 48 | 18 | 39 | 1k+ | Input is not sanitized | ||
| #2838 | WPC Smart Wishlist for WooCommerce | 48 | 44 | 38 | 100k+ | Output is not escaped | ||
| #2839 | WP Attachment Export | 48 | 16 | 25 | 600 | Input is not sanitized | ||
| #2840 | wp-Monalisa | 48 | 56 | 94 | 700 | Direct Query | ||
| #2841 | WP Remote Users Sync | 48 | 355 | 117 | 6k+ | Text Domain Mismatch | ||
| #2842 | WS Action Scheduler Cleaner | 48 | 13 | 80 | 2k+ | error log error log | ||
| #2843 | SiteEase Bulk Delete Manager | 49 | 50 | 72 | 900 | Direct Query | ||
| #2844 | Analytics by BestWebSoft – Google Analytics Dashboard and Statistic Plugin for WordPress | 49 | 478 | 176 | 1k+ | Text Domain Mismatch | ||
| #2845 | CryptAPI Payment Gateway for WooCommerce | 49 | 185 | 23 | 400 | Text Domain Mismatch | ||
| #2846 | CIO Custom Fields Importer | 49 | 23 | 8 | 500 | Output is not escaped | ||
| #2847 | Download Media Library | 49 | 22 | 40 | 1k+ | Text Domain Mismatch | ||
| #2848 | Drag and Drop Multiple File Upload for WooCommerce | 49 | 114 | 29 | 5k+ | Text Domain Mismatch | ||
| #2849 | GDPR Tools: comment ip removement | 49 | 18 | 13 | 2k+ | Unsafe printing function | ||
| #2850 | Easy Property Listings | 49 | 60 | 66 | 5k+ | wp function not compatible with requires wp |