WordPress.DB.DirectDatabaseQuery.NoCaching
No Caching
The plugin runs a direct database query instead of using a higher-level WordPress API or cache-aware pattern.
Why It Shows Up
Plugin Check found `$wpdb` access that queries the database directly, changes schema, or bypasses normal caching expectations.
Why It Matters
Direct queries can be correct, but they are easier to make unsafe, slower at scale, and harder for WordPress to cache or filter.
How to Fix
- Use WordPress APIs such as post, term, metadata, option, or user functions when they fit the task.
- If direct SQL is necessary, prepare dynamic values and add a clear caching strategy for repeated reads.
- Keep schema changes in activation or upgrade routines and make them idempotent.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #2901 | REST API Log | 51 | 44 | 95 | 5k+ | Non-prefixed hook name | ||
| #2902 | YayMail – WooCommerce Email Customizer | 51 | 163 | 788 | 50k+ | Non-prefixed global variable | ||
| #2903 | Check Pincode For WooCommerce | 52 | 55 | 400 | Direct Query | |||
| #2904 | Fullscreen Galleria | 52 | 37 | 10 | 800 | Output is not escaped | ||
| #2905 | Request a Quote for WooCommerce – Get a Quote Button | 52 | 25 | 12 | 6k+ | Output is not escaped | ||
| #2906 | MB Custom Post Types & Custom Taxonomies | 52 | 9 | 49 | 10k+ | Nonce verification recommended | ||
| #2907 | Metronet Tag Manager | 52 | 17 | 36 | 20k+ | Input is not validated | ||
| #2908 | Post Notification by Email | 52 | 36 | 13 | 2k+ | Output is not escaped | ||
| #2909 | SEOWriting | 52 | 10 | 24 | 30k+ | Output is not escaped | ||
| #2910 | SKU Generator for WooCommerce | 52 | 29 | 12 | 2k+ | Output is not escaped | ||
| #2911 | Stealth Publish | 52 | 7 | 22 | 900 | Missing nonce verification | ||
| #2912 | Notiqoo – Order Notification & Customer Chat for WooCommerce | 52 | 11 | 187 | 1k+ | Non-prefixed global variable | ||
| #2913 | Wenprise Pinyin Slug | 52 | 30 | 34 | 4k+ | Text Domain Mismatch | ||
| #2914 | Price Based on Country for WooCommerce | 52 | 43 | 126 | 20k+ | Non-prefixed hook name | ||
| #2915 | Automattic For Agencies Client | 53 | 249 | 184 | 20k+ | Text Domain Mismatch | ||
| #2916 | Connect Contact Form 7 and Mailchimp | 53 | 236 | 52 | 40k+ | Text Domain Mismatch | ||
| #2917 | Export Custom Pages | 53 | 22 | 19 | 700 | Output is not escaped | ||
| #2918 | FakerPress | 53 | 66 | 152 | 10k+ | Non-prefixed global variable | ||
| #2919 | LearnPress – bbPress Integration | 53 | 19 | 14 | 2k+ | Output is not escaped | ||
| #2920 | Multiple Post Thumbnails | 53 | 25 | 18 | 20k+ | Output is not escaped | ||
| #2921 | Pinterest for WooCommerce | 53 | 44 | 30 | 300k+ | Exception output is not escaped | ||
| #2922 | Preserved HTML Editor Markup | 53 | 12 | 22 | 600 | Output is not escaped | ||
| #2923 | Preserved HTML Editor Markup Plus | 53 | 12 | 22 | 3k+ | Output is not escaped | ||
| #2924 | Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely | 53 | 34 | 90 | 20k+ | Database parameter is not escaped | ||
| #2925 | Texty – SMS Notification for WordPress, WooCommerce, Dokan and more | 53 | 31 | 34 | 8k+ | Output is not escaped | ||
| #2926 | Morning for WooCommerce | 53 | 7 | 59 | 1k+ | Non-prefixed global variable | ||
| #2927 | Customizable Post Listings | 54 | 42 | 13 | 700 | Deprecated parameter: the_author parameter 1 | ||
| #2928 | Cyr-To-Lat | 54 | 16 | 48 | 300k+ | Dynamic hook name | ||
| #2929 | Expanding Archives | 54 | 37 | 9 | 3k+ | Output is not escaped | ||
| #2930 | Extended User Search In WP-Admin | 54 | 14 | 17 | 1k+ | SQL query is not prepared | ||
| #2931 | Helpie FAQ — Accordion, Docs & Knowledge Base | 54 | 96 | 89 | 9k+ | Nonce verification recommended | ||
| #2932 | MSN Partner Hub | 54 | 21 | 25 | 1k+ | Missing direct file access protection | ||
| #2933 | SimplyBook.me – Booking and reservations calendar | 54 | 31 | 13 | 30k+ | Exception output is not escaped | ||
| #2934 | WP Call Button – Easy Click to Call Button for WordPress | 54 | 21 | 38 | 40k+ | Non-prefixed global variable | ||
| #2935 | WP Menu Icons | 54 | 68 | 52 | 20k+ | Text Domain Mismatch | ||
| #2936 | Accordions | 55 | 1 | 101 | 20k+ | slow db query meta query | ||
| #2937 | Quick Buy Now Button for WooCommerce | 55 | 37 | 39 | 5k+ | Output is not escaped | ||
| #2938 | Easy Quotes | 55 | 11 | 31 | 700 | Direct Query | ||
| #2939 | Enhanced Category Pages | 55 | 23 | 25 | 2k+ | Direct Query | ||
| #2940 | Go Live Update Urls | 55 | 11 | 49 | 80k+ | Non-prefixed hook name | ||
| #2941 | JetWidgets For Elementor | 55 | 99 | 279 | 10k+ | Non-prefixed global variable | ||
| #2942 | LoginPress | wp-login Custom Login Page Customizer | 55 | 124 | 301 | 200k+ | Non-prefixed function | ||
| #2943 | Fast Page & Post Duplicator | 55 | 12 | 25 | 60k+ | Direct Query | ||
| #2944 | Page Tagger | 55 | 30 | 10 | 2k+ | Output is not escaped | ||
| #2945 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | 55 | 54 | 692 | 700k+ | Non-prefixed hook name | ||
| #2946 | ProductFrame – Curated products from affiliate feeds | 55 | 3 | 85 | 400 | Direct Query | ||
| #2947 | Themeflection Numbers – Number Counter and Animated Numbers | 55 | 224 | 73 | 3k+ | Text Domain Mismatch | ||
| #2948 | VS Contact Form | 55 | 3 | 318 | 7k+ | Non-prefixed global variable | ||
| #2949 | VK Block Patterns | 55 | 8 | 61 | 100k+ | Non-prefixed function | ||
| #2950 | AI Copilot – ChatGPT Chatbot & AI Engine for Post Automation | 56 | 65 | 20 | 1k+ | Text Domain Mismatch |