WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
error log debug backtrace
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,346 | 3,341 | 70k+ | Non-prefixed global variable | ||
| #52 | Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | 22 | 207 | 323 | 500k+ | Non-prefixed global variable | ||
| #53 | Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress | 22 | 919 | 1,230 | 10k+ | Output is not escaped | ||
| #54 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,266 | 2,059 | 100k+ | Non-prefixed global variable | ||
| #55 | WP OAuth Server (OAuth Authentication) | 22 | 189 | 347 | 3k+ | Non-prefixed function | ||
| #56 | oik | 22 | 489 | 180 | 2k+ | Non Singular String Literal Domain | ||
| #57 | PagBank / PagSeguro Connect para WooCommerce | 22 | 504 | 743 | 4k+ | Non-prefixed global variable | ||
| #58 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | Non Singular String Literal Domain | ||
| #59 | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | 22 | 1,581 | 2,326 | 300k+ | Non-prefixed global variable | ||
| #60 | PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP | 22 | 984 | 407 | 5k+ | Unsafe printing function | ||
| #61 | RabbitLoader Cache: Optimize your Website for Speed | 22 | 241 | 163 | 2k+ | Output is not escaped | ||
| #62 | SALESmanago & Leadoo | 22 | 645 | 429 | 1k+ | Unsafe printing function | ||
| #63 | Sellsy | 22 | 586 | 490 | 400 | Non Singular String Literal Domain | ||
| #64 | Seraphinite Accelerator | 22 | 594 | 255 | 50k+ | Output is not escaped | ||
| #65 | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | 22 | 1,044 | 799 | 300k+ | Non-prefixed global variable | ||
| #66 | NextScripts: Social Networks Auto-Poster | 22 | 2,408 | 1,133 | 30k+ | Output is not escaped | ||
| #67 | RapidLoad AI – Optimize Web Vitals Automatically | 22 | 81 | 840 | 800 | Nonce verification recommended | ||
| #68 | Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links | 22 | 1,044 | 1,797 | 20k+ | Non-prefixed global variable | ||
| #69 | UpStream: a Project Management Plugin for WordPress | 22 | 683 | 703 | 600 | Non-prefixed global variable | ||
| #70 | URL Shortify – Simple and Easy URL Shortener | 22 | 1,520 | 2,689 | 10k+ | Non-prefixed global variable | ||
| #71 | Wenprise WeChatPay Payment Gateway For WooCommerce | 22 | 443 | 178 | 400 | Exception output is not escaped | ||
| #72 | WooCommerce | 22 | 1,359 | 6,171 | 7m+ | Non-prefixed global variable | ||
| #73 | Advanced AJAX Product Filters | 22 | 2,683 | 1,205 | 50k+ | Text Domain Mismatch | ||
| #74 | ManageWP Worker | 22 | 507 | 565 | 1m+ | Non-prefixed class | ||
| #75 | WP Fusion Lite – Marketing Automation and CRM Integration for WordPress | 22 | 275 | 683 | 5k+ | Nonce verification recommended | ||
| #76 | WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript | 22 | 164 | 257 | 9k+ | Non-prefixed constant | ||
| #77 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception output is not escaped | ||
| #78 | WPSSO Core – Complete Schema Markup and Meta Tags | 22 | 1,407 | 412 | 5k+ | Missing Translators Comment | ||
| #79 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | Exception output is not escaped | ||
| #80 | Recipe Cards For Your Food Blog from Zip Recipes | 22 | 1,126 | 1,731 | 1k+ | Non-prefixed global variable | ||
| #81 | Advanced Custom Fields: Extended | 23 | 1,885 | 329 | 100k+ | Text Domain Mismatch | ||
| #82 | Affiliate Super Assistent | 23 | 1,280 | 267 | 2k+ | Text Domain Mismatch | ||
| #83 | Autoptimize | 23 | 288 | 191 | 800k+ | Output is not escaped | ||
| #84 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | Missing Translators Comment | ||
| #85 | Business Directory Plugin – Easy Listing Directories for WordPress | 23 | 611 | 1,058 | 10k+ | Non-prefixed global variable | ||
| #86 | Geo Controller | 23 | 203 | 544 | 1k+ | Non-prefixed global variable | ||
| #87 | Church Admin | 23 | 1,643 | 4,202 | 900 | Direct Query | ||
| #88 | Classified Listing – AI-Powered Classified ads & Business Directory | 23 | 155 | 2,074 | 9k+ | Non-prefixed global variable | ||
| #89 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | Non-prefixed namespace | ||
| #90 | Flexmls® IDX Plugin | 23 | 1,268 | 957 | 1k+ | Output is not escaped | ||
| #91 | Freshdesk (official) | 23 | 194 | 386 | 900 | Non-prefixed function | ||
| #92 | Houzez Property Feed | 23 | 1,464 | 1,615 | 1k+ | Text Domain Mismatch | ||
| #93 | Joli FAQ SEO – WordPress FAQ Plugin | 23 | 1,083 | 1,526 | 700 | Non-prefixed global variable | ||
| #94 | Justified Gallery | 23 | 589 | 1,417 | 8k+ | Non-prefixed global variable | ||
| #95 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #96 | Link Whisper Free | 23 | 3,882 | 5,303 | 30k+ | Text Domain Mismatch | ||
| #97 | Locatoraid Store Locator | 23 | 319 | 645 | 1k+ | Non-prefixed global variable | ||
| #98 | Login With Ajax – Fast Logins, 2FA, Redirects | 23 | 623 | 520 | 10k+ | Output is not escaped | ||
| #99 | Order Bump for WooCommerce | 23 | 1,720 | 1,562 | 700 | Output is not escaped | ||
| #100 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | Non-prefixed global variable |
