WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
error log debug backtrace
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | Order Bump for WooCommerce | 23 | 1,720 | 1,562 | 600 | Output is not escaped | ||
| #102 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | Non-prefixed global variable | ||
| #103 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | Exception output is not escaped | ||
| #104 | ExpressTechSoftwares Discord Add-on for Paid Memberships Pro | 23 | 454 | 449 | 700 | Text Domain Mismatch | ||
| #105 | Postie | 23 | 407 | 261 | 10k+ | Output is not escaped | ||
| #106 | Pricing Table by Supsystic | 23 | 1,299 | 447 | 10k+ | Non Singular String Literal Domain | ||
| #107 | Manago AI & Leadoo AI | 23 | 644 | 429 | 1k+ | Unsafe printing function | ||
| #108 | Seraphinite Post .DOCX Source | 23 | 1,156 | 110 | 900 | Output is not escaped | ||
| #109 | Shipment Tracker for Woocommerce | 23 | 462 | 559 | 2k+ | Missing Arg Domain | ||
| #110 | Local Google Analytics for WordPress – caches external requests | 23 | 551 | 199 | 3k+ | Output is not escaped | ||
| #111 | Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management | 23 | 295 | 298 | 4k+ | Non-prefixed global variable | ||
| #112 | Image Optimizer, Resizer and CDN – Sirv | 23 | 616 | 1,004 | 1k+ | Output is not escaped | ||
| #113 | Site Reviews | 23 | 1,625 | 603 | 60k+ | Output is not escaped | ||
| #114 | The Events Calendar | 23 | 3,511 | 3,851 | 700k+ | Text Domain Mismatch | ||
| #115 | W3 Total Cache | 23 | 307 | 678 | 900k+ | Non-prefixed global variable | ||
| #116 | WP All Import – Product Import for WooCommerce | 23 | 1,475 | 209 | 20k+ | Non Singular String Literal Domain | ||
| #117 | WP-Lister Lite for Amazon | 23 | 3,061 | 4,177 | 800 | Output is not escaped | ||
| #118 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | Missing Translators Comment | ||
| #119 | WPCal.io – Easy Meeting Scheduler | 23 | 694 | 595 | 900 | Direct Query | ||
| #120 | XT Ajax Add To Cart for WooCommerce | 23 | 1,003 | 1,690 | 1k+ | Non-prefixed global variable | ||
| #121 | XT Quick View for WooCommerce | 23 | 1,079 | 1,829 | 400 | Non-prefixed global variable | ||
| #122 | XT Variation Swatches for WooCommerce | 23 | 1,051 | 1,834 | 600 | Non-prefixed global variable | ||
| #123 | 404 Solution | 24 | 486 | 1,338 | 10k+ | Non-prefixed class | ||
| #124 | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | 24 | 5,230 | 1,464 | 7k+ | Output is not escaped | ||
| #125 | Ad Inserter – Ad Manager & AdSense Ads | 24 | 4,260 | 812 | 300k+ | Output is not escaped | ||
| #126 | Ivory Search – WordPress Search Plugin | 24 | 1,173 | 1,688 | 100k+ | Non-prefixed global variable | ||
| #127 | Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces | 24 | 2,248 | 3,338 | 10k+ | slow db query meta key | ||
| #128 | Bookit — Booking & Appointment Calendar | 24 | 566 | 1,456 | 4k+ | Non-prefixed global variable | ||
| #129 | Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor | 24 | 1,025 | 984 | 4k+ | Text Domain Mismatch | ||
| #130 | Bulk Edit and Create User Profiles – WP Sheet Editor | 24 | 979 | 969 | 1k+ | Text Domain Mismatch | ||
| #131 | Message Filter for Contact Form 7 | 24 | 1,057 | 1,594 | 1k+ | Non-prefixed global variable | ||
| #132 | Kognetiks Chatbot for WordPress | 24 | 651 | 1,486 | 600 | Non-prefixed global variable | ||
| #133 | Contact Form by Supsystic | 24 | 1,913 | 633 | 6k+ | Non Singular String Literal Domain | ||
| #134 | Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress | 24 | 529 | 357 | 1k+ | Text Domain Mismatch | ||
| #135 | Custom CSS | 24 | 703 | 657 | 1k+ | Output is not escaped | ||
| #136 | Enable Media Replace | 24 | 212 | 276 | 600k+ | Output is not escaped | ||
| #137 | Event Tickets and Registration | 24 | 3,411 | 4,217 | 90k+ | Non-prefixed global variable | ||
| #138 | Etsy Integration For WooCommerce | 24 | 1,246 | 4,643 | 900 | Non-prefixed global variable | ||
| #139 | F12 Profiler | 24 | 282 | 451 | 500 | Direct Query | ||
| #140 | Fattura24 | 24 | 312 | 333 | 400 | Output is not escaped | ||
| #141 | FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | 24 | 193 | 753 | 80k+ | Direct Query | ||
| #142 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | 24 | 826 | 1,314 | 600k+ | Non-prefixed global variable | ||
| #143 | Photo Gallery – Responsive Image Galleries by Supsystic | 24 | 240 | 91 | 20k+ | Text Domain Mismatch | ||
| #144 | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | 24 | 536 | 324 | 10k+ | Text Domain Mismatch | ||
| #145 | Assets manager, dequeue scripts, dequeue styles for WordPress | 24 | 592 | 255 | 2k+ | Output is not escaped | ||
| #146 | Simple Calendar – Google Calendar Plugin | 24 | 2,053 | 592 | 50k+ | Missing direct file access protection | ||
| #147 | Keap Official Opt-in Forms | 24 | 829 | 1,046 | 1k+ | Non-prefixed global variable | ||
| #148 | Social Slider Feed – Social Media Feed & Gallery Widgets | 24 | 929 | 707 | 20k+ | Non-prefixed global variable | ||
| #149 | Dynamics 365 Integration | 24 | 383 | 166 | 600 | Output is not escaped | ||
| #150 | Joli Table Of Contents | 24 | 653 | 1,755 | 7k+ | Non-prefixed global variable |