WordPress.PHP.DevelopmentFunctions.error_log_debug_backtrace
error log debug backtrace
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #251 | Custom Search by BestWebSoft – WordPress Custom Search Plugin | 30 | 454 | 228 | 900 | Text Domain Mismatch | ||
| #252 | Email Templates Customizer and Designer for WordPress and WooCommerce | 30 | 250 | 349 | 20k+ | Non-prefixed global variable | ||
| #253 | Sync Master Sheet – Product Sync with Google Sheet for WooCommerce | 30 | 136 | 300 | 400 | Non-prefixed global variable | ||
| #254 | QA Assistants – Driven by data | 30 | 4 | 867 | 2k+ | Non-prefixed global variable | ||
| #255 | Real Cookie Banner: GDPR & ePrivacy Cookie Consent | 30 | 9 | 496 | 100k+ | Database parameter is not escaped | ||
| #256 | Travelers' Map | 30 | 311 | 155 | 1k+ | Output is not escaped | ||
| #257 | User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress | 30 | 484 | 280 | 3k+ | Text Domain Mismatch | ||
| #258 | WooCommerce Stripe Payment Gateway | 30 | 173 | 591 | 700k+ | Non-prefixed hook name | ||
| #259 | WP Inventory Manager | 30 | 856 | 233 | 1k+ | Output is not escaped | ||
| #260 | YayPricing – WooCommerce Dynamic Pricing & Discounts | 30 | 174 | 186 | 3k+ | Non-prefixed global variable | ||
| #261 | YASR – Yet Another Star Rating Plugin for WordPress | 30 | 252 | 378 | 10k+ | Output is not escaped | ||
| #262 | APCu Manager | 31 | 153 | 136 | 10k+ | Output is not escaped | ||
| #263 | Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity | 31 | 122 | 131 | 2k+ | Output is not escaped | ||
| #264 | Patreon WordPress | 31 | 276 | 339 | 3k+ | Output is not escaped | ||
| #265 | Product Configurator for WooCommerce | 31 | 41 | 562 | 3k+ | Non-prefixed hook name | ||
| #266 | Query Monitor | 31 | 44 | 273 | 200k+ | Non-prefixed class | ||
| #267 | WP Easy Uploader | 31 | 202 | 113 | 600 | Non Singular String Literal Domain | ||
| #268 | Zendesk Support for WordPress | 31 | 195 | 88 | 2k+ | Output is not escaped | ||
| #269 | Ultimate WooCommerce Filters | 32 | 322 | 207 | 600 | Unsafe printing function | ||
| #270 | Currency Switcher for WooCommerce | 32 | 357 | 263 | 10k+ | Text Domain Mismatch | ||
| #271 | FA Lite – WP responsive slider plugin | 32 | 726 | 140 | 500 | Unsafe printing function | ||
| #272 | Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages | 32 | 53 | 776 | 8k+ | Nonce verification recommended | ||
| #273 | Pagination by BestWebSoft – Customizable WordPress Content Splitter and Navigation Plugin | 32 | 446 | 173 | 5k+ | Text Domain Mismatch | ||
| #274 | DEPRECATED – Shipmondo – A complete shipping solution for WooCommerce | 32 | 166 | 119 | 5k+ | Output is not escaped | ||
| #275 | Volunteer Sign Up Sheets | 32 | 967 | 401 | 1k+ | Output is not escaped | ||
| #276 | Stock Locations for WooCommerce | 32 | 549 | 360 | 1k+ | Output is not escaped | ||
| #277 | wpDirAuth | 32 | 250 | 135 | 500 | wp function not compatible with requires wp | ||
| #278 | Five Star Business Profile and Schema | 33 | 289 | 138 | 7k+ | Output is not escaped | ||
| #279 | Chatbot with IBM watsonx Assistant | 33 | 324 | 83 | 400 | Non Singular String Literal Domain | ||
| #280 | Five Star Restaurant Reviews | 33 | 242 | 142 | 400 | Output is not escaped | ||
| #281 | Comments – GraphComment | AI-Moderated Comment System | 33 | 191 | 177 | 400 | Unsafe printing function | ||
| #282 | Molongui Post Contributors: Multi-Role Contributor Attribution | 33 | 240 | 162 | 400 | Output is not escaped | ||
| #283 | Social Rocket – Social Sharing Plugin | 33 | 1,016 | 255 | 1k+ | Unsafe printing function | ||
| #284 | Min Max Control – Min Max Quantity & Step Control for WooCommerce | 33 | 96 | 215 | 10k+ | Non-prefixed global variable | ||
| #285 | Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager | 34 | 32 | 307 | 100k+ | Non-prefixed global variable | ||
| #286 | Route ‑ Shipping Protection | 34 | 64 | 150 | 500 | Missing nonce verification | ||
| #287 | bbPress Notify (No-Spam) | 35 | 62 | 66 | 2k+ | wp function not compatible with requires wp | ||
| #288 | BuddyPress Activity Filter | 35 | 25 | 66 | 400 | Nonce verification recommended | ||
| #289 | Instapage Plugin | 35 | 220 | 45 | 4k+ | Output is not escaped | ||
| #290 | Less PHP Compiler | 35 | 163 | 47 | 3k+ | Exception output is not escaped | ||
| #291 | OSM Map Widget for Elementor | 35 | 183 | 14 | 9k+ | Text Domain Mismatch | ||
| #292 | ReOrder Posts within Categories | 35 | 39 | 207 | 7k+ | Non-prefixed global variable | ||
| #293 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 86 | 1m+ | Input is not sanitized | ||
| #294 | Square Thumbnails | 35 | 43 | 317 | 800 | error log error log | ||
| #295 | SweepPress: Website Cleanup and Optimization | 35 | 71 | 176 | 500 | Non-prefixed global variable | ||
| #296 | Backend Payments for WooCommerce | 35 | 63 | 42 | 900 | Exception output is not escaped | ||
| #297 | Mail logging – WP Mail Catcher | 35 | 232 | 157 | 20k+ | Text Domain Mismatch | ||
| #298 | WP-Persian | 35 | 144 | 37 | 7k+ | Unsafe printing function | ||
| #299 | Year Make Model Search for WooCommerce | 35 | 188 | 162 | 1k+ | Output is not escaped | ||
| #300 | Yotpo: Product & Photo Reviews for WooCommerce | 35 | 24 | 189 | 2k+ | Non-prefixed function |