WordPress.PHP.DevelopmentFunctions.error_log_error_log
error log error log
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | Live Shopping & Shoppable Videos For WooCommerce | 0 | 78 | 175 | 400 | Non-prefixed global variable | ||
| #2 | JetBackup – Backup, Restore & Migrate | 10 | 1,559 | 145 | 100k+ | Exception output is not escaped | ||
| #3 | Efí Bank | 17 | 886 | 553 | 400 | Exception output is not escaped | ||
| #4 | JetFormBuilder — Dynamic Blocks Form Builder | 18 | 2,093 | 1,589 | 90k+ | Text Domain Mismatch | ||
| #5 | Podlove Podcast Publisher | 18 | 2,326 | 1,429 | 3k+ | Output is not escaped | ||
| #6 | RestroPress – Online Food Ordering System | 18 | 521 | 3,083 | 1k+ | Non-prefixed global variable | ||
| #7 | WPPizza – A Restaurant Plugin | 18 | 4,689 | 2,703 | 1k+ | Text Domain Mismatch | ||
| #8 | Download Monitor | 19 | 425 | 1,364 | 80k+ | Non-prefixed hook name | ||
| #9 | Go Fetch Jobs (for WP Job Manager) | 19 | 1,410 | 1,741 | 700 | Non-prefixed global variable | ||
| #10 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,909 | 878 | 100k+ | Exception output is not escaped | ||
| #11 | Netgsm | 19 | 338 | 298 | 1k+ | Setting is missing a sanitization callback | ||
| #12 | Realtyna Organic IDX plugin + WPL Real Estate | 19 | 947 | 3,653 | 2k+ | Non-prefixed global variable | ||
| #13 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | Missing Translators Comment | ||
| #14 | Membership Plugin – Kadence Memberships | 19 | 5,082 | 2,982 | 9k+ | Text Domain Mismatch | ||
| #15 | SendPress Newsletters | 19 | 2,293 | 1,422 | 2k+ | Output is not escaped | ||
| #16 | SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments | 19 | 526 | 1,119 | 90k+ | Non-prefixed global variable | ||
| #17 | WordLift – AI powered SEO – Schema | 19 | 393 | 955 | 400 | Non-prefixed hook name | ||
| #18 | WP Email Template | 19 | 342 | 350 | 2k+ | Exception output is not escaped | ||
| #19 | WPOSS阿里云对象存储 | 19 | 269 | 315 | 1k+ | Non-prefixed namespace | ||
| #20 | Broadstreet | 20 | 434 | 273 | 700 | Output is not escaped | ||
| #21 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) | 20 | 736 | 2,112 | 900 | Non-prefixed global variable | ||
| #22 | DMCA Protection Badge | 20 | 4,425 | 217 | 1k+ | Output is not escaped | ||
| #23 | Event Espresso – Event Registration & Ticketing Sales | 20 | 12,698 | 2,135 | 600 | Text Domain Mismatch | ||
| #24 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,435 | 3,575 | 100k+ | Output is not escaped | ||
| #25 | Leaky Paywall | 20 | 320 | 776 | 700 | Nonce verification recommended | ||
| #26 | Link Library | 20 | 1,941 | 1,397 | 10k+ | Unsafe printing function | ||
| #27 | MBE eShip | 20 | 527 | 740 | 1k+ | Non-prefixed global variable | ||
| #28 | Brevo – Email, SMS, Web Push, Chat, and more. | 20 | 460 | 646 | 100k+ | Request data is not unslashed | ||
| #29 | MAS Videos | 20 | 519 | 1,693 | 1k+ | Non-prefixed global variable | ||
| #30 | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | 20 | 1,292 | 2,683 | 9k+ | Output is not escaped | ||
| #31 | Microthemer Lite – Visual Editor to Customize CSS | 20 | 1,004 | 1,699 | 10k+ | Non-prefixed global variable | ||
| #32 | Nimble Page Builder | 20 | 1,591 | 1,684 | 30k+ | Missing Arg Domain | ||
| #33 | Shipping for Nova Poshta | 20 | 598 | 923 | 500 | Output is not escaped | ||
| #34 | پلاگین پرداخت دلخواه | 20 | 584 | 446 | 900 | Text Domain Mismatch | ||
| #35 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | 20 | 440 | 750 | 400 | Missing direct file access protection | ||
| #36 | Pix por Piggly (para Woocommerce) | 20 | 547 | 195 | 4k+ | Exception output is not escaped | ||
| #37 | SpeakOut! Email Petitions | 20 | 850 | 994 | 3k+ | Missing nonce verification | ||
| #38 | Events Manager – OpenStreetMaps | 20 | 559 | 444 | 700 | Output is not escaped | ||
| #39 | Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts | 20 | 866 | 338 | 1k+ | wp function not compatible with requires wp | ||
| #40 | Razorpay for WooCommerce | 20 | 974 | 855 | 100k+ | Non-prefixed function | ||
| #41 | Backup Migration | 21 | 981 | 1,093 | 80k+ | Non-prefixed global variable | ||
| #42 | Forumax – AI Powered Advanced Community Forum Plugin | 21 | 4,936 | 4,357 | 600 | Text Domain Mismatch | ||
| #43 | CallTrackingMetrics | 21 | 923 | 286 | 3k+ | Unsafe printing function | ||
| #44 | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | 21 | 462 | 654 | 200k+ | Text Domain Mismatch | ||
| #45 | Smart Grid-Layout Design for Contact Form 7 | 21 | 1,126 | 734 | 10k+ | Output is not escaped | ||
| #46 | Daily Prayer Time | 21 | 947 | 1,780 | 1k+ | Non-prefixed global variable | ||
| #47 | Free Downloads WooCommerce | 21 | 430 | 359 | 4k+ | Output is not escaped | ||
| #48 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | Output is not escaped | ||
| #49 | Ebook Store | 21 | 666 | 1,087 | 700 | Non-prefixed global variable | ||
| #50 | eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams | 21 | 186 | 437 | 9k+ | Non-prefixed global variable |
