WordPress.PHP.DevelopmentFunctions.error_log_error_log
error log error log
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #551 | Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager | 34 | 32 | 307 | 100k+ | Non-prefixed global variable | ||
| #552 | Datafeedr API | 34 | 307 | 48 | 6k+ | Output is not escaped | ||
| #553 | ePayco Plugin for WooCommerce | 34 | 155 | 136 | 3k+ | Text Domain Mismatch | ||
| #554 | FastPixel Cache – Optimize Page Speed: Compress Images, Minify, Clean Database & CDN | 34 | 49 | 324 | 4k+ | Request data is not unslashed | ||
| #555 | Forms: 3rd-Party Integration | 34 | 234 | 112 | 5k+ | Output is not escaped | ||
| #556 | Garden Gnome Package | 34 | 116 | 51 | 4k+ | Text Domain Mismatch | ||
| #557 | Inavii Social Feed – Live Social Proof Gallery | 34 | 532 | 180 | 9k+ | Text Domain Mismatch | ||
| #558 | IP2Location Country Blocker | 34 | 295 | 88 | 30k+ | Output is not escaped | ||
| #559 | Meow Lightbox | 34 | 75 | 52 | 10k+ | Non Singular String Literal Domain | ||
| #560 | Multi Step Form | 34 | 277 | 136 | 9k+ | Output is not escaped | ||
| #561 | Ni WooCommerce Custom Order Status | 34 | 256 | 139 | 2k+ | Text Domain Mismatch | ||
| #562 | One User Avatar | User Profile Picture | 34 | 68 | 190 | 100k+ | Non-prefixed global variable | ||
| #563 | Optima Express IDX | 34 | 71 | 237 | 10k+ | Non-prefixed class | ||
| #564 | Child Theme Creator by Orbisius | 34 | 86 | 39 | 10k+ | Output is not escaped | ||
| #565 | المنتور فارسی | 34 | 52 | 50 | 40k+ | curl curl setopt | ||
| #566 | PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget | 34 | 54 | 304 | 9k+ | Missing nonce verification | ||
| #567 | Throws SPAM Away | 34 | 327 | 123 | 10k+ | Missing Arg Domain | ||
| #568 | Tidio – Live Chat & AI Chatbots | 34 | 52 | 19 | 80k+ | curl curl setopt | ||
| #569 | Tools for Twitter | 34 | 135 | 87 | 1k+ | Output is not escaped | ||
| #570 | Easy Booking – WooCommerce Booking & Reservation Plugin | 34 | 138 | 172 | 4k+ | Output is not escaped | ||
| #571 | Product Tabs for WooCommerce | 34 | 196 | 93 | 10k+ | Text Domain Mismatch | ||
| #572 | WP Mail Logging | 34 | 76 | 258 | 300k+ | Nonce verification recommended | ||
| #573 | Advanced Custom Fields: Image Aspect Ratio Crop Field | 35 | 70 | 37 | 20k+ | Text Domain Mismatch | ||
| #574 | SOOZ – AI for SEO – Bulk Generate Focus Keyphrases, Metadata, Alt Text (SEO Autopilot) | 35 | 44 | 394 | 2k+ | Nonce verification recommended | ||
| #575 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | Non-prefixed global variable | ||
| #576 | BabyLoveGrowth Integration | 35 | 2 | 9 | 1k+ | Direct Query | ||
| #577 | BackWPup – WordPress Backup & Restore Plugin | 35 | 12 | 779 | 500k+ | Non-prefixed global variable | ||
| #578 | bbPress Notify (No-Spam) | 35 | 62 | 66 | 2k+ | wp function not compatible with requires wp | ||
| #579 | BotWriter – AI Writer & SEO Content Generator | 35 | 16 | 503 | 3k+ | Direct Query | ||
| #580 | Custom Order Status Manager for WooCommerce | 35 | 630 | 67 | 30k+ | Text Domain Mismatch | ||
| #581 | C3 Cloudfront Cache Controller | 35 | 109 | 60 | 3k+ | Non Singular String Literal Domain | ||
| #582 | CF7 Views – Complete Entry Management for Contact Form 7 | 35 | 172 | 181 | 1k+ | Output is not escaped | ||
| #583 | Cloudflare | 35 | 27 | 85 | 200k+ | Non-prefixed namespace | ||
| #584 | Cookie Information – Cookie Banner with Consent Mode v2 | 35 | 185 | 28 | 2k+ | Output is not escaped | ||
| #585 | Core Framework | 35 | 70 | 62 | 10k+ | Text Domain Mismatch | ||
| #586 | CrowdSec | 35 | 130 | 119 | 2k+ | Output is not escaped | ||
| #587 | Custom Order Numbers for WooCommerce | 35 | 5 | 54 | 20k+ | Non-prefixed hook name | ||
| #588 | Datafeedr Product Sets | 35 | 602 | 206 | 5k+ | Output is not escaped | ||
| #589 | Deposits & Partial Payments for WooCommerce | 35 | 172 | 144 | 5k+ | Text Domain Mismatch | ||
| #590 | DesignSetGo | 35 | 20 | 313 | 4k+ | Non-prefixed global variable | ||
| #591 | PiWeb Disable payment method / Partial payment for WooCommerce | 35 | 55 | 221 | 4k+ | Non-prefixed class | ||
| #592 | Disk Usage Sunburst | 35 | 30 | 34 | 9k+ | Output is not escaped | ||
| #593 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #594 | AI Popup Builder & Popup Maker by OptiMonk | 35 | 81 | 65 | 4k+ | Text Domain Mismatch | ||
| #595 | Pixel Cat – Conversion Pixel Manager | 35 | 253 | 215 | 40k+ | Output is not escaped | ||
| #596 | GA4WP – Analytics Dashboard for the Website | 35 | 434 | 157 | 2k+ | Text Domain Mismatch | ||
| #597 | Glossary | 35 | 169 | 93 | 2k+ | Non Singular String Literal Domain | ||
| #598 | Gravitec.net – Web Push Notifications | 35 | 47 | 52 | 1k+ | wp function not compatible with requires wp | ||
| #599 | Image Widget | 35 | 165 | 31 | 100k+ | Output is not escaped | ||
| #600 | Keyring | 35 | 233 | 203 | 1k+ | Output is not escaped |
