WordPress.PHP.DevelopmentFunctions.error_log_print_r
error log print r
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #851 | Ni WooCommerce Custom Order Status | 34 | 256 | 139 | 2k+ | Text Domain Mismatch | ||
| #852 | Openpay SPEI Plugin | 34 | 112 | 14 | 1k+ | Exception output is not escaped | ||
| #853 | Payoneer Checkout | 34 | 168 | 41 | 5k+ | Exception output is not escaped | ||
| #854 | Podigee WordPress Quick Publish – now with Gutenberg support! | 34 | 108 | 95 | 700 | Text Domain Mismatch | ||
| #855 | RTMKit | 34 | 10 | 380 | 50k+ | Non-prefixed global variable | ||
| #856 | Route ‑ Shipping Protection | 34 | 64 | 150 | 500 | Missing nonce verification | ||
| #857 | Search Engine Insights for Google Search Console | 34 | 174 | 113 | 2k+ | Output is not escaped | ||
| #858 | Subscribe to Download Lite – Email Before Download Plugin | 34 | 106 | 157 | 400 | Non-prefixed global variable | ||
| #859 | TaxJar – Sales Tax Automation for WooCommerce | 34 | 236 | 170 | 5k+ | Text Domain Mismatch | ||
| #860 | Easy Mega Menu for WordPress – ThemeHunk | 34 | 480 | 256 | 1k+ | Text Domain Mismatch | ||
| #861 | Pix Automático com Pagarme para WooCommerce | 34 | 68 | 66 | 500 | Non-prefixed global variable | ||
| #862 | BjornTech PayPal POS integration for WooCommerce | 34 | 68 | 177 | 700 | Missing nonce verification | ||
| #863 | PostNL for WooCommerce | 34 | 595 | 104 | 3k+ | Text Domain Mismatch | ||
| #864 | Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin | 34 | 230 | 154 | 2k+ | Output is not escaped | ||
| #865 | Email Template Designer – WP HTML Mail | 34 | 62 | 80 | 20k+ | badly named files | ||
| #866 | WP Subscription Forms – Subscription Form Plugin for WordPress | 34 | 131 | 220 | 400 | Non-prefixed global variable | ||
| #867 | Wp Favs – Plugin Manager | 34 | 238 | 153 | 3k+ | Text Domain Mismatch | ||
| #868 | Embed Plus for YouTube Gallery, Livestream and Lazy Loading with Facades | 34 | 571 | 195 | 100k+ | Output is not escaped | ||
| #869 | zipMoney(Zip Co) Payments Plugin for WooCommerce | 34 | 147 | 70 | 2k+ | Text Domain Mismatch | ||
| #870 | Abandoned Checkout Recovery & Order Notifications for WooCommerce | 35 | 108 | 77 | 800 | Text Domain Mismatch | ||
| #871 | Advanced Custom Fields: Image Aspect Ratio Crop Field | 35 | 70 | 37 | 20k+ | Text Domain Mismatch | ||
| #872 | Ad Widget for WordPress | 35 | 68 | 14 | 2k+ | Output is not escaped | ||
| #873 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | Non-prefixed global variable | ||
| #874 | AMIMOTO Plugin Dashboard | 35 | 82 | 82 | 900 | Non Singular String Literal Domain | ||
| #875 | Amministrazione Trasparente | 35 | 80 | 46 | 1k+ | Output is not escaped | ||
| #876 | Antideo Email Validator | 35 | 38 | 98 | 800 | Missing nonce verification | ||
| #877 | Automatic Internal Links for SEO by Pagup | 35 | 34 | 215 | 1k+ | error log error log | ||
| #878 | Avif Express | 35 | 26 | 167 | 400 | Input is not validated | ||
| #879 | Basic Google Maps Placemarks | 35 | 189 | 80 | 3k+ | Output is not escaped | ||
| #880 | bbPress Notify (No-Spam) | 35 | 62 | 66 | 2k+ | wp function not compatible with requires wp | ||
| #881 | BTCPay Server – Accept Bitcoin payments in WooCommerce | 35 | 48 | 86 | 1k+ | Missing nonce verification | ||
| #882 | C3 Cloudfront Cache Controller | 35 | 109 | 60 | 3k+ | Non Singular String Literal Domain | ||
| #883 | CF7 Submissions – Securely Store Contact Form 7 Data and Attachments, Reply to the Sender and more | 35 | 16 | 119 | 2k+ | Non-prefixed global variable | ||
| #884 | CiviCRM Profile Sync | 35 | 31 | 140 | 500 | Non-prefixed global variable | ||
| #885 | Cloudflare | 35 | 27 | 85 | 200k+ | Non-prefixed namespace | ||
| #886 | Core Framework | 35 | 70 | 62 | 10k+ | Text Domain Mismatch | ||
| #887 | CrowdSec | 35 | 130 | 119 | 2k+ | Output is not escaped | ||
| #888 | Datafeedr Product Sets | 35 | 602 | 206 | 5k+ | Output is not escaped | ||
| #889 | Duplica – Duplicate Posts, Pages, Custom Posts or Users | 35 | 14 | 31 | 2k+ | Non-prefixed global variable | ||
| #890 | EnvíaloSimple: Email Marketing y Newsletters | 35 | 147 | 250 | 2k+ | Nonce verification recommended | ||
| #891 | Connect WooCommerce to ActiveCampaign by EqualServing | 35 | 135 | 89 | 1k+ | Text Domain Mismatch | ||
| #892 | EWWW Image Optimizer | 35 | 225 | 729 | 1m+ | Direct Query | ||
| #893 | Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations | 35 | 255 | 225 | 10k+ | Output is not escaped | ||
| #894 | FooGallery Migrate | 35 | 41 | 232 | 1k+ | Non-prefixed global variable | ||
| #895 | GeoTargeting Lite – WordPress Geolocation | 35 | 66 | 79 | 1k+ | Output is not escaped | ||
| #896 | Get a Newsletter | 35 | 138 | 144 | 400 | Output is not escaped | ||
| #897 | Help Scout | 35 | 11 | 13 | 400 | Missing direct file access protection | ||
| #898 | Iframely – WP media embeds, cards and blocks | 35 | 136 | 43 | 2k+ | Unsafe printing function | ||
| #899 | Imsanity | 35 | 32 | 29 | 200k+ | Direct Query | ||
| #900 | InPost PL | 35 | 2 | 925 | 10k+ | Non-prefixed global variable |