WordPress.PHP.DevelopmentFunctions.error_log_print_r
error log print r
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #951 | Mail logging – WP Mail Catcher | 35 | 232 | 157 | 20k+ | Text Domain Mismatch | ||
| #952 | WP-Paginate | 35 | 37 | 55 | 20k+ | Input is not validated | ||
| #953 | WP All Import – Property Import for WP Residence | 35 | 41 | 32 | 700 | Output is not escaped | ||
| #954 | Yotpo: Product & Photo Reviews for WooCommerce | 35 | 24 | 189 | 2k+ | Non-prefixed function | ||
| #955 | authLdap | 36 | 47 | 30 | 4k+ | Exception output is not escaped | ||
| #956 | Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder | 36 | 3 | 321 | 10k+ | Nonce verification recommended | ||
| #957 | BP Profile Search | 36 | 321 | 85 | 5k+ | Output is not escaped | ||
| #958 | Contact Form 7 Polylang Module | 36 | 32 | 45 | 5k+ | Output is not escaped | ||
| #959 | Code Snippets | 36 | 34 | 203 | 1m+ | Nonce verification recommended | ||
| #960 | Crelly Slider | 36 | 421 | 185 | 10k+ | Unsafe printing function | ||
| #961 | Different Menu in Different Pages – Conditional Menu | 36 | 167 | 113 | 4k+ | Text Domain Mismatch | ||
| #962 | Doneren met Mollie | 36 | 420 | 351 | 4k+ | SQL query is not prepared | ||
| #963 | Drag and Drop Multiple File Upload for Contact Form 7 | 36 | 82 | 36 | 60k+ | wp function not compatible with requires wp | ||
| #964 | WP CTA – Call Now Button, Sticky Button & Call to Action Builder | 36 | 1 | 433 | 2k+ | Non-prefixed global variable | ||
| #965 | Export Variable Products | 36 | 79 | 49 | 400 | Text Domain Mismatch | ||
| #966 | Happy WooCommerce FAQs – Ultimate Product FAQ Plugin | 36 | 65 | 119 | 1k+ | Nonce verification recommended | ||
| #967 | FreePay for WooCommerce | 36 | 114 | 102 | 400 | Output is not escaped | ||
| #968 | Google SEO Pressor for Rich snippets | 36 | 51 | 160 | 400 | Missing nonce verification | ||
| #969 | Header Footer Code Manager | 36 | 81 | 180 | 600k+ | Non-prefixed global variable | ||
| #970 | Just TinyMCE Custom Styles | 36 | 112 | 28 | 1k+ | Missing Arg Domain | ||
| #971 | LocalWeb All In One | 36 | 34 | 297 | 5k+ | Non-prefixed global variable | ||
| #972 | Photonic Gallery & Lightbox for Flickr, SmugMug & Others | 36 | 180 | 163 | 10k+ | Missing Translators Comment | ||
| #973 | ActiveCampaign Postmark for WordPress | 36 | 47 | 75 | 50k+ | Text Domain Mismatch | ||
| #974 | SMTP for SendGrid – YaySMTP | 36 | 27 | 96 | 1k+ | Non-prefixed global variable | ||
| #975 | Slider Ultimate | 36 | 294 | 80 | 500 | Output is not escaped | ||
| #976 | User Roles and Capabilities | 36 | 227 | 132 | 8k+ | Output is not escaped | ||
| #977 | Wanderlust OCA para WooCommerce | 36 | 157 | 55 | 500 | Text Domain Mismatch | ||
| #978 | Extended Coupon Features for WooCommerce FREE | 36 | 219 | 63 | 10k+ | Text Domain Mismatch | ||
| #979 | Eway Payments for Woo | 36 | 525 | 40 | 3k+ | Text Domain Mismatch | ||
| #980 | WP Header Images | 36 | 174 | 133 | 6k+ | Unsafe printing function | ||
| #981 | Payment Button for PayPal | 36 | 155 | 86 | 4k+ | Unsafe printing function | ||
| #982 | WP Sort Order | 36 | 134 | 211 | 6k+ | Direct Query | ||
| #983 | WP Stripe Checkout | 36 | 198 | 118 | 1k+ | Unsafe printing function | ||
| #984 | WP Super Edit | 36 | 35 | 185 | 2k+ | Nonce verification recommended | ||
| #985 | wpShopGermany IT-RECHT KANZLEI | 36 | 37 | 47 | 500 | Input is not sanitized | ||
| #986 | Adapta RGPD | 37 | 349 | 72 | 40k+ | Text Domain Mismatch | ||
| #987 | Apaczka: integracja z WooCommerce | 37 | 8 | 316 | 3k+ | Non-prefixed global variable | ||
| #988 | Banhammer – Monitor Site Traffic, Block Bad Users and Bots | 37 | 104 | 174 | 1k+ | Output is not escaped | ||
| #989 | Custom Thank You Page Customize For WooCommerce by Binary Carpenter | 37 | 45 | 80 | 2k+ | error log error log | ||
| #990 | Bellows Accordion Menu | 37 | 160 | 28 | 10k+ | Text Domain Mismatch | ||
| #991 | Delivery Date Time & Pickup for WooCommerce | 37 | 148 | 216 | 400 | Output is not escaped | ||
| #992 | Checkout for PayPal | 37 | 134 | 67 | 600 | Unsafe printing function | ||
| #993 | Clearpay Gateway for WooCommerce | 37 | 185 | 63 | 1k+ | Text Domain Mismatch | ||
| #994 | ClickCease Click Fraud Protection | 37 | 30 | 58 | 10k+ | Non-prefixed class | ||
| #995 | CookieAdmin – Cookie Consent Banner | 37 | 43 | 86 | 400k+ | Nonce verification recommended | ||
| #996 | Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | 37 | 151 | 61 | 700 | Output is not escaped | ||
| #997 | Custom CSS Manager | 37 | 55 | 20 | 1k+ | Output is not escaped | ||
| #998 | Custom Post Template | 37 | 48 | 30 | 10k+ | Output is not escaped | ||
| #999 | Duo Two-Factor Authentication | 37 | 44 | 61 | 3k+ | Missing nonce verification | ||
| #1000 | Easy Photo Album | 37 | 360 | 43 | 1k+ | Text Domain Mismatch |