WordPress.PHP.DevelopmentFunctions.error_log_print_r
error log print r
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | Directorist: AI-Powered Business Directory, Listings & Classified Ads | 22 | 443 | 2,129 | 20k+ | Non-prefixed global variable | ||
| #102 | Download Manager | 22 | 2,290 | 1,301 | 100k+ | Output is not escaped | ||
| #103 | Diverse Solutions IDX Real Estate Listings & MLS Search | 22 | 745 | 605 | 1k+ | Heredoc Output Not Escaped | ||
| #104 | Dynamic QR Code – generator | 22 | 238 | 208 | 6k+ | Missing direct file access protection | ||
| #105 | EleSpare – News, Magazine and Blog Addons for Elementor | 22 | 733 | 1,423 | 10k+ | Non-prefixed global variable | ||
| #106 | Events Manager – Calendar, Bookings, Tickets, and more! | 22 | 4,722 | 5,621 | 70k+ | Output is not escaped | ||
| #107 | Falang multilanguage for WordPress | 22 | 716 | 769 | 1k+ | Output is not escaped | ||
| #108 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | 22 | 1,031 | 451 | 4k+ | Output is not escaped | ||
| #109 | Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar | 22 | 1,321 | 1,371 | 3k+ | Non-prefixed global variable | ||
| #110 | Five Star Restaurant Menu and Food Ordering | 22 | 752 | 609 | 5k+ | Output is not escaped | ||
| #111 | FunnelKit Payment Gateway for Stripe WooCommerce | 22 | 244 | 321 | 20k+ | Input is not sanitized | ||
| #112 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,466 | 3,972 | 10k+ | Output is not escaped | ||
| #113 | Anti-Malware Security and Brute-Force Firewall | 22 | 544 | 965 | 100k+ | Output is not escaped | ||
| #114 | HeadSpace2 SEO | 22 | 940 | 360 | 3k+ | Text Domain Mismatch | ||
| #115 | Hesabfa Accounting | 22 | 467 | 718 | 400 | Text Domain Mismatch | ||
| #116 | Heureka | 22 | 557 | 254 | 400 | Exception output is not escaped | ||
| #117 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception output is not escaped | ||
| #118 | JCC Payment Gateway for Woocommerce | 22 | 2,273 | 1,136 | 600 | Text Domain Mismatch | ||
| #119 | Jim Soft Swiss QR Invoice | 22 | 263 | 392 | 400 | Non-prefixed global variable | ||
| #120 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,361 | 3,384 | 70k+ | Non-prefixed global variable | ||
| #121 | Leyka | 22 | 253 | 3,445 | 2k+ | Request data is not unslashed | ||
| #122 | Custom Login Page Customizer – Login Designer | 22 | 588 | 1,455 | 30k+ | Non-prefixed global variable | ||
| #123 | Mail Baby SMTP | 22 | 385 | 699 | 600 | SQL query is not prepared | ||
| #124 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,619 | 2,453 | 10k+ | Output is not escaped | ||
| #125 | Modula Image Gallery – Photo Grid & Video Gallery | 22 | 474 | 436 | 100k+ | Text Domain Mismatch | ||
| #126 | Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress | 22 | 919 | 1,230 | 10k+ | Output is not escaped | ||
| #127 | Moloni | 22 | 902 | 356 | 2k+ | Missing Arg Domain | ||
| #128 | myCred Toolkit with AI Assistant – Scale Your Loyalty & Gamification Rewards With Integrations | 22 | 1,588 | 1,172 | 400 | Output is not escaped | ||
| #129 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | Non-prefixed global variable | ||
| #130 | WP OAuth Server (OAuth Authentication) | 22 | 189 | 347 | 3k+ | Non-prefixed function | ||
| #131 | oik | 22 | 489 | 180 | 2k+ | Non Singular String Literal Domain | ||
| #132 | PagBank / PagSeguro Connect para WooCommerce | 22 | 504 | 743 | 4k+ | Non-prefixed global variable | ||
| #133 | PAYCOMET for WooCommerce | 22 | 1,206 | 423 | 2k+ | Text Domain Mismatch | ||
| #134 | PDF Builder for WPForms | 22 | 321 | 266 | 900 | SQL query is not prepared | ||
| #135 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | Non Singular String Literal Domain | ||
| #136 | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | 22 | 1,581 | 2,326 | 300k+ | Non-prefixed global variable | ||
| #137 | Prime Mover – Migrate WordPress Website & Backups | 22 | 1,326 | 1,600 | 10k+ | Non-prefixed global variable | ||
| #138 | Product Catalog Feed by PixelYourSite | 22 | 581 | 357 | 8k+ | Output is not escaped | ||
| #139 | Quick Contact Form | 22 | 260 | 623 | 1k+ | Non-prefixed function | ||
| #140 | RabbitLoader Cache: Optimize your Website for Speed | 22 | 241 | 163 | 2k+ | Output is not escaped | ||
| #141 | RealPress – Real Estate Plugin | 22 | 604 | 1,167 | 500 | Non-prefixed global variable | ||
| #142 | Restrict User Access – Ultimate Membership & Content Protection | 22 | 977 | 1,840 | 10k+ | Non-prefixed global variable | ||
| #143 | SALESmanago & Leadoo | 22 | 645 | 429 | 1k+ | Unsafe printing function | ||
| #144 | Salon Booking System – Free Version | 22 | 655 | 620 | 2k+ | Missing direct file access protection | ||
| #145 | Sellsy | 22 | 586 | 490 | 400 | Non Singular String Literal Domain | ||
| #146 | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | 22 | 1,044 | 799 | 300k+ | Non-prefixed global variable | ||
| #147 | Simple Job Board | 22 | 634 | 1,355 | 10k+ | Non-prefixed global variable | ||
| #148 | Slick Popup: Contact Form 7 Popup Plugin | 22 | 2,322 | 316 | 2k+ | Text Domain Mismatch | ||
| #149 | Slim Jetpack | 22 | 2,586 | 1,947 | 2k+ | Text Domain Mismatch | ||
| #150 | SNS Count Cache | 22 | 918 | 120 | 8k+ | Non Singular String Literal Domain |
