WordPress.PHP.DevelopmentFunctions.error_log_print_r
error log print r
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #251 | PowerPress Podcasting plugin by Blubrry | 23 | 4,807 | 2,394 | 20k+ | Output is not escaped | ||
| #252 | Product Watermark for WooCommerce | 23 | 696 | 457 | 2k+ | Output is not escaped | ||
| #253 | Radio Station by netmix® – Manage and play your Show Schedule in WordPress! | 23 | 934 | 3,619 | 1k+ | Non-prefixed global variable | ||
| #254 | Revive.so – Bulk Rewrite and Republish Blog Posts | 23 | 332 | 228 | 1k+ | Text Domain Mismatch | ||
| #255 | Robo Gallery – Photo & Image Slider | 23 | 1,291 | 530 | 40k+ | Output is not escaped | ||
| #256 | Manago AI & Leadoo AI | 23 | 644 | 429 | 1k+ | Unsafe printing function | ||
| #257 | Schema | 23 | 1,173 | 245 | 40k+ | Text Domain Mismatch | ||
| #258 | Secure Custom Fields | 23 | 240 | 1,370 | 80k+ | Non-prefixed function | ||
| #259 | Seriously Simple Podcasting | 23 | 548 | 627 | 30k+ | Non-prefixed hook name | ||
| #260 | Image Optimizer, Resizer and CDN – Sirv | 23 | 616 | 1,004 | 1k+ | Output is not escaped | ||
| #261 | StreamWeasels Twitch Integration | 23 | 555 | 1,465 | 1k+ | Non-prefixed global variable | ||
| #262 | Strong Testimonials | 23 | 192 | 392 | 90k+ | Nonce verification recommended | ||
| #263 | Legal Terms and Conditions Popup for User Login and WooCommerce Checkout | 23 | 524 | 237 | 700 | Output is not escaped | ||
| #264 | The Events Calendar | 23 | 3,511 | 3,851 | 700k+ | Text Domain Mismatch | ||
| #265 | Travelpayouts | 23 | 769 | 110 | 6k+ | Output is not escaped | ||
| #266 | Tutor LMS – eLearning and online course solution | 23 | 395 | 3,406 | 100k+ | Non-prefixed global variable | ||
| #267 | Directory Listings WordPress plugin – uListing | 23 | 947 | 1,573 | 1k+ | Non-prefixed global variable | ||
| #268 | Ultimate Fields | 23 | 371 | 458 | 700 | Alternative PHP tag found | ||
| #269 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 694 | 2,439 | 20k+ | Non-prefixed hook name | ||
| #270 | Cart PDF for WooCommerce | 23 | 531 | 172 | 1k+ | Exception output is not escaped | ||
| #271 | Peach Payments Gateway | 23 | 298 | 129 | 1k+ | Non Singular String Literal Domain | ||
| #272 | Checkout with Zelle on Woocommerce | 23 | 637 | 1,404 | 3k+ | Non-prefixed global variable | ||
| #273 | PostFinance Checkout | 23 | 979 | 214 | 1k+ | Text Domain Mismatch | ||
| #274 | WP BackItUp Community Edition | 23 | 257 | 989 | 6k+ | Non-prefixed global variable | ||
| #275 | WP-CRM System – Manage Clients and Projects | 23 | 297 | 1,094 | 800 | Non-prefixed global variable | ||
| #276 | WP Free SSL | 23 | 735 | 1,345 | 1k+ | Non-prefixed global variable | ||
| #277 | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | 23 | 1,123 | 1,860 | 9k+ | Output is not escaped | ||
| #278 | WP Hotelier | 23 | 693 | 1,635 | 2k+ | Non-prefixed global variable | ||
| #279 | Lead Form Data Collection to CRM | 23 | 211 | 1,698 | 400 | Non-prefixed global variable | ||
| #280 | WP-Lister Lite for Amazon | 23 | 3,061 | 4,177 | 800 | Output is not escaped | ||
| #281 | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | 23 | 941 | 2,179 | 20k+ | SQL query is not prepared | ||
| #282 | WP Mega Menu | 23 | 992 | 792 | 8k+ | Non-prefixed global variable | ||
| #283 | WP Migrate Lite – Migration Made Easy | 23 | 369 | 255 | 200k+ | Exception output is not escaped | ||
| #284 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | Missing Translators Comment | ||
| #285 | WP STAGING – WordPress Backup, Restore, Migration & Clone | 23 | 1,494 | 1,550 | 100k+ | Non-prefixed global variable | ||
| #286 | Track, Analyze & Optimize by WP Tao | 23 | 895 | 756 | 600 | Output is not escaped | ||
| #287 | WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel | 23 | 1,158 | 3,642 | 20k+ | Interpolated SQL is not prepared | ||
| #288 | WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress | 23 | 4,376 | 890 | 20k+ | Output is not escaped | ||
| #289 | WPMobile.App | 23 | 2,983 | 1,527 | 3k+ | Output is not escaped | ||
| #290 | Photo Engine (Media Organizer & Lightroom) | 23 | 252 | 650 | 2k+ | Direct Query | ||
| #291 | YITH PayPal Express Checkout for WooCommerce | 23 | 387 | 1,443 | 1k+ | Non-prefixed global variable | ||
| #292 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | 23 | 2,317 | 1,714 | 5k+ | Output is not escaped | ||
| #293 | Zephyr Project Manager | 23 | 667 | 2,454 | 1k+ | Non-prefixed global variable | ||
| #294 | 404 Solution | 24 | 486 | 1,338 | 10k+ | Non-prefixed class | ||
| #295 | A2 Optimized WP – Turbocharge and secure your WordPress site | 24 | 271 | 231 | 60k+ | Missing Arg Domain | ||
| #296 | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | 24 | 5,230 | 1,464 | 7k+ | Output is not escaped | ||
| #297 | Ad Inserter – Ad Manager & AdSense Ads | 24 | 4,260 | 812 | 300k+ | Output is not escaped | ||
| #298 | Ivory Search – WordPress Search Plugin | 24 | 1,173 | 1,688 | 100k+ | Non-prefixed global variable | ||
| #299 | Advanced iFrame | 24 | 887 | 1,120 | 40k+ | Non-prefixed global variable | ||
| #300 | Affiliates Manager | 24 | 1,268 | 653 | 9k+ | Unsafe printing function |