WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
error log trigger error
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #451 | Coding Chicken – JetEngine Importer | 38 | 55 | 29 | 400 | Missing direct file access protection | ||
| #452 | Migrate Store: Export and Import WooCommerce Settings | 38 | 37 | 33 | 1k+ | Non-prefixed global variable | ||
| #453 | MimeTypes Link Icons | 38 | 53 | 34 | 8k+ | Output is not escaped | ||
| #454 | SCSS WP Editor | 38 | 111 | 40 | 900 | Exception output is not escaped | ||
| #455 | SimpleShop | 38 | 52 | 50 | 1k+ | date date | ||
| #456 | Native PHP Sessions | 38 | 30 | 92 | 10k+ | Direct Query | ||
| #457 | Add-on Gravity Forms – MailPoet 3 | 39 | 31 | 33 | 600 | Output is not escaped | ||
| #458 | Contact Form 7 – Dynamic Text Extension | 39 | 103 | 28 | 100k+ | Output is not escaped | ||
| #459 | Query Multiple Taxonomies | 39 | 55 | 41 | 500 | Output is not escaped | ||
| #460 | Smart Archives Reloaded | 39 | 78 | 36 | 1k+ | Non Singular String Literal Domain | ||
| #461 | SMTP | 39 | 54 | 15 | 700 | Non Singular String Literal Domain | ||
| #462 | CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x | 39 | 7 | 222 | 20k+ | Non-prefixed hook name | ||
| #463 | YITH Custom Login | 39 | 86 | 33 | 6k+ | Output is not escaped | ||
| #464 | Widget Builder | 40 | 40 | 52 | 500 | Non-prefixed global variable | ||
| #465 | FluentAffiliate – Affiliate Program Management Suite, Affiliates Manager | 41 | 115 | 14 | 1k+ | Exception output is not escaped | ||
| #466 | WP Permalink Translator | 41 | 34 | 21 | 2k+ | Unsafe printing function | ||
| #467 | WP Router | 41 | 29 | 13 | 800 | Exception output is not escaped | ||
| #468 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | 42 | 111 | 17 | 20k+ | Exception output is not escaped | ||
| #469 | OG Tags | 42 | 131 | 34 | 2k+ | Non Singular String Literal Domain | ||
| #470 | I Order Terms | 44 | 40 | 24 | 1k+ | Output is not escaped | ||
| #471 | CoSchedule | 46 | 24 | 66 | 3k+ | Nonce verification recommended | ||
| #472 | Podcast Player – Your Podcasting Companion | 46 | 14 | 133 | 10k+ | Non-prefixed global variable | ||
| #473 | Ansar Import – One Click Starter Sites – for Elementor & Themes | 48 | 27 | 116 | 10k+ | Non-prefixed global variable | ||
| #474 | Instamojo for WooCommerce | 48 | 72 | 44 | 5k+ | Text Domain Mismatch | ||
| #475 | ACF Quick Edit Fields | 49 | 20 | 72 | 30k+ | Nonce verification recommended | ||
| #476 | Gallery Carousel Without JetPack | 49 | 56 | 35 | 4k+ | Text Domain Mismatch | ||
| #477 | Secondary Product Image for WooCommerce | 49 | 25 | 29 | 2k+ | Output is not escaped | ||
| #478 | Taxonomy Images | 49 | 38 | 50 | 9k+ | Output is not escaped | ||
| #479 | Page Builder Gutenberg Blocks – CoBlocks | 50 | 167 | 36 | 300k+ | block api version too low | ||
| #480 | Event Organiser CSV | 50 | 28 | 27 | 600 | Output is not escaped | ||
| #481 | File Manager | 50 | 42 | 72 | 10k+ | Missing direct file access protection | ||
| #482 | Menu Icons by Themeisle – Add Icons to Navigation Menus | 51 | 34 | 22 | 100k+ | Output is not escaped | ||
| #483 | GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time | 52 | 26 | 27 | 1k+ | Exception output is not escaped | ||
| #484 | Multiple Post Thumbnails | 53 | 25 | 18 | 20k+ | Output is not escaped | ||
| #485 | REST API Featured Image | 53 | 34 | 16 | 700 | Output is not escaped | ||
| #486 | Weight Based Shipping for WooCommerce | 53 | 48 | 41 | 60k+ | Missing direct file access protection | ||
| #487 | WP Console – WordPress PHP Console powered by PsySH | 53 | 34 | 48 | 20k+ | Exception output is not escaped | ||
| #488 | CSV Importer | 54 | 24 | 11 | 3k+ | Missing direct file access protection | ||
| #489 | Cyr-To-Lat | 54 | 16 | 48 | 300k+ | Dynamic hook name | ||
| #490 | Advanced Custom Order Status for WooCommerce | 55 | 44 | 33 | 500 | Text Domain Mismatch | ||
| #491 | Refer A Friend for WooCommerce by WPGens | 55 | 77 | 21 | 1k+ | Text Domain Mismatch | ||
| #492 | Internal Link Juicer: SEO Auto Linker for WordPress | 57 | 12 | 61 | 90k+ | Database parameter is not escaped | ||
| #493 | Longer Permalinks | 57 | 27 | 21 | 8k+ | Missing Arg Domain | ||
| #494 | Pattern Wrangler – Manage Block Patterns and Pattern Categories | 59 | 14 | 73 | 400 | Non-prefixed global variable | ||
| #495 | CodeColorer | 64 | 65 | 266 | 1k+ | Non-prefixed global variable | ||
| #496 | 64 | 27 | 23 | 9k+ | Missing Translators Comment | |||
| #497 | Ajaxify Comments – Ajax and Lazy Loading Comments | 65 | 20 | 38 | 3k+ | Non-prefixed hook name | ||
| #498 | Disabler | 67 | 179 | 37 | 900 | Text Domain Mismatch | ||
| #499 | GravityExport Lite for Gravity Forms | 67 | 48 | 14 | 10k+ | Output is not escaped | ||
| #500 | wp-Typography | 67 | 91 | 33 | 20k+ | Missing direct file access protection |
