WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
error log trigger error
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #251 | Site Kit by Google – Analytics, Search Console, AdSense, Speed | 25 | 1,304 | 242 | 5m+ | Missing direct file access protection | ||
| #252 | Hardcore Google Fonts Localizer | 25 | 331 | 261 | 900 | Text Domain Mismatch | ||
| #253 | Icegram Collect – Easy Form, Lead Collection and Subscription plugin | 25 | 424 | 290 | 2k+ | Output is not escaped | ||
| #254 | Index WP MySQL For Speed | 25 | 250 | 255 | 50k+ | Output is not escaped | ||
| #255 | Infinite Uploads – Offload Media and Video to Cloud Storage | 25 | 579 | 720 | 800 | Direct Query | ||
| #256 | Loginizer | 25 | 814 | 504 | 1m+ | Output is not escaped | ||
| #257 | MaxButtons – Create buttons | 25 | 626 | 404 | 70k+ | Output is not escaped | ||
| #258 | Media Cleaner: Clean your WordPress! | 25 | 151 | 391 | 90k+ | Direct Query | ||
| #259 | Media Cloud Sync | 25 | 1,095 | 274 | 1k+ | Exception output is not escaped | ||
| #260 | MyFatoorah – WooCommerce | 25 | 191 | 89 | 3k+ | Output is not escaped | ||
| #261 | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | 25 | 257 | 400 | 40k+ | Non-prefixed hook name | ||
| #262 | Notifications for Forms & WordPress Actions | 25 | 309 | 282 | 1k+ | Text Domain Mismatch | ||
| #263 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | Non-prefixed global variable | ||
| #264 | Sensei LMS – Online Courses, Quizzes, & Learning | 25 | 56 | 928 | 10k+ | Nonce verification recommended | ||
| #265 | ShopMagic – email automation | 25 | 228 | 145 | 10k+ | Exception output is not escaped | ||
| #266 | Smart Image Resize for WooCommerce | 25 | 582 | 404 | 7k+ | Text Domain Mismatch | ||
| #267 | TablePress – Tables in WordPress made easy | 25 | 847 | 2,174 | 600k+ | Non-prefixed global variable | ||
| #268 | Tamara Checkout | 25 | 601 | 228 | 2k+ | Exception output is not escaped | ||
| #269 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | Output is not escaped | ||
| #270 | VikAppointments Services Booking Calendar | 25 | 9,753 | 5,207 | 500 | Output is not escaped | ||
| #271 | VikBooking Hotel Booking Engine & PMS | 25 | 13,232 | 8,312 | 8k+ | Output is not escaped | ||
| #272 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | Non-prefixed global variable | ||
| #273 | VikRestaurants Table Reservations and Take-Away | 25 | 11,644 | 4,932 | 600 | Output is not escaped | ||
| #274 | Product Table for WooCommerce | 25 | 183 | 896 | 5k+ | Non-prefixed global variable | ||
| #275 | WordPress Importer | 25 | 238 | 110 | 2m+ | Output is not escaped | ||
| #276 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | Unsafe printing function | ||
| #277 | Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF | 25 | 158 | 118 | 60k+ | Non-prefixed global variable | ||
| #278 | SlimStat Analytics | 25 | 1,177 | 870 | 70k+ | Exception output is not escaped | ||
| #279 | WP Super Cache | 25 | 800 | 989 | 1m+ | Output is not escaped | ||
| #280 | WPvivid Backup for MainWP | 25 | 818 | 1,794 | 10k+ | Missing nonce verification | ||
| #281 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | Non-prefixed namespace | ||
| #282 | YeeMail — Email Template Builder & Customizer | 25 | 606 | 222 | 600 | wp function not compatible with requires wp | ||
| #283 | ActiveCampaign for WooCommerce | 26 | 541 | 190 | 6k+ | Exception output is not escaped | ||
| #284 | Translate WordPress with ConveyThis – AI Multilingual Plugin | 26 | 159 | 297 | 1k+ | Non-prefixed global variable | ||
| #285 | FG Drupal to WordPress | 26 | 275 | 100 | 700 | Unsafe printing function | ||
| #286 | FG PrestaShop to WooCommerce | 26 | 254 | 94 | 900 | Unsafe printing function | ||
| #287 | Image SEO – AI-Driven Image SEO Optimizer | 26 | 350 | 327 | 1k+ | Text Domain Mismatch | ||
| #288 | Integrate Razorpay for Contact Form 7 | 26 | 152 | 97 | 500 | curl curl setopt | ||
| #289 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | Text Domain Mismatch | ||
| #290 | Klarna for WooCommerce | 26 | 284 | 507 | 30k+ | Dynamic hook name | ||
| #291 | Landing Page Cat – Coming Soon & Maintenance Pages | 26 | 91 | 180 | 600 | Non-prefixed class | ||
| #292 | Loco Translate | 26 | 454 | 242 | 1m+ | Output is not escaped | ||
| #293 | Media File Renamer: Rename for better SEO (AI-Powered) | 26 | 151 | 170 | 40k+ | Direct Query | ||
| #294 | Pressidium Cookie Consent | 26 | 203 | 95 | 10k+ | Exception output is not escaped | ||
| #295 | RestaurantPress | 26 | 265 | 518 | 600 | Output is not escaped | ||
| #296 | SP Move Login | 26 | 881 | 215 | 6k+ | Text Domain Mismatch | ||
| #297 | Sliced Invoices – WordPress Invoice Plugin | 26 | 684 | 455 | 5k+ | Output is not escaped | ||
| #298 | Virtue/Ascend/Pinnacle Toolkit | 26 | 605 | 300 | 30k+ | Output is not escaped | ||
| #299 | XL NMI Gateway for WooCommerce | 26 | 695 | 436 | 1k+ | Text Domain Mismatch | ||
| #300 | Amazon Product in a Post Plugin | 27 | 362 | 416 | 800 | Output is not escaped |
