WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
error log trigger error
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #351 | Instamojo for WooCommerce | 48 | 72 | 44 | 5k+ | Text Domain Mismatch | ||
| #352 | ACF Quick Edit Fields | 49 | 20 | 72 | 30k+ | Nonce verification recommended | ||
| #353 | Gallery Carousel Without JetPack | 49 | 56 | 35 | 4k+ | Text Domain Mismatch | ||
| #354 | Secondary Product Image for WooCommerce | 49 | 25 | 29 | 2k+ | Output is not escaped | ||
| #355 | Taxonomy Images | 49 | 38 | 50 | 9k+ | Output is not escaped | ||
| #356 | Page Builder Gutenberg Blocks – CoBlocks | 50 | 167 | 36 | 300k+ | block api version too low | ||
| #357 | File Manager | 50 | 42 | 72 | 10k+ | Missing direct file access protection | ||
| #358 | Menu Icons by Themeisle – Add Icons to Navigation Menus | 51 | 34 | 22 | 100k+ | Output is not escaped | ||
| #359 | GSheetConnector for Gravity Forms – Send Gravity Forms Entries to Google Sheets in Real-Time | 52 | 26 | 27 | 1k+ | Exception output is not escaped | ||
| #360 | Multiple Post Thumbnails | 53 | 25 | 18 | 20k+ | Output is not escaped | ||
| #361 | Weight Based Shipping for WooCommerce | 53 | 48 | 41 | 60k+ | Missing direct file access protection | ||
| #362 | WP Console – WordPress PHP Console powered by PsySH | 53 | 34 | 48 | 20k+ | Exception output is not escaped | ||
| #363 | CSV Importer | 54 | 24 | 11 | 3k+ | Missing direct file access protection | ||
| #364 | Cyr-To-Lat | 54 | 16 | 48 | 300k+ | Dynamic hook name | ||
| #365 | Refer A Friend for WooCommerce by WPGens | 55 | 77 | 21 | 1k+ | Text Domain Mismatch | ||
| #366 | Internal Link Juicer: SEO Auto Linker for WordPress | 57 | 12 | 61 | 90k+ | Database parameter is not escaped | ||
| #367 | Longer Permalinks | 57 | 27 | 21 | 8k+ | Missing Arg Domain | ||
| #368 | 64 | 27 | 23 | 9k+ | Missing Translators Comment | |||
| #369 | Ajaxify Comments – Ajax and Lazy Loading Comments | 65 | 20 | 38 | 3k+ | Non-prefixed hook name | ||
| #370 | GravityExport Lite for Gravity Forms | 67 | 48 | 14 | 10k+ | Output is not escaped | ||
| #371 | wp-Typography | 67 | 91 | 33 | 20k+ | Missing direct file access protection | ||
| #372 | In-feed ads for Google AdSense | 70 | 20 | 20 | 7k+ | Non-prefixed global variable | ||
| #373 | Multipart robots.txt editor | 70 | 19 | 8 | 1k+ | Output is not escaped | ||
| #374 | Post My CF7 Form | 74 | 21 | 168 | 2k+ | Non-prefixed global variable | ||
| #375 | Joinchat – Enhanced "click to chat" | 81 | 18 | 32 | 700k+ | wp function not compatible with requires wp | ||
| #376 | MyBookTable Bookstore by Stormhill Media | 82 | 15 | 33 | 1k+ | Direct Query | ||
| #377 | Cachify | 84 | 9 | 36 | 9k+ | Non-prefixed global variable | ||
| #378 | WP All Import – Import Add-On for ACF | 84 | 3 | 46 | 40k+ | Non-prefixed global variable | ||
| #379 | Mediavine Control Panel | 89 | 30 | 30 | 10k+ | Text Domain Mismatch | ||
| #380 | WP All Export – Product Export Add-On for WooCommerce | 90 | 14 | 26 | 10k+ | Non-prefixed hook name | ||
| #381 | Advanced Cron Manager – debug & control | 91 | 30 | 90 | 30k+ | Non-prefixed global variable | ||
| #382 | Table Field Add-on for ACF and SCF | 92 | 9 | 3 | 50k+ | Text Domain Mismatch | ||
| #383 | ACF Options For Polylang | 94 | 9 | 23 | 10k+ | Non-prefixed constant | ||
| #384 | Display Eventbrite Events | 96 | 31 | 3k+ | error log print r |
