WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
error log trigger error
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #401 | BackWPup – WordPress Backup & Restore Plugin | 35 | 11 | 779 | 500k+ | Non-prefixed global variable | ||
| #402 | Basic Google Maps Placemarks | 35 | 189 | 80 | 3k+ | Output is not escaped | ||
| #403 | Nexi Checkout | 35 | 45 | 308 | 3k+ | Dynamic hook name | ||
| #404 | Dintero Checkout for WooCommerce Payment Methods | 35 | 58 | 48 | 600 | Text Domain Mismatch | ||
| #405 | Easy Watermark | 35 | 82 | 53 | 30k+ | Non-prefixed global variable | ||
| #406 | Elementor Website Builder – more than just a page builder | 35 | 46 | 428 | 10m+ | Non-prefixed global variable | ||
| #407 | Friendly Captcha for WordPress | 35 | 192 | 62 | 9k+ | Output is not escaped | ||
| #408 | Kustom Checkout for WooCommerce | 35 | 101 | 505 | 10k+ | Dynamic hook name | ||
| #409 | Lenix scss compiler | 35 | 133 | 34 | 800 | Exception output is not escaped | ||
| #410 | Media Credit | 35 | 28 | 35 | 1k+ | Non-prefixed global variable | ||
| #411 | Meta pixel for WordPress | 35 | 90 | 40 | 400k+ | Exception output is not escaped | ||
| #412 | OT Flatsome Vertical Menu | 35 | 126 | 26 | 10k+ | Text Domain Mismatch | ||
| #413 | Post List Featured Image | 35 | 112 | 100 | 900 | Output is not escaped | ||
| #414 | Related Posts for WordPress | 35 | 207 | 180 | 10k+ | Output is not escaped | ||
| #415 | RICG Responsive Images | 35 | 29 | 25 | 2k+ | wp function not compatible with requires wp | ||
| #416 | Two Factor Authentication | 35 | 108 | 139 | 20k+ | Output is not escaped | ||
| #417 | User Photo | 35 | 112 | 68 | 3k+ | Output is not escaped | ||
| #418 | Wild Apricot Login | 35 | 88 | 30 | 800 | Non Singular String Literal Domain | ||
| #419 | Backend Payments for WooCommerce | 35 | 63 | 42 | 900 | Exception output is not escaped | ||
| #420 | Brevo for WooCommerce | 35 | 116 | 67 | 30k+ | Output is not escaped | ||
| #421 | Kybernaut IČO DIČ | 35 | 79 | 68 | 2k+ | Missing nonce verification | ||
| #422 | WP-Markdown | 35 | 31 | 39 | 400 | Output is not escaped | ||
| #423 | WP-PageNavi | 35 | 84 | 95 | 500k+ | Non Singular String Literal Domain | ||
| #424 | Dashboard Widgets Suite | 36 | 206 | 124 | 4k+ | Output is not escaped | ||
| #425 | Email Before Download | 36 | 89 | 29 | 6k+ | Unsafe printing function | ||
| #426 | Export Variable Products | 36 | 79 | 49 | 400 | Text Domain Mismatch | ||
| #427 | Google Webfont Optimizer | 36 | 45 | 49 | 700 | Output is not escaped | ||
| #428 | LocalWeb All In One | 36 | 34 | 297 | 5k+ | Non-prefixed global variable | ||
| #429 | WowStore – Store Builder & Product Blocks for WooCommerce | 36 | 56 | 437 | 4k+ | Non-prefixed global variable | ||
| #430 | افزونه رسمی ترب | 36 | 42 | 86 | 20k+ | Exception output is not escaped | ||
| #431 | Stripe Tax – Sales tax automation for WooCommerce | 36 | 97 | 61 | 30k+ | Exception output is not escaped | ||
| #432 | Disable Payment Methods based on cart conditions for WooCommerce | 36 | 158 | 57 | 1k+ | Non Singular String Literal Domain | ||
| #433 | WP LaTeX | 36 | 103 | 12 | 700 | Output is not escaped | ||
| #434 | authLdap | 37 | 46 | 30 | 4k+ | Exception output is not escaped | ||
| #435 | Avatar Privacy | 37 | 82 | 36 | 1k+ | Missing direct file access protection | ||
| #436 | bunny.net – WordPress CDN Plugin | 37 | 165 | 159 | 10k+ | Output is not escaped | ||
| #437 | Custom CSS Manager | 37 | 55 | 20 | 1k+ | Output is not escaped | ||
| #438 | Gmail SMTP | 37 | 85 | 71 | 10k+ | Unsafe printing function | ||
| #439 | WP All Export – Order Export for WooCommerce | 37 | 109 | 111 | 3k+ | Text Domain Mismatch | ||
| #440 | Featured Video for WordPress – VideographyWP | 37 | 287 | 93 | 1k+ | Unsafe printing function | ||
| #441 | FundEngine – Donation and Crowdfunding Platform | 37 | 89 | 9 | 1k+ | Exception output is not escaped | ||
| #442 | WP Plugin Info Card | 37 | 53 | 376 | 500 | Nonce verification recommended | ||
| #443 | Advanced Product Search For WooCommerce | 38 | 160 | 38 | 4k+ | Text Domain Mismatch | ||
| #444 | Activity Log – Monitor & Record User Changes | 38 | 81 | 149 | 200k+ | Nonce verification recommended | ||
| #445 | Front-end Editor | 38 | 78 | 62 | 500 | Output is not escaped | ||
| #446 | Coding Chicken – JetEngine Importer | 38 | 55 | 29 | 400 | Missing direct file access protection | ||
| #447 | Migrate Store: Export and Import WooCommerce Settings | 38 | 37 | 33 | 1k+ | Non-prefixed global variable | ||
| #448 | MimeTypes Link Icons | 38 | 53 | 34 | 8k+ | Output is not escaped | ||
| #449 | SCSS WP Editor | 38 | 111 | 40 | 900 | Exception output is not escaped | ||
| #450 | SimpleShop | 38 | 52 | 51 | 1k+ | date date |