WordPress.PHP.DevelopmentFunctions.error_log_var_dump
error log var dump
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | Plugin Check (PCP) | 0 | 128 | 132 | 10k+ | Exception output is not escaped | ||
| #2 | Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | 15 | 32 | 163 | 500k+ | Direct Query | ||
| #3 | WPtouch – Make your WordPress Website Mobile-Friendly | 17 | 1,466 | 325 | 50k+ | Text Domain Mismatch | ||
| #4 | Property Hive | 18 | 1,957 | 6,027 | 3k+ | Missing nonce verification | ||
| #5 | Shopping Cart & eCommerce Store | 18 | 5,459 | 17,298 | 4k+ | Non-prefixed global variable | ||
| #6 | WP Import Export Lite | 18 | 738 | 979 | 40k+ | Non-prefixed global variable | ||
| #7 | Realtyna Organic IDX plugin + WPL Real Estate | 19 | 947 | 3,653 | 2k+ | Non-prefixed global variable | ||
| #8 | WP Email Template | 19 | 342 | 350 | 2k+ | Exception output is not escaped | ||
| #9 | Link Library | 20 | 1,941 | 1,397 | 10k+ | Unsafe printing function | ||
| #10 | Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score | 20 | 147 | 231 | 3k+ | Exception output is not escaped | ||
| #11 | WPJAM Basic | 20 | 328 | 356 | 4k+ | Output is not escaped | ||
| #12 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | Output is not escaped | ||
| #13 | eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams | 21 | 186 | 437 | 9k+ | Non-prefixed global variable | ||
| #14 | EventPrime – Events Calendar, Bookings and Tickets | 21 | 872 | 4,297 | 7k+ | Non-prefixed global variable | ||
| #15 | Campaign Monitor for WordPress | 21 | 386 | 461 | 2k+ | Non-prefixed global variable | ||
| #16 | JCH Optimize | 21 | 953 | 133 | 4k+ | Output is not escaped | ||
| #17 | Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages | 21 | 1,173 | 2,983 | 9k+ | Non-prefixed global variable | ||
| #18 | Razorpay Quick Payments | 21 | 399 | 63 | 3k+ | Exception output is not escaped | ||
| #19 | Seamless Donations is Sunset | 21 | 600 | 514 | 2k+ | Text Domain Mismatch | ||
| #20 | Pay For Post with WooCommerce | 21 | 960 | 1,474 | 1k+ | Non-prefixed global variable | ||
| #21 | WP Compress – Instant Performance & Speed Optimization | 21 | 3,349 | 3,218 | 10k+ | Non Singular String Literal Domain | ||
| #22 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | Missing Arg Domain | ||
| #23 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 22 | 3,654 | 5,061 | 8k+ | Non-prefixed global variable | ||
| #24 | Directorist: AI-Powered Business Directory, Listings & Classified Ads | 22 | 443 | 2,129 | 20k+ | Non-prefixed global variable | ||
| #25 | Dynamic QR Code – generator | 22 | 238 | 208 | 6k+ | Missing direct file access protection | ||
| #26 | Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar | 22 | 1,321 | 1,371 | 3k+ | Non-prefixed global variable | ||
| #27 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception output is not escaped | ||
| #28 | oik | 22 | 489 | 180 | 2k+ | Non Singular String Literal Domain | ||
| #29 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | Non Singular String Literal Domain | ||
| #30 | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | 22 | 1,044 | 799 | 300k+ | Non-prefixed global variable | ||
| #31 | NextScripts: Social Networks Auto-Poster | 22 | 2,408 | 1,133 | 30k+ | Output is not escaped | ||
| #32 | CoDesigner – All in One Elementor WooCommerce Builder | 22 | 4,131 | 774 | 5k+ | Text Domain Mismatch | ||
| #33 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | Exception output is not escaped | ||
| #34 | BlossomThemes Email Newsletter | 23 | 337 | 239 | 20k+ | Output is not escaped | ||
| #35 | CWW Companion | 23 | 307 | 223 | 1k+ | Output is not escaped | ||
| #36 | DK PDF – WordPress PDF Generator | 23 | 744 | 335 | 3k+ | Exception output is not escaped | ||
| #37 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | Output is not escaped | ||
| #38 | IP Geo Block | 23 | 399 | 589 | 9k+ | Output is not escaped | ||
| #39 | Jetpack – WP Security, Backup, Speed, & Growth | 23 | 2,821 | 1,303 | 3m+ | Text Domain Mismatch | ||
| #40 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | Request data is not unslashed | ||
| #41 | Master Slider – Responsive Touch Slider | 23 | 800 | 408 | 60k+ | Output is not escaped | ||
| #42 | MStore API – Create Native Android & iOS Apps On The Cloud | 23 | 618 | 764 | 3k+ | SQL query is not prepared | ||
| #43 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | Non-prefixed global variable | ||
| #44 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | Exception output is not escaped | ||
| #45 | Ninja Forms – The Contact Form Builder That Grows With You | 23 | 754 | 1,525 | 600k+ | Nonce verification recommended | ||
| #46 | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | 23 | 315 | 631 | 100k+ | Output is not escaped | ||
| #47 | Postie | 23 | 407 | 261 | 10k+ | Output is not escaped | ||
| #48 | Pricing Table by Supsystic | 23 | 1,299 | 447 | 10k+ | Non Singular String Literal Domain | ||
| #49 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,696 | 1,590 | 40k+ | Non-prefixed global variable | ||
| #50 | teachPress | 23 | 744 | 1,587 | 2k+ | SQL query is not prepared |
