WordPress.PHP.DevelopmentFunctions.error_log_var_dump
error log var dump
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #201 | FluentAuth – The Ultimate Authorization & Security Plugin for WordPress | 34 | 44 | 229 | 10k+ | Nonce verification recommended | ||
| #202 | Mass Ping Tool for SEO – WordPress ping list to get indexed faster on Google, Yandex, … | 34 | 78 | 102 | 500 | Output is not escaped | ||
| #203 | Meow Analytics (Google Analytics) | 34 | 80 | 54 | 500 | Output is not escaped | ||
| #204 | mowomo Social Share | 34 | 202 | 156 | 1k+ | Output is not escaped | ||
| #205 | Optima Express IDX | 34 | 71 | 237 | 10k+ | Non-prefixed class | ||
| #206 | Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers | 34 | 261 | 863 | 30k+ | Non-prefixed global variable | ||
| #207 | Social Integration for BlueSky | 34 | 98 | 147 | 700 | Non-prefixed global variable | ||
| #208 | Software License Manager | 34 | 69 | 289 | 900 | Nonce verification recommended | ||
| #209 | Automatic Internal Links for SEO by Pagup | 35 | 34 | 215 | 1k+ | error log error log | ||
| #210 | Basic Google Maps Placemarks | 35 | 189 | 80 | 3k+ | Output is not escaped | ||
| #211 | CF7 Submissions – Securely Store Contact Form 7 Data and Attachments, Reply to the Sender and more | 35 | 16 | 119 | 2k+ | Non-prefixed global variable | ||
| #212 | Duplica – Duplicate Posts, Pages, Custom Posts or Users | 35 | 14 | 31 | 2k+ | Non-prefixed global variable | ||
| #213 | Help Scout | 35 | 11 | 13 | 400 | Missing direct file access protection | ||
| #214 | Nobs • Share Buttons | 35 | 314 | 85 | 3k+ | Output is not escaped | ||
| #215 | Restaurant Menu – Food Ordering System – Table Reservation | 35 | 317 | 186 | 8k+ | Unsafe printing function | ||
| #216 | NGG Smart Image Search | 35 | 298 | 155 | 400 | Output is not escaped | ||
| #217 | Pie Calendar – Events Calendar Made Simple | 35 | 83 | 53 | 1k+ | Text Domain Mismatch | ||
| #218 | Real Time Validation for Gravity Forms | 35 | 185 | 30 | 2k+ | Output is not escaped | ||
| #219 | Restrict Elementor Widgets, Columns and Sections | 35 | 18 | 53 | 500 | Non-prefixed function | ||
| #220 | Robots.txt rewrite | 35 | 56 | 19 | 1k+ | Output is not escaped | ||
| #221 | The Social Links | 35 | 16 | 29 | 2k+ | Non-prefixed global variable | ||
| #222 | authLdap | 36 | 47 | 30 | 5k+ | Exception output is not escaped | ||
| #223 | Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder | 36 | 3 | 321 | 10k+ | Nonce verification recommended | ||
| #224 | PDF Flipbook, WPBakery Addon – Unreal FlipBook | 36 | 400 | 92 | 1k+ | Non Singular String Literal Domain | ||
| #225 | Quantity Plus Minus Button for WooCommerce | 36 | 83 | 84 | 10k+ | Output is not escaped | ||
| #226 | Disable Payment Methods based on cart conditions for WooCommerce | 36 | 158 | 57 | 1k+ | Non Singular String Literal Domain | ||
| #227 | Hide admin notices – Admin Notification Center | 36 | 114 | 67 | 8k+ | Output is not escaped | ||
| #228 | Adaptive Images for WordPress | 37 | 51 | 75 | 3k+ | Output is not escaped | ||
| #229 | Apaczka: integracja z WooCommerce | 37 | 8 | 316 | 3k+ | Non-prefixed global variable | ||
| #230 | Clearpay Gateway for WooCommerce | 37 | 185 | 63 | 1k+ | Text Domain Mismatch | ||
| #231 | Job Manager & Career – Manage job board listings, and recruitments | 37 | 112 | 205 | 2k+ | Missing nonce verification | ||
| #232 | Meks Video Importer | 37 | 62 | 239 | 2k+ | Input is not sanitized | ||
| #233 | RSS Image Feed | 37 | 147 | 16 | 2k+ | Output is not escaped | ||
| #234 | Afterpay Gateway for WooCommerce | 38 | 183 | 62 | 10k+ | Text Domain Mismatch | ||
| #235 | Cecabank WooCommerce Plugin | 38 | 63 | 32 | 3k+ | Text Domain Mismatch | ||
| #236 | CF7 to Webhook | 38 | 102 | 72 | 30k+ | Unsafe printing function | ||
| #237 | 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery | 38 | 353 | 77 | 80k+ | Non Singular String Literal Domain | ||
| #238 | Auto SEO META keywords (META tags keywords) optimization + WooCommerce | 38 | 63 | 34 | 700 | Output is not escaped | ||
| #239 | MimeTypes Link Icons | 38 | 53 | 34 | 8k+ | Output is not escaped | ||
| #240 | Simple Visitor Counter | 38 | 41 | 27 | 700 | Output is not escaped | ||
| #241 | WP Mail SMTP SendGrid Edition | 38 | 102 | 19 | 500 | Text Domain Mismatch | ||
| #242 | WP Mailgun SMTP | 38 | 99 | 51 | 900 | Text Domain Mismatch | ||
| #243 | Add Tiktok Pixel for Tiktok ads (+Woocommerce) | 39 | 94 | 25 | 2k+ | Output is not escaped | ||
| #244 | Culqi | 39 | 571 | 88 | 1k+ | Text Domain Mismatch | ||
| #245 | Custom Metadata Manager | 39 | 81 | 20 | 700 | Output is not escaped | ||
| #246 | Prisna GWT – Google Website Translator | 39 | 117 | 77 | 8k+ | Text Domain Mismatch | ||
| #247 | S2W – Import Shopify to WooCommerce | 39 | 8 | 132 | 3k+ | Request data is not unslashed | ||
| #248 | Insert Amz Images | 39 | 79 | 44 | 1k+ | Output is not escaped | ||
| #249 | Meks Easy Photo Feed Widget | 39 | 77 | 27 | 10k+ | Output is not escaped | ||
| #250 | Shipping Simulator for WooCommerce | 39 | 120 | 39 | 5k+ | Text Domain Mismatch |
