WordPress.PHP.DevelopmentFunctions.error_log_var_dump
error log var dump
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #251 | Slash Admin | 39 | 116 | 38 | 500 | Output is not escaped | ||
| #252 | WP Gmail SMTP | 39 | 99 | 50 | 1k+ | Text Domain Mismatch | ||
| #253 | WP SendGrid SMTP | 39 | 99 | 50 | 1k+ | Text Domain Mismatch | ||
| #254 | YITH Custom Login | 39 | 86 | 33 | 6k+ | Output is not escaped | ||
| #255 | Zotpress | 39 | 80 | 403 | 2k+ | Non-prefixed global variable | ||
| #256 | Add Pinterest conversion tags for Pinterest Ads + Site verification | 40 | 88 | 26 | 1k+ | Output is not escaped | ||
| #257 | Client Portal : SuiteDash Direct Login | 40 | 93 | 17 | 1k+ | Text Domain Mismatch | ||
| #258 | Enhanced Custom Permalinks | 40 | 51 | 82 | 1k+ | Nonce verification recommended | ||
| #259 | Random Post Plugin – Redirect URL to Post | 40 | 28 | 74 | 4k+ | Nonce verification recommended | ||
| #260 | Webo-facto | 40 | 10 | 90 | 800 | Input is not sanitized | ||
| #261 | WP Compress for MainWP | 40 | 20 | 36 | 700 | Output is not escaped | ||
| #262 | Auto Focus Keyword for SEO | 41 | 12 | 38 | 2k+ | Input is not validated | ||
| #263 | Bulk Auto Image Title Attribute (Image Title tag) optimizer (Image SEO) | 41 | 16 | 37 | 1k+ | Missing nonce verification | ||
| #264 | Speed Contact Bar | 42 | 53 | 20 | 5k+ | Output is not escaped | ||
| #265 | WP Fingerprint | 42 | 34 | 47 | 9k+ | Direct Query | ||
| #266 | Opal Woo Custom Product Variation | 43 | 1 | 116 | 400 | Non-prefixed global variable | ||
| #267 | Pods Gravity Forms Add-On | 43 | 79 | 1k+ | Missing nonce verification | |||
| #268 | Reoon Email Verifier | 43 | 22 | 38 | 600 | Missing nonce verification | ||
| #269 | SQL Chart Builder | 43 | 12 | 39 | 600 | Non-prefixed global variable | ||
| #270 | Evergreen Countdown Timer | 45 | 193 | 35 | 2k+ | wp function not compatible with requires wp | ||
| #271 | Add Polylang support for Customizer | 48 | 18 | 20 | 2k+ | Nonce verification recommended | ||
| #272 | Add LinkedIn Insight Tag for LinkedIn Ads | 48 | 130 | 23 | 5k+ | Non Singular String Literal Domain | ||
| #273 | Taxonomy Images | 49 | 38 | 50 | 9k+ | Output is not escaped | ||
| #274 | Video Background | 49 | 35 | 26 | 9k+ | Unsafe printing function | ||
| #275 | WP Swiper | 49 | 67 | 28 | 5k+ | Text Domain Mismatch | ||
| #276 | Custom Block Builder – Lazy Blocks | 50 | 23 | 51 | 20k+ | Non-prefixed hook name | ||
| #277 | Fullscreen Galleria | 52 | 37 | 10 | 800 | Output is not escaped | ||
| #278 | FakerPress | 53 | 66 | 152 | 10k+ | Non-prefixed global variable | ||
| #279 | EMI Calculator | 54 | 28 | 12 | 700 | Output is not escaped | ||
| #280 | SMTP by BestWebSoft | 56 | 486 | 175 | 1k+ | Text Domain Mismatch | ||
| #281 | Team Showcase | 61 | 1 | 125 | 1k+ | slow db query meta key | ||
| #282 | RSS Feed Retriever | 61 | 23 | 8 | 7k+ | wp function not compatible with requires wp | ||
| #283 | Admin filter posts by year | 64 | 8 | 32 | 400 | Non-prefixed function | ||
| #284 | Werk aan de Muur | 64 | 48 | 20 | 900 | Non Singular String Literal Domain | ||
| #285 | Add to Cart Text Changer and Customize Button, Add Custom Icon | 65 | 87 | 18 | 2k+ | Text Domain Mismatch | ||
| #286 | Meks Audio Player | 67 | 25 | 7 | 1k+ | Output is not escaped | ||
| #287 | Safelayout Elegant Icons – WordPress icons | 67 | 3 | 17 | 700 | Input is not validated | ||
| #288 | WP 4 Me Title Remover | 71 | 17 | 13 | 1k+ | Missing direct file access protection | ||
| #289 | Safelayout Cute Preloader – CSS3 WordPress Preloader | 84 | 3 | 14 | 10k+ | Input is not validated | ||
| #290 | FontFlow Custom Icons for Elementor | 85 | 29 | 15 | 700 | Text Domain Mismatch | ||
| #291 | Heroic Glossary – Block for building Glossaries, Dictionaries and more | 86 | 8 | 7 | 3k+ | Text Domain Mismatch | ||
| #292 | Htaccess File Editor – Easily Edit, Backup, Restore .htaccess file | 95 | 11 | 15 | 10k+ | Non-prefixed global variable | ||
| #293 | ProveSource Social Proof | 96 | 26 | 7 | 2k+ | wp function not compatible with requires wp |