PluginScore

WordPress.PHP.DevelopmentFunctions.error_log_var_export

error log var export

Development or debugging behavior appears in code that may run in production.

medium weight

Why It Shows Up

The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.

Why It Matters

Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.

How to Fix

  • Remove temporary debugging calls before release.
  • If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
  • Never show debug details to unauthenticated visitors or normal front-end users.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#1Themify Builder95,1952,0965k+Text Domain Mismatch
#2JetBackup – Backup, Restore & Migrate101,559145100k+Exception output is not escaped
#3Shopping Cart & eCommerce Store185,45917,2984k+Non-prefixed global variable
#4Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution191,218901100k+Exception output is not escaped
#5Matomo Analytics – Powerful, Privacy-First Insights for WordPress191,909878100k+Exception output is not escaped
#6Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization191,2932,6799k+Output is not escaped
#7Membership Plugin – Kadence Memberships195,0822,9829k+Text Domain Mismatch
#8SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments195261,11990k+Non-prefixed global variable
#9Brevo – Email, SMS, Web Push, Chat, and more.20460646100k+Request data is not unslashed
#10Pix por Piggly (para Woocommerce)205471954k+Exception output is not escaped
#11Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score201472313k+Exception output is not escaped
#12Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF20557541100k+Output is not escaped
#13Razorpay for WooCommerce20974855100k+Non-prefixed function
#14WPJAM Basic203283564k+Output is not escaped
#15Pinpoint Booking System – Version 2216343283k+Missing direct file access protection
#16CartFlows – Funnel Builder & Checkout Plugin for WooCommerce21461614200k+Text Domain Mismatch
#17Smart Grid-Layout Design for Contact Form 7211,12673410k+Output is not escaped
#18Free Downloads WooCommerce214303594k+Output is not escaped
#19Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More212,5721,2771m+Output is not escaped
#20MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder211,1333,0112k+Non-prefixed global variable
#21Modular DS: Monitor, update, and backup multiple websites211618140k+Exception output is not escaped
#22OneLogin SAML SSO215083307k+wp function not compatible with requires wp
#23Packeta218023338k+Exception output is not escaped
#24Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages211,1732,9839k+Non-prefixed global variable
#25User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor216961,48350k+Nonce verification recommended
#26Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic2132718110k+Output is not escaped
#27Smart Forms – when you need more than just a contact form217765745k+Output is not escaped
#28Buckaroo Woocommerce Payments Plugin215633262k+Exception output is not escaped
#29Paysera Payment Gateway for WooCommerce211,8661957k+Exception output is not escaped
#30Pay For Post with WooCommerce219601,4741k+Non-prefixed global variable
#31Wordfence Security – Firewall, Malware Scan, and Login Security211,5922,9735m+Output is not escaped
#32WP Compress – Instant Performance & Speed Optimization213,3493,21810k+Non Singular String Literal Domain
#33WP phpMyAdmin214,5286,43550k+Missing Arg Domain
#34wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin211,8141,46170k+Output is not escaped
#35WPScan – WordPress Security Scanner215272658k+Text Domain Mismatch
#36Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots221,6042,01910k+Direct Query
#37Better WordPress Minify224124848k+Non Singular String Literal Domain
#38Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer222,8581,27050k+Text Domain Mismatch
#39RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login223,6545,0618k+Non-prefixed global variable
#40WP Customer Area223,30894110k+Text Domain Mismatch
#41Events Manager – Calendar, Bookings, Tickets, and more!224,7225,62170k+Output is not escaped
#42FireBox Popups – Increase Sales and Grow Your Email List221538127k+Non-prefixed global variable
#43InfiniteWP Client222,2861,812200k+Exception output is not escaped
#44Import WP – Export and Import CSV and XML files to WordPress225803304k+Exception output is not escaped
#45Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider22207323500k+Non-prefixed global variable
#46PagBank / PagSeguro Connect para WooCommerce225047434k+Non-prefixed global variable
#47Smart Popup by Supsystic223,17250310k+Non Singular String Literal Domain
#48Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App221,5812,326300k+Non-prefixed global variable
#49Prime Mover – Migrate WordPress Website & Backups221,3261,60010k+Non-prefixed global variable
#50PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP229844075k+Unsafe printing function