WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting

prevent path disclosure error reporting

Development or debugging behavior appears in code that may run in production.

medium weight

Why It Shows Up

The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.

Why It Matters

Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.

How to Fix

  • Remove temporary debugging calls before release.
  • If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
  • Never show debug details to unauthenticated visitors or normal front-end users.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#151Yoast SEO – Advanced SEO with real-time guidance and built-in AI2415938610m+Non-prefixed global variable
#152WPeMatico RSS Feed Fetcher241,37858710k+Output is not escaped
#153WPIDE – File Manager & Code Editor246101,38640k+Non-prefixed global variable
#154BuddyPress Docs252844217k+Nonce verification recommended
#155CheckView – Form & Checkout Testing25663371k+Direct Query
#156DecaLog259432361k+Exception output is not escaped
#157Demo Importer Plus255823910k+Non-prefixed hook name
#158Docket Cache – Object Cache Accelerator2533348120k+Output is not escaped
#159Events Made Easy255076,2991k+Non-prefixed function
#160Site Kit by Google – Analytics, Search Console, AdSense, Speed251,3042425m+Missing direct file access protection
#161Hardcore Google Fonts Localizer25331261800Text Domain Mismatch
#162Index WP MySQL For Speed2525025550k+Output is not escaped
#163Knit Pay – Cashfree, Instamojo, Razorpay, PayPal and more254,0191,2652k+Text Domain Mismatch
#164MaxButtons – Create buttons2562640470k+Output is not escaped
#165Media Cloud Sync251,0952741k+Exception output is not escaped
#166Nexter Extension – Security, Performance, Code Snippets & Site Toolkit2519871010k+Nonce verification recommended
#167PDF Importer for WPForms25332329400Non-prefixed global variable
#168PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin251,0841,2969k+Non-prefixed global variable
#169Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls254881,4127k+Non-prefixed global variable
#170Quttera ThreatSign – Web Malware Scanner for WordPress2533447110k+Non-prefixed global variable
#171Secure Copy Content Protection and Content Locking2595879920k+Output is not escaped
#172Spice Blocks255361,3001k+Non-prefixed global variable
#173Tamara Checkout256012282k+Exception output is not escaped
#174Ultimate Post Kit Addons for Elementor2518241230k+Missing nonce verification
#175Social Media Share Buttons & Social Sharing Icons252,4331,383100k+Unsafe printing function
#176Social Share Icons & Social Share Buttons252,3651,35710k+Output is not escaped
#177Vayu Blocks – Website Builder for the Gutenberg Block Editor251742331k+Text Domain Mismatch
#178Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP25205959500Request data is not unslashed
#179VikAppointments Services Booking Calendar259,7535,207500Output is not escaped
#180VikBooking Hotel Booking Engine & PMS2513,2448,3148k+Output is not escaped
#181VikRentCar Car Rental Management System255,5375,0484k+Non-prefixed global variable
#182VikRestaurants Table Reservations and Take-Away2511,6444,932600Output is not escaped
#183weForms – Easy Drag & Drop Contact Form Builder For WordPress2591645010k+Output is not escaped
#184PDF Builder for WooCommerce. Create invoices,packing slips and more253725032k+Non-prefixed global variable
#185WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards251,4311,27010k+Output is not escaped
#186WPvivid — Backup, Migration & Staging258991,461900k+Non-prefixed namespace
#187YeeMail — Email Template Builder & Customizer25606222600wp function not compatible with requires wp
#188AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available)262862918k+Text Domain Mismatch
#189Blog Floating Button267052409k+Output is not escaped
#190FG PrestaShop to WooCommerce2625494900Unsafe printing function
#191Translate WordPress – Google Language Translator26200317100k+Non-prefixed global variable
#192Kadence Central – Site Management, Backups, Security, and Reporting2646221330k+Text Domain Mismatch
#193WP Flashy Marketing Automation264321862k+Text Domain Mismatch
#194BackUpWordPress2724527190k+Non-prefixed global variable
#195Contact Form Generator : Creative form builder for WordPress271,0761,510800Output is not escaped
#196Duplicate Post27447274300k+Unsafe printing function
#197Custom Scrollbar271841912k+Output is not escaped
#198Stream Video Player27220135600Output is not escaped
#199WP Events Manager2729441530k+Output is not escaped
#200WP Activity Log2796230300k+Nonce verification recommended