WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting
prevent path disclosure error reporting
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #151 | Yoast SEO – Advanced SEO with real-time guidance and built-in AI | 24 | 159 | 386 | 10m+ | Non-prefixed global variable | ||
| #152 | WPeMatico RSS Feed Fetcher | 24 | 1,378 | 587 | 10k+ | Output is not escaped | ||
| #153 | WPIDE – File Manager & Code Editor | 24 | 610 | 1,386 | 40k+ | Non-prefixed global variable | ||
| #154 | BuddyPress Docs | 25 | 284 | 421 | 7k+ | Nonce verification recommended | ||
| #155 | CheckView – Form & Checkout Testing | 25 | 66 | 337 | 1k+ | Direct Query | ||
| #156 | DecaLog | 25 | 943 | 236 | 1k+ | Exception output is not escaped | ||
| #157 | Demo Importer Plus | 25 | 58 | 239 | 10k+ | Non-prefixed hook name | ||
| #158 | Docket Cache – Object Cache Accelerator | 25 | 333 | 481 | 20k+ | Output is not escaped | ||
| #159 | Events Made Easy | 25 | 507 | 6,299 | 1k+ | Non-prefixed function | ||
| #160 | Site Kit by Google – Analytics, Search Console, AdSense, Speed | 25 | 1,304 | 242 | 5m+ | Missing direct file access protection | ||
| #161 | Hardcore Google Fonts Localizer | 25 | 331 | 261 | 800 | Text Domain Mismatch | ||
| #162 | Index WP MySQL For Speed | 25 | 250 | 255 | 50k+ | Output is not escaped | ||
| #163 | Knit Pay – Cashfree, Instamojo, Razorpay, PayPal and more | 25 | 4,019 | 1,265 | 2k+ | Text Domain Mismatch | ||
| #164 | MaxButtons – Create buttons | 25 | 626 | 404 | 70k+ | Output is not escaped | ||
| #165 | Media Cloud Sync | 25 | 1,095 | 274 | 1k+ | Exception output is not escaped | ||
| #166 | Nexter Extension – Security, Performance, Code Snippets & Site Toolkit | 25 | 198 | 710 | 10k+ | Nonce verification recommended | ||
| #167 | PDF Importer for WPForms | 25 | 332 | 329 | 400 | Non-prefixed global variable | ||
| #168 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | Non-prefixed global variable | ||
| #169 | Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls | 25 | 488 | 1,412 | 7k+ | Non-prefixed global variable | ||
| #170 | Quttera ThreatSign – Web Malware Scanner for WordPress | 25 | 334 | 471 | 10k+ | Non-prefixed global variable | ||
| #171 | Secure Copy Content Protection and Content Locking | 25 | 958 | 799 | 20k+ | Output is not escaped | ||
| #172 | Spice Blocks | 25 | 536 | 1,300 | 1k+ | Non-prefixed global variable | ||
| #173 | Tamara Checkout | 25 | 601 | 228 | 2k+ | Exception output is not escaped | ||
| #174 | Ultimate Post Kit Addons for Elementor | 25 | 182 | 412 | 30k+ | Missing nonce verification | ||
| #175 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | Unsafe printing function | ||
| #176 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | Output is not escaped | ||
| #177 | Vayu Blocks – Website Builder for the Gutenberg Block Editor | 25 | 174 | 233 | 1k+ | Text Domain Mismatch | ||
| #178 | Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | 25 | 205 | 959 | 500 | Request data is not unslashed | ||
| #179 | VikAppointments Services Booking Calendar | 25 | 9,753 | 5,207 | 500 | Output is not escaped | ||
| #180 | VikBooking Hotel Booking Engine & PMS | 25 | 13,244 | 8,314 | 8k+ | Output is not escaped | ||
| #181 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | Non-prefixed global variable | ||
| #182 | VikRestaurants Table Reservations and Take-Away | 25 | 11,644 | 4,932 | 600 | Output is not escaped | ||
| #183 | weForms – Easy Drag & Drop Contact Form Builder For WordPress | 25 | 916 | 450 | 10k+ | Output is not escaped | ||
| #184 | PDF Builder for WooCommerce. Create invoices,packing slips and more | 25 | 372 | 503 | 2k+ | Non-prefixed global variable | ||
| #185 | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | 25 | 1,431 | 1,270 | 10k+ | Output is not escaped | ||
| #186 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | Non-prefixed namespace | ||
| #187 | YeeMail — Email Template Builder & Customizer | 25 | 606 | 222 | 600 | wp function not compatible with requires wp | ||
| #188 | AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) | 26 | 286 | 291 | 8k+ | Text Domain Mismatch | ||
| #189 | Blog Floating Button | 26 | 705 | 240 | 9k+ | Output is not escaped | ||
| #190 | FG PrestaShop to WooCommerce | 26 | 254 | 94 | 900 | Unsafe printing function | ||
| #191 | Translate WordPress – Google Language Translator | 26 | 200 | 317 | 100k+ | Non-prefixed global variable | ||
| #192 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | Text Domain Mismatch | ||
| #193 | WP Flashy Marketing Automation | 26 | 432 | 186 | 2k+ | Text Domain Mismatch | ||
| #194 | BackUpWordPress | 27 | 245 | 271 | 90k+ | Non-prefixed global variable | ||
| #195 | Contact Form Generator : Creative form builder for WordPress | 27 | 1,076 | 1,510 | 800 | Output is not escaped | ||
| #196 | Duplicate Post | 27 | 447 | 274 | 300k+ | Unsafe printing function | ||
| #197 | Custom Scrollbar | 27 | 184 | 191 | 2k+ | Output is not escaped | ||
| #198 | Stream Video Player | 27 | 220 | 135 | 600 | Output is not escaped | ||
| #199 | WP Events Manager | 27 | 294 | 415 | 30k+ | Output is not escaped | ||
| #200 | WP Activity Log | 27 | 96 | 230 | 300k+ | Nonce verification recommended |