WordPress.PHP.DevelopmentFunctions.prevent_path_disclosure_error_reporting
prevent path disclosure error reporting
Development or debugging behavior appears in code that may run in production.
Why It Shows Up
The scan found logging, debugging, path disclosure, `phpinfo()`, error-reporting changes, or similar development-oriented functions.
Why It Matters
Debug output can leak paths, configuration, request data, stack details, or sensitive runtime information.
How to Fix
- Remove temporary debugging calls before release.
- If logging is required, guard it with `WP_DEBUG` or a plugin setting intended for administrators.
- Never show debug details to unauthenticated visitors or normal front-end users.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #301 | Payment Gateway for Cpay with WooCommerce | 67 | 67 | 26 | 400 | wp function not compatible with requires wp | ||
| #302 | wp-Typography | 67 | 91 | 33 | 20k+ | Missing direct file access protection | ||
| #303 | News Magazine X Core | 68 | 63 | 30 | 5k+ | Missing Translators Comment | ||
| #304 | Gravity Forms Multi Currency | 74 | 6 | 12 | 400 | Output is not escaped | ||
| #305 | Appointment Bookings for Zoom GoogleMeet and more – Wappointment | 81 | 22 | 52 | 1k+ | Non-prefixed class | ||
| #306 | Real Thumbnail Generator: Efficient regeneration of thumbnails in all sizes | 85 | 5 | 58 | 1k+ | Non-prefixed constant | ||
| #307 | Loop Post Navigation Links | 91 | 7 | 5 | 600 | Missing Arg Domain | ||
| #308 | Single Category Permalink | 93 | 5 | 12 | 400 | Non-prefixed global variable | ||
| #309 | Easy Theme and Plugin Upgrades | 94 | 29 | 20 | 70k+ | Discouraged PHP function |