| #1 | AffiliateWP – Sign Up Bonus | 74 | 46 | 13 | 400 | | | Text Domain Mismatch |
| #2 | AffiliateWP – Store Credit | 48 | 47 | 21 | 400 | | | Output is not escaped |
| #3 | Simple Post Expiration | 49 | 47 | 10 | 400 | | | Text Domain Mismatch |
| #4 | Force Plugin Updates Check | 92 | 5 | 5 | 500 | | | trademarked term |
| #5 | All in One SEO Pack Importer | 56 | 17 | 25 | 500 | | | Direct Query |
| #6 | Beacon Lead Magnets and Lead Capture | 75 | 8 | 25 | 500 | | | Nonce verification recommended |
| #7 | Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More | 23 | 142 | 681 | 100k+ | | | Non-prefixed global variable |
| #8 | AffiliateWP – Force Pending Referrals | 79 | 35 | 12 | 500 | | | Text Domain Mismatch |
| #9 | AffiliateWP – Allow Own Referrals | 78 | 37 | 10 | 600 | | | Text Domain Mismatch |
| #10 | AffiliateWP Checkout Referrals | 47 | 48 | 26 | 600 | | | Output is not escaped |
| #11 | WPForms – AI Form Builder for WordPress – Contact Forms, Payment Forms, Survey Form, Quiz & More | 32 | 165 | 273 | 5m+ | | | Non-prefixed global variable |
| #12 | ActiveLayer Anti-Spam: Spam Protection for Forms & Comments | 96 | | 2 | 2k+ | | | Database parameter is not escaped |
| #13 | WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin | 30 | 32 | 346 | 4m+ | | | Non-prefixed hook name |
| #14 | BP Auto Group Join | 42 | 55 | 55 | 700 | | | Output is not escaped |
| #15 | AffiliateWP – External Referral Links | 77 | 30 | 11 | 800 | | | Text Domain Mismatch |
| #16 | BuddyPress Edit Activity | 41 | 28 | 26 | 800 | | | Output is not escaped |
| #17 | EDD Auto Register | 89 | 13 | 7 | 900 | | | Missing Translators Comment |
| #18 | Batch Comment Spam Deletion | 46 | 22 | 15 | 1k+ | | | Nonce verification recommended |
| #19 | AffiliateWP – Allowed Products | 73 | 47 | 19 | 1k+ | | | Text Domain Mismatch |
| #20 | AffiliateWP – WooCommerce Redirect Affiliates | 79 | 27 | 7 | 1k+ | | | Text Domain Mismatch |
| #21 | Airi Demo Importer | 98 | 1 | 7 | 1k+ | | | Deprecated function: get_page_by_title |
| #22 | AffiliateWP – Leaderboard | 49 | 68 | 13 | 1k+ | | | Output is not escaped |
| #23 | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic | 97 | 19 | 4 | 3m+ | | | wp function not compatible with requires wp |
| #24 | aThemes Starter Sites | 30 | 262 | 195 | 40k+ | | | Text Domain Mismatch |
| #25 | WPConsent – Cookie Banner & Cookie Consent for Privacy Compliance (GDPR / CCPA / EU Compliance Cookie Notice) | 99 | | 6 | 100k+ | | | trademarked term |
| #26 | WPChat – Live Chat & Messaging Widget for Customer Support | 89 | 6 | 7 | 2k+ | | | wp function not compatible with requires wp |
| #27 | PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget | 34 | 46 | 298 | 9k+ | | | Missing nonce verification |
| #28 | AffiliateWP – Affiliate Info | 79 | 27 | 7 | 1k+ | | | Text Domain Mismatch |
| #29 | BuddyPress for LearnDash | 32 | 190 | 284 | 1k+ | | | Output is not escaped |
| #30 | AffiliateWP – Affiliate Product Rates | 41 | 84 | 24 | 2k+ | | | Output is not escaped |
| #31 | Compact Archives | 90 | 8 | 14 | 2k+ | | | Non-prefixed function |
| #32 | AffiliateWP – Order Details For Affiliates | 54 | 62 | 27 | 2k+ | | | Output is not escaped |
| #33 | Universally – AI Translation & Multilingual SEO: Translate Your Site into 110+ Languages | 100 | | 1 | 3k+ | | | mismatched plugin name |
| #34 | Affiliate Area Shortcodes by AffiliateWP | 52 | 56 | 16 | 2k+ | | | Text Domain Mismatch |
| #35 | Athemes Toolbox | 40 | 254 | 58 | 3k+ | | | Text Domain Mismatch |
| #36 | AffiliateWP – Affiliate Area Tabs | 39 | 86 | 26 | 3k+ | | | Output is not escaped |
| #37 | Intranet & Private Site – All-In-One Intranet | 82 | 1 | 11 | 4k+ | | | Input is not sanitized |
| #38 | Gallery Carousel Without JetPack | 49 | 56 | 35 | 4k+ | | | Text Domain Mismatch |
| #39 | Disable New User Notification Emails | 97 | 2 | 6 | 4k+ | | | Non-prefixed hook name |
| #40 | Embed Files from Google Drive | 77 | 4 | 35 | 5k+ | | | Nonce verification recommended |
| #41 | SearchWP Modal Search Form | 91 | 9 | 9 | 5k+ | | | trademarked term |
| #42 | aThemes Blocks | 32 | 192 | 1,034 | 6k+ | | | Non-prefixed global variable |
| #43 | aThemes Addons for Elementor | 90 | 13 | 96 | 8k+ | | | Non-prefixed global variable |
| #44 | Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe | 24 | 634 | 652 | 9k+ | | | Exception output is not escaped |
| #45 | Product Labels, Quick View, Buy Now, Pre-Orders, Frequently Bought Together & More for WooCommerce – Merchant | 60 | 11 | 740 | 10k+ | | | Non-prefixed global variable |
| #46 | Login for Google Apps | 27 | 139 | 85 | 10k+ | | | Exception output is not escaped |
| #47 | Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform | 24 | 428 | 956 | 10k+ | | | Output is not escaped |
| #48 | WP101 Video Tutorial Plugin | 86 | 15 | 18 | 10k+ | | | Missing direct file access protection |
| #49 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #50 | FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin | 36 | 104 | 39 | 10k+ | | | Output is not escaped |