| #201 | AI Content Writing Assistant | 26 | 1,069 | 516 | 700 | | | Text Domain Mismatch |
| #202 | Translate WordPress with ConveyThis – AI Multilingual Plugin | 26 | 159 | 297 | 1k+ | | | Non-prefixed global variable |
| #203 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | | | Unsafe printing function |
| #204 | FG Drupal to WordPress | 26 | 275 | 100 | 700 | | | Unsafe printing function |
| #205 | FG PrestaShop to WooCommerce | 26 | 254 | 94 | 900 | | | Unsafe printing function |
| #206 | Klarna for WooCommerce | 26 | 284 | 507 | 30k+ | | | Dynamic hook name |
| #207 | MakeStories (for Google Web Stories) | 26 | 117 | 416 | 600 | | | Nonce verification recommended |
| #208 | Organic Builder Widgets – Simple WordPress Page Builder | 26 | 1,034 | 125 | 4k+ | | | Output is not escaped |
| #209 | Barion Payment Gateway for WooCommerce | 26 | 71 | 221 | 6k+ | | | Non-prefixed global variable |
| #210 | Crowdsignal Dashboard – Polls, Surveys & more | 26 | 486 | 489 | 200k+ | | | Unsafe printing function |
| #211 | Parcel Pro | 26 | 171 | 220 | 600 | | | Output is not escaped |
| #212 | WP Flashy Marketing Automation | 26 | 432 | 186 | 2k+ | | | Text Domain Mismatch |
| #213 | EZ SQL Reports Shortcode Widget and DB Backup | 27 | 165 | 158 | 500 | | | Output is not escaped |
| #214 | CM Tooltip Glossary | 27 | 611 | 188 | 8k+ | | | Output is not escaped |
| #215 | FG Joomla to WordPress | 27 | 278 | 101 | 7k+ | | | Unsafe printing function |
| #216 | ImageRecycle pdf & image compression | 27 | 329 | 204 | 1k+ | | | Text Domain Mismatch |
| #217 | Ray Enterprise Translation | 27 | 87 | 606 | 8k+ | | | Non-prefixed global variable |
| #218 | Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder | 27 | 76 | 459 | 3k+ | | | Non-prefixed namespace |
| #219 | Packlink PRO for WooCommerce | 27 | 130 | 154 | 20k+ | | | Non-prefixed global variable |
| #220 | Quick Paypal Payments | 27 | 101 | 303 | 1k+ | | | Non-prefixed function |
| #221 | Simple Download Monitor | 27 | 218 | 273 | 20k+ | | | Output is not escaped |
| #222 | VikWidgetsLoader – Collection of Widgets | 27 | 1,201 | 523 | 1k+ | | | Output is not escaped |
| #223 | Email Marketing Plugin – WP Email Capture | 27 | 383 | 262 | 1k+ | | | Output is not escaped |
| #224 | WP Events Manager | 27 | 294 | 415 | 30k+ | | | Output is not escaped |
| #225 | WP Hide & Security Enhancer | 27 | 124 | 375 | 50k+ | | | Input is not sanitized |
| #226 | WP Chat App | 27 | 120 | 274 | 100k+ | | | Alternative PHP tag found |
| #227 | Void Contact Form 7 Widget For Elementor Page Builder | 28 | 279 | 66 | 10k+ | | | Text Domain Mismatch |
| #228 | Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress | 28 | 465 | 338 | 30k+ | | | Text Domain Mismatch |
| #229 | Maspik – Ultimate Spam Protection | 28 | 212 | 862 | 30k+ | | | Missing nonce verification |
| #230 | Darklup – Enhanced WordPress Dark Mode, Dark Theme, Night Mode & Accessibility Plugin | 28 | 639 | 85 | 1k+ | | | Text Domain Mismatch |
| #231 | Deposits & Partial Payments for WooCommerce – Bayna | 28 | 593 | 336 | 1k+ | | | Output is not escaped |
| #232 | Discount Rules and Dynamic Pricing for WooCommerce | 28 | 182 | 334 | 10k+ | | | Output is not escaped |
| #233 | GTmetrix for WordPress | 28 | 109 | 70 | 8k+ | | | Output is not escaped |
| #234 | Notification for Telegram | 28 | 189 | 93 | 4k+ | | | Output is not escaped |
| #235 | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery | 28 | 143 | 258 | 5k+ | | | Post Not In exclude |
| #236 | PushAlert – Web Push Notifications for WordPress and WooCommerce | 28 | 196 | 63 | 1k+ | | | curl curl setopt |
| #237 | Query Wrangler | 28 | 628 | 229 | 700 | | | Output is not escaped |
| #238 | Temporary Login Without Password | 28 | 128 | 131 | 100k+ | | | wp function not compatible with requires wp |
| #239 | Product Gallery Slider, Additional Variation Images for WooCommerce | 28 | 552 | 316 | 20k+ | | | Output is not escaped |
| #240 | WhyDonate – FREE Donate button – Crowdfunding – Fundraising | 28 | 216 | 328 | 800 | | | Non-prefixed global variable |
| #241 | WPO365 | SEAMLESS WORDPRESS + MICROSOFT INTEGRATION (WPO365 | LOGIN) | 28 | 209 | 217 | 10k+ | | | Exception output is not escaped |
| #242 | WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买 | 28 | 57 | 138 | 500 | | | Request data is not unslashed |
| #243 | CloudSecure WP Security | 29 | 74 | 350 | 100k+ | | | Request data is not unslashed |
| #244 | WPCS – WordPress Currency Switcher Professional | 29 | 84 | 358 | 1k+ | | | Non-prefixed global variable |
| #245 | DB Cache Reloaded Fix | 29 | 133 | 42 | 2k+ | | | Output is not escaped |
| #246 | DoLogin Security | 29 | 312 | 305 | 7k+ | | | Output is not escaped |
| #247 | Recipe Card Blocks Lite | 29 | 151 | 408 | 10k+ | | | Non-prefixed global variable |
| #248 | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | 29 | 148 | 246 | 5k+ | | | Unsafe printing function |
| #249 | Tilda-publishing | 29 | 219 | 78 | 700 | | | Output is not escaped |
| #250 | Global Payments SecureSubmit Gateway | 29 | 199 | 443 | 600 | | | Non-prefixed class |
