| #1051 | Backup, Restore and Migrate your sites with XCloner | 25 | 238 | 864 | 10k+ | | | Input is not sanitized |
| #1052 | YeeMail — Email Template Builder & Customizer | 25 | 606 | 222 | 600 | | | wp function not compatible with requires wp |
| #1053 | Video Gallery – YouTube Gallery, Playlist & Video Grid | 25 | 275 | 1,070 | 2k+ | | | Non-prefixed hook name |
| #1054 | YT Player – Embed and Customize Video Players | 25 | 3,163 | 261 | 1k+ | | | Output is not escaped |
| #1055 | ActiveCampaign for WooCommerce | 26 | 541 | 190 | 6k+ | | | Exception output is not escaped |
| #1056 | AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) | 26 | 286 | 291 | 8k+ | | | Text Domain Mismatch |
| #1057 | AI Content Writing Assistant | 26 | 1,069 | 516 | 700 | | | Text Domain Mismatch |
| #1058 | Attesa Extra | 26 | 316 | 151 | 1k+ | | | Output is not escaped |
| #1059 | Bangladeshi Payments Mobile – QR Code & Transaction Reports | 26 | 535 | 1,280 | 1k+ | | | Non-prefixed global variable |
| #1060 | Blog Floating Button | 26 | 705 | 240 | 9k+ | | | Output is not escaped |
| #1061 | Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar | 26 | 526 | 263 | 5k+ | | | Output is not escaped |
| #1062 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #1063 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | 26 | 113 | 671 | 400k+ | | | Non-prefixed global variable |
| #1064 | Conditional Logic for Woo Product Add-ons | 26 | 575 | 1,352 | 500 | | | Non-prefixed global variable |
| #1065 | Database for Contact Form 7, WPforms, Elementor forms | 26 | 317 | 489 | 60k+ | | | Non-prefixed global variable |
| #1066 | CP Multi View Events Calendar | 26 | 86 | 439 | 1k+ | | | Non-prefixed global variable |
| #1067 | WP Frontend Admin – Display WP Admin Pages in the Frontend | 26 | 347 | 337 | 500 | | | Non Singular String Literal Domain |
| #1068 | Ditty – Responsive News Tickers, Sliders, and Lists | 26 | 561 | 484 | 30k+ | | | Output is not escaped |
| #1069 | Easy Appointments | 26 | 135 | 569 | 10k+ | | | Alternative PHP tag found |
| #1070 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | | | Unsafe printing function |
| #1071 | Easy Post Views Count | 26 | 534 | 1,180 | 2k+ | | | Non-prefixed global variable |
| #1072 | ELEX WooCommerce Google Shopping (Google Product Feed) | 26 | 226 | 242 | 1k+ | | | Text Domain Mismatch |
| #1073 | Event Monster – Event Manager, Ticket Booking & Registration | 26 | 781 | 781 | 700 | | | Non-prefixed global variable |
| #1074 | Extra Product Options for WooCommerce | 26 | 549 | 1,321 | 600 | | | Non-prefixed global variable |
| #1075 | ezCache | 26 | 127 | 269 | 10k+ | | | Direct Query |
| #1076 | RSS Redirect & Feedburner Alternative | 26 | 277 | 272 | 1k+ | | | Output is not escaped |
| #1077 | FG Drupal to WordPress | 26 | 275 | 100 | 700 | | | Unsafe printing function |
| #1078 | FG PrestaShop to WooCommerce | 26 | 254 | 94 | 900 | | | Unsafe printing function |
| #1079 | FlagShip WooCommerce Shipping | 26 | 495 | 188 | 400 | | | Non Singular String Literal Domain |
| #1080 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | 26 | 113 | 597 | 90k+ | | | Non-prefixed global variable |
| #1081 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | 26 | 591 | 416 | 2k+ | | | Exception output is not escaped |
| #1082 | FV Antispam | 26 | 332 | 239 | 900 | | | Output is not escaped |
| #1083 | GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites | 26 | 284 | 216 | 500 | | | badly named files |
| #1084 | Hide Admin Bar Based on User Roles | 26 | 549 | 1,345 | 20k+ | | | Non-prefixed global variable |
| #1085 | Image SEO – AI-Driven Image SEO Optimizer | 26 | 350 | 327 | 1k+ | | | Text Domain Mismatch |
| #1086 | Integrate Razorpay for Contact Form 7 | 26 | 152 | 97 | 500 | | | curl curl setopt |
| #1087 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | | | Text Domain Mismatch |
| #1088 | Landing Page Cat – Coming Soon & Maintenance Pages | 26 | 91 | 180 | 700 | | | Non-prefixed class |
| #1089 | Loco Translate | 26 | 454 | 242 | 1m+ | | | Output is not escaped |
| #1090 | Media File Renamer: Rename for better SEO (AI-Powered) | 26 | 148 | 170 | 40k+ | | | Direct Query |
| #1091 | Hotel Booking | 26 | 690 | 940 | 4k+ | | | Unsafe printing function |
| #1092 | Online Contact Widget-多合一在线客服插件 | 26 | 708 | 80 | 800 | | | Non Singular String Literal Domain |
| #1093 | Open User Map – Interactive Leaflet Maps | 26 | 893 | 986 | 10k+ | | | Non-prefixed global variable |
| #1094 | Organic Builder Widgets – Simple WordPress Page Builder | 26 | 1,034 | 125 | 4k+ | | | Output is not escaped |
| #1095 | Paytium: Mollie payment forms & donations | 26 | 506 | 551 | 3k+ | | | Unsafe printing function |
| #1096 | PDF for WPForms + Drag and Drop Template Builder | 26 | 674 | 113 | 1k+ | | | wp function not compatible with requires wp |
| #1097 | LoginWP (Formerly Peter's Login Redirect) | 26 | 401 | 278 | 90k+ | | | Output is not escaped |
| #1098 | Polylang | 26 | 36 | 564 | 800k+ | | | Non-prefixed hook name |
| #1099 | Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress | 26 | 525 | 240 | 600 | | | Text Domain Mismatch |
| #1100 | Post List Designer – Category Post, Recent Post, Post List | 26 | 542 | 1,320 | 1k+ | | | Non-prefixed global variable |
