| #601 | Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | 25 | 298 | 1,010 | 500 | | | Request data is not unslashed |
| #602 | Product Customer List for WooCommerce | 25 | 610 | 1,334 | 9k+ | | | Non-prefixed global variable |
| #603 | weForms – Easy Drag & Drop Contact Form Builder For WordPress | 25 | 916 | 450 | 10k+ | | | Output is not escaped |
| #604 | Payment Plugins for Stripe WooCommerce | 25 | 348 | 772 | 100k+ | | | Non-prefixed global variable |
| #605 | Pay with Vipps and MobilePay for WooCommerce | 25 | 846 | 514 | 5k+ | | | Output is not escaped |
| #606 | Wordfence Login Security | 25 | 248 | 418 | 70k+ | | | Output is not escaped |
| #607 | WP Airbnb Review Slider | 25 | 325 | 646 | 1k+ | | | Non-prefixed global variable |
| #608 | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | 25 | 1,431 | 1,270 | 10k+ | | | Output is not escaped |
| #609 | WP-DownloadManager | 25 | 607 | 508 | 3k+ | | | Unsafe printing function |
| #610 | WP Review Slider | 25 | 1,186 | 2,279 | 6k+ | | | Non-prefixed global variable |
| #611 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | | | Unsafe printing function |
| #612 | WP Google Review Slider | 25 | 1,367 | 2,582 | 30k+ | | | Non-prefixed global variable |
| #613 | WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan | 25 | 727 | 1,554 | 50k+ | | | Non-prefixed global variable |
| #614 | Nested Pages | 25 | 674 | 560 | 90k+ | | | Non-prefixed global variable |
| #615 | WP Photo Album Plus | 25 | 3 | 1,799 | 10k+ | | | Direct Query |
| #616 | WP-Polls | 25 | 618 | 639 | 40k+ | | | Unsafe printing function |
| #617 | Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF | 25 | 154 | 118 | 60k+ | | | Non-prefixed global variable |
| #618 | SlimStat Analytics | 25 | 1,177 | 870 | 70k+ | | | Exception output is not escaped |
| #619 | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | 25 | 252 | 566 | 1m+ | | | Non-prefixed hook name |
| #620 | WP Spell Check | 25 | 6 | 4,390 | 2k+ | | | Direct Query |
| #621 | WP Statistics – Simple, privacy-friendly Google Analytics alternative | 25 | 610 | 2,465 | 600k+ | | | Non-prefixed global variable |
| #622 | WP Super Cache | 25 | 800 | 989 | 1m+ | | | Output is not escaped |
| #623 | WP Time Slots Booking Form | 25 | 439 | 1,137 | 1k+ | | | Non-prefixed global variable |
| #624 | WP TripAdvisor Review Slider | 25 | 958 | 2,058 | 8k+ | | | Non-prefixed global variable |
| #625 | WP Yelp Review Slider | 25 | 429 | 645 | 1k+ | | | Non-prefixed global variable |
| #626 | WPCargo Track & Trace | 25 | 239 | 557 | 10k+ | | | Non-prefixed global variable |
| #627 | Team Members Showcase | 25 | 591 | 1,494 | 4k+ | | | Non-prefixed global variable |
| #628 | WPvivid Backup for MainWP | 25 | 818 | 1,794 | 10k+ | | | Missing nonce verification |
| #629 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | | | Non-prefixed namespace |
| #630 | YeeMail — Email Template Builder & Customizer | 25 | 606 | 222 | 600 | | | wp function not compatible with requires wp |
| #631 | Video Gallery – YouTube Gallery, Playlist & Video Grid | 25 | 275 | 1,070 | 2k+ | | | Non-prefixed hook name |
| #632 | YT Player – Embed and Customize Video Players | 25 | 3,163 | 261 | 1k+ | | | Output is not escaped |
| #633 | AI Content Writing Assistant | 26 | 1,069 | 516 | 700 | | | Text Domain Mismatch |
| #634 | Blog Floating Button | 26 | 705 | 240 | 9k+ | | | Output is not escaped |
| #635 | Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar | 26 | 526 | 263 | 5k+ | | | Output is not escaped |
| #636 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #637 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | 26 | 113 | 671 | 400k+ | | | Non-prefixed global variable |
| #638 | Database for Contact Form 7, WPforms, Elementor forms | 26 | 317 | 489 | 60k+ | | | Non-prefixed global variable |
| #639 | WP Frontend Admin – Display WP Admin Pages in the Frontend | 26 | 347 | 337 | 500 | | | Non Singular String Literal Domain |
| #640 | Ditty – Responsive News Tickers, Sliders, and Lists | 26 | 561 | 484 | 30k+ | | | Output is not escaped |
| #641 | Easy Appointments | 26 | 135 | 569 | 10k+ | | | Alternative PHP tag found |
| #642 | Event Monster – Event Manager, Ticket Booking & Registration | 26 | 781 | 781 | 700 | | | Non-prefixed global variable |
| #643 | ezCache | 26 | 127 | 269 | 10k+ | | | Direct Query |
| #644 | RSS Redirect & Feedburner Alternative | 26 | 277 | 272 | 1k+ | | | Output is not escaped |
| #645 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | 26 | 113 | 597 | 90k+ | | | Non-prefixed global variable |
| #646 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | 26 | 591 | 416 | 2k+ | | | Exception output is not escaped |
| #647 | FV Antispam | 26 | 332 | 239 | 900 | | | Output is not escaped |
| #648 | GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites | 26 | 284 | 216 | 500 | | | badly named files |
| #649 | Image SEO – AI-Driven Image SEO Optimizer | 26 | 350 | 327 | 1k+ | | | Text Domain Mismatch |
| #650 | Media File Renamer: Rename for better SEO (AI-Powered) | 26 | 148 | 170 | 40k+ | | | Direct Query |
