| #401 | Custom Twitter Feeds – A Tweets Widget or X Feed Widget | 24 | 446 | 922 | 100k+ | | | Output is not escaped |
| #402 | Customer Reviews for WooCommerce | 24 | 2,206 | 2,443 | 80k+ | | | Output is not escaped |
| #403 | Defender Security – Malware Scanner, Login Security & Firewall | 24 | 306 | 518 | 80k+ | | | Non-prefixed namespace |
| #404 | WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) | 24 | 845 | 2,665 | 4k+ | | | Non-prefixed global variable |
| #405 | Democracy Poll | 24 | 387 | 436 | 7k+ | | | Short PHP open tag found |
| #406 | Digital License Manager | 24 | 295 | 670 | 700 | | | Non-prefixed hook name |
| #407 | Doubly – Cross Domain Copy Paste for WordPress | 24 | 252 | 55 | 10k+ | | | Output is not escaped |
| #408 | DSGVO All in one for WP | 24 | 75 | 1,637 | 20k+ | | | Non-prefixed global variable |
| #409 | Dynamic Widgets | 24 | 631 | 812 | 10k+ | | | Non-prefixed global variable |
| #410 | Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | 24 | 194 | 383 | 1k+ | | | Nonce verification recommended |
| #411 | Easy Invoice – Invoice Generator, PDF Quotes & Payments | 24 | 1,366 | 2,006 | 500 | | | Non-prefixed global variable |
| #412 | Easy Modal | 24 | 564 | 299 | 7k+ | | | Unsafe printing function |
| #413 | E-cab Taxi Booking Manager for Woocommerce | 24 | 356 | 1,462 | 2k+ | | | Non-prefixed global variable |
| #414 | eCommerce Product Catalog Plugin for WordPress | 24 | 621 | 3,177 | 7k+ | | | Non-prefixed function |
| #415 | ECPay Ecommerce for WooCommerce | 24 | 491 | 739 | 2k+ | | | Missing nonce verification |
| #416 | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | 24 | 652 | 1,495 | 60k+ | | | Non-prefixed hook name |
| #417 | EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more | 24 | 669 | 1,550 | 100k+ | | | Output is not escaped |
| #418 | Enable Media Replace | 24 | 212 | 276 | 600k+ | | | Output is not escaped |
| #419 | Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels | 24 | 107 | 1,461 | 10k+ | | | Non-prefixed global variable |
| #420 | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | 24 | 120 | 684 | 200k+ | | | Non-prefixed global variable |
| #421 | Event Tickets and Registration | 24 | 3,411 | 4,217 | 90k+ | | | Non-prefixed global variable |
| #422 | Etsy Integration For WooCommerce | 24 | 1,246 | 4,643 | 900 | | | Non-prefixed global variable |
| #423 | F12 Profiler | 24 | 282 | 451 | 500 | | | Direct Query |
| #424 | Fast Velocity Minify | 24 | 282 | 256 | 40k+ | | | Unsafe printing function |
| #425 | Fattura24 | 24 | 312 | 333 | 400 | | | Output is not escaped |
| #426 | Featured Image from URL (FIFU) | 24 | 1,654 | 418 | 70k+ | | | Non Singular String Literal Domain |
| #427 | Featured Post with thumbnail | 24 | 158 | 122 | 400 | | | Output is not escaped |
| #428 | FeedWordPress | 24 | 496 | 319 | 9k+ | | | Missing Arg Domain |
| #429 | FileBird – WordPress Media Library Folders & File Manager | 24 | 239 | 377 | 200k+ | | | wp function not compatible with requires wp |
| #430 | Fix Alt Text | 24 | 544 | 346 | 1k+ | | | Non Singular String Literal Domain |
| #431 | FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | 24 | 193 | 753 | 80k+ | | | Direct Query |
| #432 | Football Pool | 24 | 1,085 | 733 | 1k+ | | | Output is not escaped |
| #433 | Force Sell for WooCommerce | 24 | 708 | 452 | 600 | | | Text Domain Mismatch |
| #434 | Formidable PRO2PDF | 24 | 218 | 477 | 1k+ | | | Non-prefixed global variable |
| #435 | Photo Gallery – Responsive Image Galleries by Supsystic | 24 | 240 | 91 | 20k+ | | | Text Domain Mismatch |
| #436 | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | 24 | 536 | 324 | 10k+ | | | Text Domain Mismatch |
| #437 | GD Mail Queue | 24 | 502 | 582 | 700 | | | Output is not escaped |
| #438 | GG Woo Feed for WooCommerce Shopping Feed on Google and Other Channels | 24 | 469 | 592 | 1k+ | | | Non-prefixed global variable |
| #439 | Connector Wizard (formerly LC Wizard) | 24 | 248 | 464 | 1k+ | | | Non-prefixed function |
| #440 | Assets manager, dequeue scripts, dequeue styles for WordPress | 24 | 592 | 255 | 2k+ | | | Output is not escaped |
| #441 | Easy Google Maps | 24 | 1,764 | 389 | 20k+ | | | Non Singular String Literal Domain |
| #442 | GS Behance Portfolio – Display Projects, Gallery & Slider | 24 | 855 | 1,617 | 400 | | | Non-prefixed global variable |
| #443 | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | 24 | 3,410 | 866 | 70k+ | | | Text Domain Mismatch |
| #444 | Import and export users and customers | 24 | 1,040 | 357 | 70k+ | | | Unsafe printing function |
| #445 | Keap Official Opt-in Forms | 24 | 829 | 1,046 | 1k+ | | | Non-prefixed global variable |
| #446 | Social Slider Feed – Social Media Feed & Gallery Widgets | 24 | 929 | 707 | 20k+ | | | Non-prefixed global variable |
| #447 | InstaWP Connect – 1-click WP Staging & Migration | 24 | 253 | 811 | 40k+ | | | Non-prefixed global variable |
| #448 | Joli Table Of Contents | 24 | 653 | 1,755 | 7k+ | | | Non-prefixed global variable |
| #449 | LatePoint – Calendar Booking Plugin for Appointments and Events | 24 | 1,841 | 937 | 100k+ | | | Output is not escaped |
| #450 | LearnPress – Backup & Migration Tool | 24 | 385 | 469 | 5k+ | | | Output is not escaped |
