| #51 | Asset CleanUp: Page Speed Booster | 22 | 2,030 | 2,485 | 100k+ | | | Non-prefixed global variable |
| #52 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 918 | 916 | 70k+ | | | Exception output is not escaped |
| #53 | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | 22 | 5,996 | 2,790 | 5k+ | | | Text Domain Mismatch |
| #54 | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | 23 | 1,185 | 1,027 | 1k+ | | | Text Domain Mismatch |
| #55 | Gutenberg Blocks – ACF Blocks Suite | 23 | 1,097 | 1,449 | 400 | | | Non-prefixed global variable |
| #56 | BA Book Everything | 23 | 1,184 | 1,086 | 10k+ | | | Output is not escaped |
| #57 | Booking calendar, Appointment Booking System | 23 | 1,079 | 1,125 | 4k+ | | | Output is not escaped |
| #58 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 474 | 1,153 | 5k+ | | | Non-prefixed global variable |
| #59 | Content Aware Sidebars – Fastest Widget Area Plugin | 23 | 993 | 1,738 | 30k+ | | | Non-prefixed global variable |
| #60 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | | | Non-prefixed global variable |
| #61 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | | | Non-prefixed namespace |
| #62 | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | 23 | 386 | 999 | 400 | | | Non-prefixed global variable |
| #63 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | | | Non Singular String Literal Domain |
| #64 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | | | Output is not escaped |
| #65 | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | 23 | 3,621 | 2,744 | 10k+ | | | Output is not escaped |
| #66 | The GDPR Framework By Data443 | 23 | 1,287 | 517 | 10k+ | | | Short PHP open tag found |
| #67 | Groundhogg — CRM, Newsletters, and Marketing Automation | 23 | 136 | 914 | 2k+ | | | Non-prefixed global variable |
| #68 | Interactive Content – H5P | 23 | 565 | 380 | 40k+ | | | Non Singular String Literal Domain |
| #69 | Payment forms, Buy now buttons, and Invoicing System | GetPaid | 23 | 387 | 1,258 | 5k+ | | | Non-prefixed global variable |
| #70 | Link Whisper Free | 23 | 3,882 | 5,303 | 30k+ | | | Text Domain Mismatch |
| #71 | Media Library Assistant | 23 | 1,144 | 3,943 | 70k+ | | | Nonce verification recommended |
| #72 | Restaurant Menu and Food Ordering | 23 | 385 | 853 | 2k+ | | | Non-prefixed global variable |
| #73 | MStore API – Create Native Android & iOS Apps On The Cloud | 23 | 618 | 764 | 3k+ | | | SQL query is not prepared |
| #74 | MultiParcels Shipping For WooCommerce | 23 | 179 | 356 | 4k+ | | | Request data is not unslashed |
| #75 | Issues and Series for Newspapers, Magazines, Publishers, Writers | 23 | 346 | 710 | 2k+ | | | Nonce verification recommended |
| #76 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | | | Missing nonce verification |
| #77 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | 23 | 4,159 | 1,553 | 100k+ | | | Output is not escaped |
| #78 | AI Popup | 23 | 1,224 | 636 | 400 | | | Text Domain Mismatch |
| #79 | Schema | 23 | 1,173 | 245 | 40k+ | | | Text Domain Mismatch |
| #80 | SecuPress with Simple SSL – Simple and Performant Security | 23 | 1,697 | 1,601 | 40k+ | | | Non-prefixed global variable |
| #81 | Seraphinite Post .DOCX Source | 23 | 1,156 | 110 | 900 | | | Output is not escaped |
| #82 | Seriously Simple Podcasting | 23 | 548 | 627 | 30k+ | | | Non-prefixed hook name |
| #83 | Local Google Analytics for WordPress – caches external requests | 23 | 551 | 199 | 3k+ | | | Output is not escaped |
| #84 | Image Optimizer, Resizer and CDN – Sirv | 23 | 616 | 1,004 | 1k+ | | | Output is not escaped |
| #85 | Slider Hero with Video Background, Animation | 23 | 1,565 | 1,253 | 3k+ | | | Text Domain Mismatch |
| #86 | Slider by 10Web – Responsive Image Slider | 23 | 5,814 | 976 | 10k+ | | | Output is not escaped |
| #87 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 694 | 2,439 | 20k+ | | | Non-prefixed hook name |
| #88 | Predictive Search for WooCommerce | 23 | 530 | 644 | 700 | | | Output is not escaped |
| #89 | WP-CRM System – Manage Clients and Projects | 23 | 297 | 1,094 | 800 | | | Non-prefixed global variable |
| #90 | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | 23 | 941 | 2,179 | 20k+ | | | SQL query is not prepared |
| #91 | WP STAGING – WordPress Backup, Restore, Migration & Clone | 23 | 1,494 | 1,550 | 100k+ | | | Non-prefixed global variable |
| #92 | Track, Analyze & Optimize by WP Tao | 23 | 895 | 756 | 600 | | | Output is not escaped |
| #93 | WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel | 23 | 1,158 | 3,642 | 20k+ | | | Interpolated SQL is not prepared |
| #94 | Photo Engine (Media Organizer & Lightroom) | 23 | 252 | 650 | 2k+ | | | Direct Query |
| #95 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | 23 | 2,317 | 1,714 | 5k+ | | | Output is not escaped |
| #96 | Ivory Search – WordPress Search Plugin | 24 | 1,173 | 1,688 | 100k+ | | | Non-prefixed global variable |
| #97 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | 24 | 482 | 1,253 | 50k+ | | | Non-prefixed global variable |
| #98 | BlockMeister – Block Pattern Builder | 24 | 580 | 1,405 | 1k+ | | | Non-prefixed global variable |
| #99 | RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress | 24 | 828 | 3,665 | 500 | | | Request data is not unslashed |
| #100 | WPBot – ChatBot Conversational Forms | 24 | 1,254 | 1,226 | 2k+ | | | Text Domain Mismatch |