| #1 | WPPizza – A Restaurant Plugin | 18 | 4,689 | 2,703 | 1k+ | | | Text Domain Mismatch |
| #2 | Event Organiser | 20 | 1,104 | 544 | 20k+ | | | Text Domain Mismatch |
| #3 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,437 | 3,577 | 100k+ | | | Output is not escaped |
| #4 | Backup Migration | 21 | 981 | 1,093 | 80k+ | | | Non-prefixed global variable |
| #5 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | | | Output is not escaped |
| #6 | Data Tables Generator by Supsystic | 22 | 157 | 150 | 10k+ | | | Exception output is not escaped |
| #7 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,466 | 3,972 | 10k+ | | | Output is not escaped |
| #8 | File Manager | 22 | 740 | 520 | 1m+ | | | Unsafe printing function |
| #9 | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | 23 | 9,310 | 26,642 | 900 | | | Non-prefixed global variable |
| #10 | MediaPress | 23 | 904 | 583 | 4k+ | | | Output is not escaped |
| #11 | Redirection | 23 | 523 | 457 | 100k+ | | | Non-prefixed global variable |
| #12 | Softaculous | 23 | 116 | 49 | 10k+ | | | file system operations fread |
| #13 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 695 | 2,434 | 20k+ | | | Non-prefixed hook name |
| #14 | Clone | 23 | 244 | 262 | 40k+ | | | Output is not escaped |
| #15 | WP-CRM System – Manage Clients and Projects | 23 | 297 | 1,094 | 800 | | | Non-prefixed global variable |
| #16 | WP Migrate Lite – Migration Made Easy | 23 | 368 | 254 | 200k+ | | | Exception output is not escaped |
| #17 | WP STAGING – WordPress Backup, Migration, Clone & Duplicate | 23 | 1,489 | 1,549 | 100k+ | | | Non-prefixed global variable |
| #18 | 404 Solution | 24 | 486 | 1,338 | 10k+ | | | Non-prefixed class |
| #19 | CM Pop-Up – Create engaging popups to capture attention and boost interaction | 24 | 466 | 408 | 8k+ | | | Output is not escaped |
| #20 | Simple Calendar – Google Calendar Plugin | 24 | 2,053 | 592 | 50k+ | | | Missing direct file access protection |
| #21 | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | 24 | 3,410 | 866 | 70k+ | | | Text Domain Mismatch |
| #22 | Simple Social Media Share Buttons – Social Sharing for Everyone | 24 | 468 | 101 | 20k+ | | | Output is not escaped |
| #23 | Hardcore Google Fonts Localizer | 25 | 331 | 261 | 900 | | | Text Domain Mismatch |
| #24 | Index WP MySQL For Speed | 25 | 250 | 255 | 50k+ | | | Output is not escaped |
| #25 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | | | Unsafe printing function |
| #26 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | | | Output is not escaped |
| #27 | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) | 25 | 169 | 295 | 20k+ | | | Non-prefixed global variable |
| #28 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | | | Non-prefixed namespace |
| #29 | RSS Redirect & Feedburner Alternative | 26 | 277 | 272 | 1k+ | | | Output is not escaped |
| #30 | Related Posts Thumbnails Plugin for WordPress | 26 | 382 | 198 | 20k+ | | | Output is not escaped |
| #31 | Duplicate Post | 27 | 447 | 274 | 300k+ | | | Unsafe printing function |
| #32 | Custom Scrollbar | 27 | 184 | 191 | 2k+ | | | Output is not escaped |
| #33 | CM Tooltip Glossary | 27 | 611 | 188 | 8k+ | | | Output is not escaped |
| #34 | Under Construction, Coming Soon & Maintenance Mode | 27 | 401 | 148 | 10k+ | | | Output is not escaped |
| #35 | Email Marketing Plugin – WP Email Capture | 27 | 383 | 262 | 1k+ | | | Output is not escaped |
| #36 | Void Contact Form 7 Widget For Elementor Page Builder | 28 | 279 | 66 | 10k+ | | | Text Domain Mismatch |
| #37 | Pop-up | 31 | 103 | 91 | 10k+ | | | Output is not escaped |
| #38 | Ultimate Posts Widget | 31 | 309 | 86 | 10k+ | | | Output is not escaped |
| #39 | Website Monetization by MageNet | 33 | 60 | 87 | 20k+ | | | Output is not escaped |
| #40 | CM Search And Replace – Optimize content edits with a powerful search and replace tool | 34 | 286 | 111 | 2k+ | | | Output is not escaped |
| #41 | Enhanced Text Widget | 34 | 101 | 58 | 30k+ | | | Output is not escaped |
| #42 | SSL Mixed Content Fix | 34 | 53 | 65 | 8k+ | | | Output is not escaped |
| #43 | Multi Step Form | 34 | 277 | 136 | 9k+ | | | Output is not escaped |
| #44 | Insert Headers And Footers | 34 | 83 | 113 | 300k+ | | | Non-prefixed global variable |
| #45 | CM E-Mail Blacklist – Simple email filtering for safer registration | 35 | 269 | 205 | 800 | | | Output is not escaped |
| #46 | NewsPlugin | 35 | 84 | 53 | 400 | | | Text Domain Mismatch |
| #47 | WP System Information | 35 | 237 | 30 | 700 | | | Text Domain Mismatch |
| #48 | CM Header and Footer – Add custom scripts and styles to your header and footer with ease | 36 | 230 | 198 | 1k+ | | | Output is not escaped |
| #49 | Adaptive Images for WordPress | 37 | 51 | 75 | 3k+ | | | Output is not escaped |
| #50 | WP PHP Version Display | 90 | 6 | 4 | 3k+ | | | trademarked term |
