#1 JetFormBuilder — Dynamic Blocks Form Builder 18 2,093 1,589 90k+ 5 years ago today Text Domain Mismatch #2 SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments 19 526 1,119 90k+ 4 years ago 9 days ago Non-prefixed global variable #3 Mapster WP Maps 21 3,440 2,903 3k+ 5 years ago 14 days ago Text Domain Mismatch #4 WP Extended – The Ultimate WordPress Toolkit 21 1,253 398 600 4 years ago 3 days ago Non Singular String Literal Domain #5 Frontend Admin by DynamiApps 22 5,922 3,208 10k+ 7 years ago 8 days ago Text Domain Mismatch #6 WP Customer Area 22 3,308 941 10k+ 13 years ago 2 months ago Text Domain Mismatch #7 FireBox Popups – Increase Sales and Grow Your Email List 22 153 812 7k+ 5 years ago 10 days ago Non-prefixed global variable #8 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 22 409 236 700k+ 8 years ago 16 days ago Text Domain Mismatch #9 Import WP – Export and Import CSV and XML files to WordPress 22 580 330 4k+ 12 years ago 2 months ago Exception output is not escaped #10 Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress 22 919 1,230 10k+ 11 years ago 4 months ago Output is not escaped #11 RealPress – Real Estate Plugin 22 604 1,167 500 4 years ago 3 months ago Non-prefixed global variable #12 Salon Booking System – Free Version 22 655 620 2k+ 11 years ago today Missing direct file access protection #13 WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell 22 5,996 2,790 5k+ 5 years ago 7 days ago Text Domain Mismatch #14 Advanced Custom Fields: Extended 23 1,885 329 100k+ 7 years ago 28 days ago Text Domain Mismatch #15 Advanced Custom Fields (ACF®) 23 2,456 1,218 2m+ 15 years ago 15 days ago Text Domain Mismatch #16 Content Egg – Affiliate Product Importer & Price Comparison 23 1,231 1,257 10k+ 11 years ago 4 days ago Non-prefixed global variable #17 Groundhogg — CRM, Newsletters, and Marketing Automation 23 136 911 2k+ 8 years ago today Non-prefixed global variable #18 Secure Custom Fields 23 240 1,369 80k+ 2 years ago 2 days ago Non-prefixed function #19 Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning 23 1,118 202 40k+ 13 years ago 16 days ago Missing Translators Comment #20 WP STAGING – WordPress Backup, Migration, Clone & Duplicate 23 1,489 1,549 100k+ 11 years ago yesterday Non-prefixed global variable #21 WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress 23 4,376 890 20k+ 7 years ago 2 months ago Output is not escaped #22 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution 24 162 787 2k+ 5 years ago 10 days ago Non-prefixed global variable #23 EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more 24 669 1,550 100k+ 10 years ago yesterday Output is not escaped #24 Spotlight Social Feeds – Block, Shortcode, and Widget 24 411 147 60k+ 6 years ago 28 days ago Output is not escaped #25 StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More 24 149 482 600 1 year ago 7 days ago Non-prefixed global variable #26 FiboSearch – Ajax Search for WooCommerce 25 603 302 100k+ 10 years ago 2 months ago Output is not escaped #27 ATUM WooCommerce Inventory Management and Stock Tracking 25 2,638 1,304 10k+ 9 years ago 2 months ago Non Singular String Literal Domain #28 Admin Columns 25 613 995 100k+ 15 years ago 27 days ago Non-prefixed namespace #29 F4 Post Tree 25 536 1,332 500 7 years ago 20 days ago Non-prefixed global variable #30 AnWP Football Leagues 25 3,287 1,954 900 8 years ago 6 days ago Text Domain Mismatch #31 ShopMagic – email automation 25 228 145 10k+ 10 years ago 10 days ago Exception output is not escaped #32 OttoKit: All-in-One Automation Platform 25 1,528 1,806 90k+ 3 years ago 14 days ago Missing direct file access protection #33 Ultimate Post Kit Addons for Elementor 25 182 412 30k+ 5 years ago 2 days ago Missing nonce verification #34 Theater for WordPress 26 348 344 600 13 years ago 6 months ago Output is not escaped #35 AJAX Login and Registration modal popup + inline form 28 157 261 3k+ 8 years ago 8 months ago Output is not escaped #36 گیتلند | درگاه پرداخت هوشمند گیتلند 28 327 235 2k+ 1 year ago 7 days ago Output is not escaped #37 Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management 29 53 496 3k+ 7 years ago 1 month ago Direct Query #38 Novelist 30 475 158 1k+ 10 years ago 11 months ago Output is not escaped #39 Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates 30 60 387 3k+ 2 years ago 17 days ago Non-prefixed global variable #40 WPZOOM Addons for Beaver Builder 30 2,216 152 4k+ 8 years ago 5 months ago Text Domain Mismatch #41 Worldline Global Online Pay for WooCommerce 31 160 86 500 2 years ago 3 days ago Missing direct file access protection #42 Enter Addons – Ultimate Template Builder for Elementor 32 82 72 1k+ 4 years ago 19 days ago Output is not escaped #43 Advanced Forms for ACF 33 169 278 3k+ 10 years ago 2 months ago Non-prefixed hook name #44 FastPixel Cache – Optimize Page Speed: Compress Images, Minify, Clean Database & CDN 33 51 333 4k+ 2 years ago yesterday Request data is not unslashed #45 Mollie Payments for WooCommerce 33 70 123 100k+ 11 years ago 10 days ago Dynamic hook name #46 Inavii Social Feed – Live Social Proof Gallery 34 532 180 9k+ 4 years ago 5 days ago Text Domain Mismatch #47 ACF Color Swatches 35 50 21 1k+ 8 years ago 8 years ago Text Domain Mismatch #48 Air WP Sync – Airtable to WordPress 35 38 42 1k+ 4 years ago 5 months ago Non-prefixed hook name #49 Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch 35 5 13 8k+ 4 years ago 7 days ago Database parameter is not escaped #50 CiviCRM Admin Utilities 35 19 87 1k+ 11 years ago 1 month ago Non-prefixed hook name 
