| #451 | Auto Affiliate Links | 24 | 375 | 407 | 3k+ | | | Output is not escaped |
| #452 | Iptanus File Upload | 24 | 509 | 1,325 | 10k+ | | | Non-prefixed function |
| #453 | WP Layouts | 24 | 349 | 146 | 3k+ | | | Text Domain Mismatch |
| #454 | WP-Members Membership Plugin | 24 | 669 | 382 | 50k+ | | | Output is not escaped |
| #455 | WP Notification Bell | 24 | 736 | 1,591 | 700 | | | Non-prefixed global variable |
| #456 | WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars | 24 | 861 | 1,573 | 10k+ | | | Non-prefixed global variable |
| #457 | WP RSS Aggregator – RSS Import, Feed to Post, Autoblogging, AI Content | 24 | 1,775 | 393 | 40k+ | | | Text Domain Mismatch |
| #458 | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | 24 | 91 | 1,725 | 7k+ | | | Non-prefixed hook name |
| #459 | WP-Stateless – Google Cloud Storage | 24 | 1,036 | 482 | 4k+ | | | Non Singular String Literal Domain |
| #460 | WP Travel – Ultimate Travel Booking System, Tour Management Engine | 24 | 226 | 1,951 | 4k+ | | | Non-prefixed hook name |
| #461 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software | 24 | 2,010 | 5,688 | 20k+ | | | Non-prefixed global variable |
| #462 | Export All Posts, Products, Orders & Users | WP Ultimate Exporter | WordPress CSV Export | 24 | 363 | 1,130 | 7k+ | | | Direct Query |
| #463 | WP User Manager – User Profile Builder & Membership | 24 | 787 | 539 | 10k+ | | | Exception output is not escaped |
| #464 | WPAdverts – Classifieds Plugin | 24 | 1,308 | 496 | 4k+ | | | Output is not escaped |
| #465 | WPeMatico RSS Feed Fetcher | 24 | 1,376 | 582 | 10k+ | | | Output is not escaped |
| #466 | WPGSI: Spreadsheet Integration | 24 | 784 | 1,587 | 2k+ | | | Non-prefixed global variable |
| #467 | WpStream – Live Streaming, Video on Demand, Pay Per View | 24 | 1,712 | 740 | 3k+ | | | Text Domain Mismatch |
| #468 | xili-language | 24 | 1,501 | 523 | 600 | | | Output is not escaped |
| #469 | Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | 24 | 1,211 | 3,152 | 30k+ | | | Non-prefixed global variable |
| #470 | AliExpress Dropshipping Plugin for WooCommerce Stores | 25 | 550 | 728 | 5k+ | | | Text Domain Mismatch |
| #471 | Beaver Builder Page Builder – Drag and Drop Website Builder | 25 | 4,463 | 1,819 | 100k+ | | | Text Domain Mismatch |
| #472 | Breeze Cache | 25 | 217 | 790 | 400k+ | | | Non-prefixed global variable |
| #473 | Broken Link Checker | 25 | 727 | 600 | 500k+ | | | Output is not escaped |
| #474 | GSheetConnector for CF7 – Connect Contact Form 7 to Google Sheets and Send Form Submissions in Real Time | 25 | 614 | 1,431 | 40k+ | | | Non-prefixed global variable |
| #475 | CheckoutWC Lite | 25 | 1,359 | 850 | 3k+ | | | Text Domain Mismatch |
| #476 | CheckView – Form & Checkout Testing | 25 | 66 | 337 | 1k+ | | | Direct Query |
| #477 | Colissimo shipping methods for WooCommerce | 25 | 1,755 | 557 | 10k+ | | | Text Domain Mismatch |
| #478 | Coupon Creator | 25 | 698 | 412 | 1k+ | | | Output is not escaped |
| #479 | CP Contact Form with PayPal | 25 | 466 | 936 | 800 | | | Unsafe printing function |
| #480 | Cryptocurrency Payment Gateway | 25 | 1,963 | 589 | 400 | | | Text Domain Mismatch |
| #481 | CSS & JavaScript Toolbox | 25 | 155 | 617 | 10k+ | | | Non-prefixed class |
| #482 | Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | 25 | 554 | 982 | 200k+ | | | Output is not escaped |
| #483 | DecaLog | 25 | 943 | 236 | 1k+ | | | Exception output is not escaped |
| #484 | ELEX WooCommerce Dynamic Pricing and Discounts | 25 | 478 | 748 | 800 | | | Text Domain Mismatch |
| #485 | WEB-Translation – eTranslation Multilingual | 25 | 217 | 1,057 | 400 | | | Non-prefixed function |
| #486 | Show Eventbrite Events – Event Feed for Eventbrite | 25 | 595 | 1,525 | 900 | | | Non-prefixed global variable |
| #487 | Event Genius – Event Management, Events Calendar, Registration, and RSVP | 25 | 180 | 1,560 | 500 | | | Non-prefixed global variable |
| #488 | Events Made Easy | 25 | 507 | 6,299 | 1k+ | | | Non-prefixed function |
| #489 | FlatPM – Ad Manager, AdSense and Custom Code | 25 | 3,017 | 557 | 10k+ | | | Text Domain Mismatch |
| #490 | Lightbox & Modal Popup WordPress Plugin – FooBox | 25 | 610 | 1,365 | 100k+ | | | Non-prefixed global variable |
| #491 | Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel | 25 | 876 | 1,798 | 100k+ | | | Non-prefixed global variable |
| #492 | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin | 25 | 187 | 493 | 2k+ | | | Non-prefixed global variable |
| #493 | WP Fast Total Search – The Power of Indexed Search | 25 | 209 | 291 | 1k+ | | | Non-prefixed global variable |
| #494 | FunnelKit – Funnel Builder for WooCommerce Checkout | 25 | 3,164 | 2,624 | 30k+ | | | Text Domain Mismatch |
| #495 | Photo Gallery by Ays – Responsive Image Gallery | 25 | 466 | 820 | 1k+ | | | Output is not escaped |
| #496 | GD Rating System | 25 | 1,511 | 1,043 | 1k+ | | | Output is not escaped |
| #497 | GD Security Headers | 25 | 407 | 521 | 1k+ | | | Output is not escaped |
| #498 | GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content | 25 | 87 | 863 | 6k+ | | | Non-prefixed global variable |
| #499 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | 25 | 50 | 1,043 | 1k+ | | | Non-prefixed global variable |
| #500 | WPBruiser {no- Captcha anti-Spam} | 25 | 646 | 259 | 10k+ | | | Non Singular String Literal Domain |
