| #1 | wpForo Forum | 17 | 4,033 | 2,922 | 20k+ | | | Unsafe printing function |
| #2 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,432 | 3,575 | 100k+ | | | Output is not escaped |
| #3 | Powered Cache – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score | 20 | 147 | 231 | 3k+ | | | Exception output is not escaped |
| #4 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | | | Output is not escaped |
| #5 | Revive Social – Social Media Auto Post and Scheduling Automation Plugin | 21 | 255 | 425 | 20k+ | | | Non-prefixed hook name |
| #6 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,466 | 3,972 | 10k+ | | | Output is not escaped |
| #7 | Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress | 22 | 919 | 1,230 | 10k+ | | | Output is not escaped |
| #8 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | | | Missing Translators Comment |
| #9 | Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy | 23 | 170 | 821 | 40k+ | | | Non-prefixed global variable |
| #10 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | | | Non-prefixed namespace |
| #11 | Payment forms, Buy now buttons, and Invoicing System | GetPaid | 23 | 387 | 1,258 | 5k+ | | | Non-prefixed global variable |
| #12 | Masteriyo LMS – LMS Course Builder, Quizzes & Certificates | 23 | 190 | 2,122 | 5k+ | | | Non-prefixed global variable |
| #13 | Order Bump for WooCommerce | 23 | 1,720 | 1,562 | 600 | | | Output is not escaped |
| #14 | The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid | 23 | 105 | 1,013 | 100k+ | | | Non-prefixed global variable |
| #15 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 694 | 2,439 | 20k+ | | | Non-prefixed hook name |
| #16 | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | 23 | 941 | 2,179 | 20k+ | | | SQL query is not prepared |
| #17 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | | | Non-prefixed global variable |
| #18 | Participants Database | 24 | 951 | 894 | 7k+ | | | SQL query is not prepared |
| #19 | Product Catalog Simple | 24 | 1,555 | 1,982 | 1k+ | | | Output is not escaped |
| #20 | Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors | 24 | 369 | 820 | 20k+ | | | Nonce verification recommended |
| #21 | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | 24 | 149 | 482 | 600 | | | Non-prefixed global variable |
| #22 | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 24 | 664 | 3,321 | 50k+ | | | Non-prefixed global variable |
| #23 | European VAT Compliance Assistant for WooCommerce | 24 | 515 | 317 | 3k+ | | | Output is not escaped |
| #24 | WP Fastest Cache – WordPress Cache Plugin | 24 | 541 | 753 | 1m+ | | | Unsafe printing function |
| #25 | Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | 24 | 1,211 | 3,152 | 30k+ | | | Non-prefixed global variable |
| #26 | XL NMI Gateway for WooCommerce | 26 | 695 | 436 | 1k+ | | | Text Domain Mismatch |
| #27 | AJAX Login and Registration modal popup + inline form | 28 | 157 | 261 | 3k+ | | | Output is not escaped |
| #28 | Edwiser Bridge – WordPress Moodle Integration | 30 | 4 | 669 | 4k+ | | | Non-prefixed hook name |
| #29 | FastDup – Fastest WordPress Migration & Duplicator | 31 | 83 | 66 | 5k+ | | | wp function not compatible with requires wp |
| #30 | Molongui Post Contributors: Multi-Role Contributor Attribution | 33 | 240 | 162 | 400 | | | Output is not escaped |
| #31 | Two Factor Authentication | 35 | 108 | 139 | 20k+ | | | Output is not escaped |
| #32 | HTTP Requests Manager | 36 | 98 | 90 | 1k+ | | | Output is not escaped |
| #33 | WP Multibyte Patch | 39 | 24 | 55 | 1m+ | | | Input is not sanitized |
| #34 | Debug Bar | 41 | 64 | 25 | 20k+ | | | Output is not escaped |
| #35 | Debug This | 52 | 43 | 32 | 2k+ | | | Missing Translators Comment |
| #36 | GetPaid Stripe Payments | 61 | 206 | 44 | 2k+ | | | Text Domain Mismatch |
| #37 | MooWoodle – WordPress Moodle LMS Integration, Sell Moodle Courses via WooCommerce | 63 | 10 | 45 | 800 | | | No Caching |