| #51 | WPJAM Basic | 20 | 328 | 356 | 4k+ | | | Output is not escaped |
| #52 | Store Locator WordPress | 21 | 2,372 | 1,572 | 10k+ | | | Text Domain Mismatch |
| #53 | Backup Migration | 21 | 981 | 1,093 | 80k+ | | | Non-prefixed global variable |
| #54 | bbPress | 21 | 929 | 3,672 | 100k+ | | | Non-prefixed function |
| #55 | Pinpoint Booking System – Version 2 | 21 | 634 | 328 | 3k+ | | | Missing direct file access protection |
| #56 | rtMedia for WordPress, BuddyPress and bbPress | 21 | 363 | 633 | 8k+ | | | Non-prefixed constant |
| #57 | CallTrackingMetrics | 21 | 923 | 286 | 3k+ | | | Unsafe printing function |
| #58 | Captcha Them All | 21 | 300 | 323 | 6k+ | | | Output is not escaped |
| #59 | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | 21 | 461 | 614 | 200k+ | | | Text Domain Mismatch |
| #60 | Smart Grid-Layout Design for Contact Form 7 | 21 | 1,126 | 734 | 10k+ | | | Output is not escaped |
| #61 | Comet Cache | 21 | 857 | 245 | 20k+ | | | Output is not escaped |
| #62 | Cost Calculator Builder | 21 | 322 | 766 | 30k+ | | | Non-prefixed global variable |
| #63 | Free Downloads WooCommerce | 21 | 430 | 359 | 4k+ | | | Output is not escaped |
| #64 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | | | Output is not escaped |
| #65 | Envo Extra | 21 | 878 | 600 | 20k+ | | | Text Domain Mismatch |
| #66 | eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams | 21 | 186 | 437 | 9k+ | | | Non-prefixed global variable |
| #67 | ERP: Complete HR, Accounting & CRM Suite with Recruitment and WooCommerce CRM Support | 21 | 829 | 5,966 | 5k+ | | | Direct Query |
| #68 | Eupago Gateway For Woocommerce | 21 | 612 | 320 | 2k+ | | | Output is not escaped |
| #69 | EventPrime – Events Calendar, Bookings and Tickets | 21 | 872 | 4,297 | 7k+ | | | Non-prefixed global variable |
| #70 | Feeds for YouTube (YouTube video, channel, and gallery plugin) | 21 | 558 | 978 | 100k+ | | | Output is not escaped |
| #71 | FileOrganizer – WordPress File Manager | 21 | 536 | 241 | 200k+ | | | unlink unlink |
| #72 | Campaign Monitor for WordPress | 21 | 386 | 461 | 2k+ | | | Non-prefixed global variable |
| #73 | If-So Dynamic Content – Elementor & All Page Builders Personalization | 21 | 889 | 725 | 7k+ | | | Unsafe printing function |
| #74 | Imagify: Optimize Images for Top Speed (Compress & Convert to WebP/AVIF) | 21 | 420 | 861 | 1m+ | | | Non-prefixed global variable |
| #75 | JCH Optimize | 21 | 953 | 133 | 4k+ | | | Output is not escaped |
| #76 | LA-Studio Element Kit for Elementor | 21 | 8,390 | 1,964 | 10k+ | | | Text Domain Mismatch |
| #77 | MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | 21 | 1,133 | 3,011 | 2k+ | | | Non-prefixed global variable |
| #78 | Mapster WP Maps | 21 | 3,440 | 2,903 | 3k+ | | | Text Domain Mismatch |
| #79 | Modular DS: Monitor, update, and backup multiple websites | 21 | 161 | 81 | 40k+ | | | Exception output is not escaped |
| #80 | MotoPress Hotel Booking | 21 | 3,061 | 1,037 | 10k+ | | | Text Domain Mismatch |
| #81 | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | 21 | 1,469 | 3,333 | 10k+ | | | Non-prefixed global variable |
| #82 | OneLogin SAML SSO | 21 | 508 | 330 | 7k+ | | | wp function not compatible with requires wp |
| #83 | Packeta | 21 | 802 | 333 | 8k+ | | | Exception output is not escaped |
| #84 | Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages | 21 | 1,173 | 2,983 | 9k+ | | | Non-prefixed global variable |
| #85 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | 21 | 1,918 | 5,065 | 10k+ | | | Non-prefixed hook name |
| #86 | PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board | 21 | 603 | 890 | 6k+ | | | Output is not escaped |
| #87 | Razorpay Quick Payments | 21 | 399 | 63 | 3k+ | | | Exception output is not escaped |
| #88 | Five Star Restaurant Reservations – WordPress Booking Plugin | 21 | 1,099 | 1,147 | 10k+ | | | Output is not escaped |
| #89 | Rocket Maintenance Mode & Coming Soon Page | 21 | 1,176 | 1,406 | 4k+ | | | Non-prefixed global variable |
| #90 | Royal Addons for Elementor – Addons and Templates Kit for Elementor | 21 | 13,011 | 2,530 | 600k+ | | | Text Domain Mismatch |
| #91 | Seamless Donations is Sunset | 21 | 600 | 514 | 2k+ | | | Text Domain Mismatch |
| #92 | Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic | 21 | 327 | 181 | 10k+ | | | Output is not escaped |
| #93 | Smart Forms – when you need more than just a contact form | 21 | 776 | 574 | 5k+ | | | Output is not escaped |
| #94 | Accept Stripe Payments | 21 | 373 | 882 | 20k+ | | | Missing nonce verification |
| #95 | Testerwp ecommerce companion | 21 | 811 | 436 | 1k+ | | | Text Domain Mismatch |
| #96 | ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin | 21 | 190 | 660 | 30k+ | | | Non-prefixed global variable |
| #97 | Revive Social – Social Media Auto Post and Scheduling Automation Plugin | 21 | 255 | 425 | 20k+ | | | Non-prefixed hook name |
| #98 | Buckaroo Woocommerce Payments Plugin | 21 | 563 | 326 | 2k+ | | | Exception output is not escaped |
| #99 | WCFM – Frontend Manager for WooCommerce | 21 | 4,721 | 5,067 | 20k+ | | | Non-prefixed global variable |
| #100 | WebP Express | 21 | 160 | 427 | 300k+ | | | Non-prefixed global variable |
