| #901 | TranslatePress – Translate Multilingual sites with AI Translation | 25 | 455 | 1,545 | 400k+ | | | Non-prefixed function |
| #902 | Ultimate Bootstrap Elements for Elementor | 25 | 6,326 | 122 | 6k+ | | | Text Domain Mismatch |
| #903 | Ultimate Post Kit Addons for Elementor | 25 | 182 | 412 | 30k+ | | | Missing nonce verification |
| #904 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | | | Unsafe printing function |
| #905 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | | | Output is not escaped |
| #906 | Vayu Blocks – Website Builder for the Gutenberg Block Editor | 25 | 174 | 233 | 1k+ | | | Text Domain Mismatch |
| #907 | Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | 25 | 205 | 959 | 500 | | | Request data is not unslashed |
| #908 | VikAppointments Services Booking Calendar | 25 | 9,753 | 5,207 | 500 | | | Output is not escaped |
| #909 | VikBooking Hotel Booking Engine & PMS | 25 | 13,244 | 8,314 | 8k+ | | | Output is not escaped |
| #910 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | | | Non-prefixed global variable |
| #911 | VikRestaurants Table Reservations and Take-Away | 25 | 11,644 | 4,932 | 600 | | | Output is not escaped |
| #912 | 3D viewer by Visody | 25 | 832 | 1,322 | 1k+ | | | Non-prefixed global variable |
| #913 | Product Customer List for WooCommerce | 25 | 610 | 1,334 | 9k+ | | | Non-prefixed global variable |
| #914 | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | 25 | 279 | 518 | 4k+ | | | Non-prefixed global variable |
| #915 | weForms – Easy Drag & Drop Contact Form Builder For WordPress | 25 | 916 | 450 | 10k+ | | | Output is not escaped |
| #916 | Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins | 25 | 907 | 1,418 | 10k+ | | | Non-prefixed global variable |
| #917 | Digital Goods (Checkout Field Editor) for WooCommerce Checkout | 25 | 539 | 1,479 | 3k+ | | | Non-prefixed global variable |
| #918 | WFatture for WooCommerce Fattureincloud | 25 | 229 | 774 | 800 | | | Non-prefixed global variable |
| #919 | PDF Builder for WooCommerce. Create invoices,packing slips and more | 25 | 372 | 503 | 2k+ | | | Non-prefixed global variable |
| #920 | Payment Plugins for Stripe WooCommerce | 25 | 348 | 779 | 100k+ | | | Non-prefixed global variable |
| #921 | Pay with Vipps and MobilePay for WooCommerce | 25 | 846 | 514 | 5k+ | | | Output is not escaped |
| #922 | Wordfence Login Security | 25 | 248 | 418 | 70k+ | | | Output is not escaped |
| #923 | WordPress Importer | 25 | 238 | 110 | 2m+ | | | Output is not escaped |
| #924 | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) | 25 | 169 | 295 | 20k+ | | | Non-prefixed global variable |
| #925 | Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals | 25 | 137 | 353 | 60k+ | | | Input is not sanitized |
| #926 | Comments Extra Fields For Post,Pages and CPT | 25 | 577 | 418 | 500 | | | Text Domain Mismatch |
| #927 | WP Coupons and Deals – WordPress Coupon Plugin | 25 | 914 | 1,460 | 1k+ | | | Non-prefixed global variable |
| #928 | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | 25 | 1,431 | 1,270 | 10k+ | | | Output is not escaped |
| #929 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | | | Unsafe printing function |
| #930 | WP Google Review Slider | 25 | 1,367 | 2,584 | 30k+ | | | Non-prefixed global variable |
| #931 | WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security | 25 | 727 | 1,554 | 50k+ | | | Non-prefixed global variable |
| #932 | Nested Pages | 25 | 674 | 560 | 90k+ | | | Non-prefixed global variable |
| #933 | WP-Polls | 25 | 618 | 639 | 40k+ | | | Unsafe printing function |
| #934 | WP Popups – WordPress Popup builder | 25 | 440 | 342 | 30k+ | | | Output is not escaped |
| #935 | Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF | 25 | 158 | 118 | 60k+ | | | Non-prefixed global variable |
| #936 | SlimStat Analytics | 25 | 1,177 | 870 | 70k+ | | | Exception output is not escaped |
| #937 | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | 25 | 252 | 566 | 1m+ | | | Non-prefixed hook name |
| #938 | Wp Social Login and Register Social Counter | 25 | 80 | 738 | 90k+ | | | Non-prefixed global variable |
| #939 | WP Spell Check | 25 | | 4,412 | 2k+ | | | Direct Query |
| #940 | WP Statistics – Simple, privacy-friendly Google Analytics alternative | 25 | 610 | 2,465 | 600k+ | | | Non-prefixed global variable |
| #941 | WP Super Cache | 25 | 800 | 989 | 1m+ | | | Output is not escaped |
| #942 | WP Time Slots Booking Form | 25 | 439 | 1,137 | 1k+ | | | Non-prefixed global variable |
| #943 | WPCargo Track & Trace | 25 | 239 | 557 | 10k+ | | | Non-prefixed global variable |
| #944 | WPvivid Backup for MainWP | 25 | 818 | 1,794 | 10k+ | | | Missing nonce verification |
| #945 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | | | Non-prefixed namespace |
| #946 | Backup, Restore and Migrate your sites with XCloner | 25 | 238 | 864 | 10k+ | | | Input is not sanitized |
| #947 | YeeMail — Email Template Builder & Customizer | 25 | 606 | 222 | 600 | | | wp function not compatible with requires wp |
| #948 | Video Gallery – YouTube Gallery, Playlist & Video Grid | 25 | 275 | 1,066 | 2k+ | | | Non-prefixed hook name |
| #949 | YT Player – Embed and Customize Video Players | 25 | 3,163 | 261 | 1k+ | | | Output is not escaped |
| #950 | AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) | 26 | 286 | 291 | 8k+ | | | Text Domain Mismatch |