| #951 | AI Content Writing Assistant | 26 | 1,069 | 516 | 700 | | | Text Domain Mismatch |
| #952 | Attesa Extra | 26 | 316 | 151 | 1k+ | | | Output is not escaped |
| #953 | Blog Floating Button | 26 | 705 | 240 | 9k+ | | | Output is not escaped |
| #954 | Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar | 26 | 526 | 263 | 5k+ | | | Output is not escaped |
| #955 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #956 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | 26 | 113 | 671 | 400k+ | | | Non-prefixed global variable |
| #957 | Database for Contact Form 7, WPforms, Elementor forms | 26 | 317 | 489 | 60k+ | | | Non-prefixed global variable |
| #958 | Translate WordPress with ConveyThis – AI Multilingual Plugin | 26 | 159 | 297 | 1k+ | | | Non-prefixed global variable |
| #959 | CP Multi View Events Calendar | 26 | 86 | 439 | 1k+ | | | Non-prefixed global variable |
| #960 | WP Frontend Admin – Display WP Admin Pages in the Frontend | 26 | 347 | 337 | 400 | | | Non Singular String Literal Domain |
| #961 | Ditty – Responsive News Tickers, Sliders, and Lists | 26 | 561 | 484 | 30k+ | | | Output is not escaped |
| #962 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | | | Unsafe printing function |
| #963 | ezCache | 26 | 127 | 269 | 10k+ | | | Direct Query |
| #964 | RSS Redirect & Feedburner Alternative | 26 | 277 | 272 | 1k+ | | | Output is not escaped |
| #965 | FG Drupal to WordPress | 26 | 275 | 100 | 700 | | | Unsafe printing function |
| #966 | FG PrestaShop to WooCommerce | 26 | 254 | 94 | 900 | | | Unsafe printing function |
| #967 | FlagShip WooCommerce Shipping | 26 | 495 | 188 | 400 | | | Non Singular String Literal Domain |
| #968 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | 26 | 113 | 597 | 90k+ | | | Non-prefixed global variable |
| #969 | FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) | 26 | 594 | 417 | 2k+ | | | Exception output is not escaped |
| #970 | FV Antispam | 26 | 332 | 239 | 900 | | | Output is not escaped |
| #971 | Translate WordPress – Google Language Translator | 26 | 200 | 317 | 100k+ | | | Non-prefixed global variable |
| #972 | GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites | 26 | 284 | 216 | 500 | | | badly named files |
| #973 | Ibtana – WordPress Website Builder | 26 | 173 | 409 | 10k+ | | | Non-prefixed global variable |
| #974 | Image SEO – AI-Driven Image SEO Optimizer | 26 | 350 | 327 | 1k+ | | | Text Domain Mismatch |
| #975 | Integrate Razorpay for Contact Form 7 | 26 | 152 | 97 | 500 | | | curl curl setopt |
| #976 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | | | Text Domain Mismatch |
| #977 | JustTables – WooCommerce Product Table | 26 | 534 | 652 | 600 | | | Non-prefixed global variable |
| #978 | Landing Page Cat – Coming Soon & Maintenance Pages | 26 | 91 | 180 | 600 | | | Non-prefixed class |
| #979 | Loco Translate | 26 | 454 | 242 | 1m+ | | | Output is not escaped |
| #980 | MakeStories (for Google Web Stories) | 26 | 117 | 416 | 600 | | | Nonce verification recommended |
| #981 | Media File Renamer: Rename for better SEO (AI-Powered) | 26 | 154 | 170 | 40k+ | | | Direct Query |
| #982 | Hotel Booking | 26 | 690 | 940 | 4k+ | | | Unsafe printing function |
| #983 | Omise Payments | 26 | 358 | 256 | 2k+ | | | Output is not escaped |
| #984 | Online Contact Widget-多合一在线客服插件 | 26 | 708 | 80 | 800 | | | Non Singular String Literal Domain |
| #985 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 26 | 272 | 576 | 6k+ | | | Request data is not unslashed |
| #986 | Open User Map – Interactive Leaflet Maps | 26 | 893 | 986 | 10k+ | | | Non-prefixed global variable |
| #987 | Organic Builder Widgets – Simple WordPress Page Builder | 26 | 1,034 | 125 | 4k+ | | | Output is not escaped |
| #988 | Barion Payment Gateway for WooCommerce | 26 | 71 | 221 | 6k+ | | | Non-prefixed global variable |
| #989 | Paytium: Mollie payment forms & donations | 26 | 506 | 551 | 3k+ | | | Unsafe printing function |
| #990 | PDF for WPForms + Drag and Drop Template Builder | 26 | 674 | 113 | 1k+ | | | wp function not compatible with requires wp |
| #991 | LoginWP (Formerly Peter's Login Redirect) | 26 | 401 | 278 | 90k+ | | | Output is not escaped |
| #992 | Crowdsignal Dashboard – Polls, Surveys & more | 26 | 486 | 489 | 200k+ | | | Unsafe printing function |
| #993 | Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress | 26 | 525 | 240 | 600 | | | Text Domain Mismatch |
| #994 | Premmerce User Roles | 26 | 597 | 1,357 | 600 | | | Non-prefixed global variable |
| #995 | Pressidium Cookie Consent | 26 | 203 | 95 | 10k+ | | | Exception output is not escaped |
| #996 | Product Table For WooCommerce | 26 | 191 | 858 | 600 | | | Non-prefixed global variable |
| #997 | Profile Extra Fields by BestWebSoft | 26 | 514 | 532 | 2k+ | | | Text Domain Mismatch |
| #998 | Related Posts Thumbnails Plugin for WordPress | 26 | 382 | 198 | 20k+ | | | Output is not escaped |
| #999 | RestaurantPress | 26 | 265 | 518 | 600 | | | Output is not escaped |
| #1000 | Send Users Email – Email Subscribers, Email Marketing Newsletter | 26 | 188 | 415 | 5k+ | | | Non-prefixed global variable |