| #101 | PowerPress Podcasting plugin by Blubrry | 23 | 4,807 | 2,394 | 20k+ | | | Output is not escaped |
| #102 | Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management | 23 | 295 | 298 | 4k+ | | | Non-prefixed global variable |
| #103 | Directory Listings WordPress plugin – uListing | 23 | 947 | 1,573 | 1k+ | | | Non-prefixed global variable |
| #104 | W3 Total Cache | 23 | 307 | 678 | 900k+ | | | Non-prefixed global variable |
| #105 | Peach Payments Gateway | 23 | 298 | 129 | 1k+ | | | Non Singular String Literal Domain |
| #106 | Billingo Plus integráció WooCommerce-hez | 23 | 1,119 | 507 | 900 | | | Text Domain Mismatch |
| #107 | PostFinance Checkout | 23 | 979 | 214 | 1k+ | | | Text Domain Mismatch |
| #108 | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | 23 | 7,423 | 2,181 | 90k+ | | | Text Domain Mismatch |
| #109 | WP Free SSL | 23 | 735 | 1,345 | 1k+ | | | Non-prefixed global variable |
| #110 | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | 23 | 1,123 | 1,860 | 9k+ | | | Output is not escaped |
| #111 | Lead Form Data Collection to CRM | 23 | 211 | 1,698 | 400 | | | Non-prefixed global variable |
| #112 | پارسی دیت – Parsi Date | 23 | 102 | 289 | 100k+ | | | Non-prefixed hook name |
| #113 | Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form | 23 | 419 | 542 | 2k+ | | | Non-prefixed global variable |
| #114 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | 23 | 2,317 | 1,714 | 5k+ | | | Output is not escaped |
| #115 | Anti Spam and list cleaner – AcyChecker | 24 | 462 | 88 | 400 | | | Output is not escaped |
| #116 | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | 24 | 5,230 | 1,464 | 7k+ | | | Output is not escaped |
| #117 | Advanced iFrame | 24 | 887 | 1,120 | 40k+ | | | Non-prefixed global variable |
| #118 | Auto-Install Free SSL – Generate & Install Free SSL Certificates | 24 | 991 | 1,495 | 8k+ | | | Non-prefixed global variable |
| #119 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | | | Non-prefixed global variable |
| #120 | Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) | 24 | 1,837 | 1,063 | 1k+ | | | Text Domain Mismatch |
| #121 | Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces | 24 | 2,248 | 3,338 | 10k+ | | | slow db query meta key |
| #122 | Message Filter for Contact Form 7 | 24 | 1,057 | 1,594 | 1k+ | | | Non-prefixed global variable |
| #123 | Business Essentials for Contact Form 7 | 24 | 674 | 403 | 8k+ | | | Text Domain Mismatch |
| #124 | Complianz – GDPR/CCPA Cookie Consent | 24 | 487 | 403 | 1m+ | | | Missing Arg Domain |
| #125 | F12 Profiler | 24 | 282 | 451 | 500 | | | Direct Query |
| #126 | FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | 24 | 193 | 753 | 80k+ | | | Direct Query |
| #127 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | 24 | 826 | 1,314 | 600k+ | | | Non-prefixed global variable |
| #128 | Photo Gallery – Responsive Image Galleries by Supsystic | 24 | 240 | 91 | 20k+ | | | Text Domain Mismatch |
| #129 | Simple Calendar – Google Calendar Plugin | 24 | 2,053 | 592 | 50k+ | | | Missing direct file access protection |
| #130 | MxChat – AI Chatbot & Content Generation for WordPress | 24 | 3,157 | 1,385 | 2k+ | | | Text Domain Mismatch |
| #131 | PixelYourSite – Your smart PIXEL (TAG) & API Manager | 24 | 1,160 | 2,407 | 500k+ | | | Non-prefixed namespace |
| #132 | Pz-LinkCard | 24 | 951 | 1,581 | 20k+ | | | Non-prefixed global variable |
| #133 | Simple Membership | 24 | 2,373 | 1,789 | 40k+ | | | Unsafe printing function |
| #134 | Social Media Auto Publish | 24 | 1,468 | 713 | 6k+ | | | Unsafe printing function |
| #135 | Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe | 24 | 634 | 652 | 9k+ | | | Exception output is not escaped |
| #136 | Ultra Addons for Contact Form 7 | 24 | 1,543 | 452 | 60k+ | | | Text Domain Mismatch |
| #137 | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 24 | 664 | 3,321 | 60k+ | | | Non-prefixed global variable |
| #138 | WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors | 24 | 168 | 584 | 4k+ | | | Non-prefixed class |
| #139 | Payment Gateway for PayPal on WooCommerce | 24 | 153 | 561 | 10k+ | | | Nonce verification recommended |
| #140 | wallee | 24 | 331 | 220 | 400 | | | Exception output is not escaped |
| #141 | EU VAT Assistant for WooCommerce | 24 | 1,742 | 495 | 5k+ | | | Non Singular String Literal Domain |
| #142 | European VAT Compliance Assistant for WooCommerce | 24 | 515 | 317 | 3k+ | | | Output is not escaped |
| #143 | AgenWebsite Shipping – Plugin Ongkos Kirim & Generate Resi Otomatis Semua Kurir Indonesia | 24 | 1,199 | 1,041 | 400 | | | Text Domain Mismatch |
| #144 | AI ChatBot for eCommerce – WoowBot | 24 | 145 | 528 | 1k+ | | | Request data is not unslashed |
| #145 | WP RSS Aggregator – RSS Import, Feed to Post, Autoblogging, AI Content | 24 | 1,775 | 393 | 40k+ | | | Text Domain Mismatch |
| #146 | SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher | 24 | 296 | 245 | 10k+ | | | Output is not escaped |
| #147 | WP Travel – Ultimate Travel Booking System, Tour Management Engine | 24 | 226 | 1,951 | 4k+ | | | Non-prefixed hook name |
| #148 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software | 24 | 2,010 | 5,688 | 20k+ | | | Non-prefixed global variable |
| #149 | WP User Manager – User Profile Builder & Membership | 24 | 787 | 539 | 10k+ | | | Exception output is not escaped |
| #150 | WPSpeed – WordPress Speed, Cache & Performance Optimization (Core Web Vitals, PageSpeed 100) | 24 | 482 | 189 | 2k+ | | | Output is not escaped |
