| #101 | teachPress | 23 | 744 | 1,587 | 2k+ | | | SQL query is not prepared |
| #102 | Travelpayouts | 23 | 769 | 110 | 6k+ | | | Output is not escaped |
| #103 | UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP | 23 | 695 | 2,434 | 20k+ | | | Non-prefixed hook name |
| #104 | Cart PDF for WooCommerce | 23 | 531 | 172 | 1k+ | | | Exception output is not escaped |
| #105 | Worth The Read | 23 | 873 | 138 | 3k+ | | | Text Domain Mismatch |
| #106 | WP Compress – Instant Performance & Speed Optimization | 23 | 3,053 | 2,384 | 10k+ | | | Non Singular String Literal Domain |
| #107 | WP Migrate Lite – Migration Made Easy | 23 | 368 | 254 | 200k+ | | | Exception output is not escaped |
| #108 | WP STAGING – WordPress Backup, Restore & Migration | 23 | 1,414 | 1,327 | 100k+ | | | Non-prefixed global variable |
| #109 | WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel | 23 | 1,119 | 3,516 | 20k+ | | | Interpolated SQL is not prepared |
| #110 | Photo Engine (Media Organizer & Lightroom) | 23 | 252 | 650 | 2k+ | | | Direct Query |
| #111 | A2 Optimized WP – Turbocharge and secure your WordPress site | 24 | 271 | 231 | 60k+ | | | Missing Arg Domain |
| #112 | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | 24 | 5,230 | 1,464 | 7k+ | | | Output is not escaped |
| #113 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | | | Non-prefixed global variable |
| #114 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | | | Non-prefixed global variable |
| #115 | Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces | 24 | 2,248 | 3,338 | 10k+ | | | slow db query meta key |
| #116 | Bookit — Booking & Appointment Calendar | 24 | 566 | 1,456 | 4k+ | | | Non-prefixed global variable |
| #117 | Contact Form by Supsystic | 24 | 1,913 | 633 | 6k+ | | | Non Singular String Literal Domain |
| #118 | CRM Perks Forms – WordPress Form Builder | 24 | 819 | 577 | 1k+ | | | Output is not escaped |
| #119 | Defender Security – Malware Scanner, Login Security & Firewall | 24 | 306 | 518 | 80k+ | | | Non-prefixed namespace |
| #120 | Doubly – Cross Domain Copy Paste for WordPress | 24 | 252 | 55 | 10k+ | | | Output is not escaped |
| #121 | Enable Media Replace | 24 | 214 | 276 | 600k+ | | | Output is not escaped |
| #122 | Fast Velocity Minify | 24 | 282 | 256 | 40k+ | | | Unsafe printing function |
| #123 | Featured Image from URL (FIFU) | 24 | 1,654 | 418 | 70k+ | | | Non Singular String Literal Domain |
| #124 | Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress | 24 | 536 | 324 | 10k+ | | | Text Domain Mismatch |
| #125 | Assets manager, dequeue scripts, dequeue styles for WordPress | 24 | 592 | 255 | 2k+ | | | Output is not escaped |
| #126 | Simple Calendar – Google Calendar Plugin | 24 | 2,035 | 591 | 50k+ | | | Missing direct file access protection |
| #127 | Easy Google Maps | 24 | 1,764 | 389 | 20k+ | | | Non Singular String Literal Domain |
| #128 | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | 24 | 3,410 | 866 | 70k+ | | | Text Domain Mismatch |
| #129 | Import and export users and customers | 24 | 1,046 | 356 | 70k+ | | | Unsafe printing function |
| #130 | Social Slider Feed – Social Media Feed & Gallery Widgets | 24 | 929 | 707 | 20k+ | | | Non-prefixed global variable |
| #131 | InstaWP Connect – 1-click WP Staging & Migration | 24 | 253 | 811 | 40k+ | | | Non-prefixed global variable |
| #132 | Mang Board WP | 24 | 1,249 | 4,720 | 9k+ | | | Non-prefixed global variable |
| #133 | Media Library Folders | 24 | 889 | 807 | 10k+ | | | Text Domain Mismatch |
| #134 | Page Builder: Pagelayer – Drag and Drop website builder | 24 | 766 | 555 | 400k+ | | | Output is not escaped |
| #135 | Database Manager – WP Adminer | 24 | 1,005 | 2,752 | 20k+ | | | Non-prefixed global variable |
| #136 | PixelYourSite – Your smart PIXEL (TAG) & API Manager | 24 | 1,160 | 2,407 | 500k+ | | | Non-prefixed namespace |
| #137 | Premmerce Product Filter for WooCommerce | 24 | 817 | 1,486 | 2k+ | | | Non-prefixed global variable |
| #138 | ProfileGrid – User Profiles, Groups and Communities | 24 | 473 | 2,463 | 6k+ | | | Non-prefixed global variable |
| #139 | QuadMenu – Mega Menu | 24 | 2,129 | 455 | 10k+ | | | Output is not escaped |
| #140 | reGenerate Thumbnails Advanced | 24 | 220 | 122 | 70k+ | | | Unsafe printing function |
| #141 | RSFirewall! | 24 | 563 | 521 | 4k+ | | | Output is not escaped |
| #142 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,192 | 770 | 30k+ | | | Output is not escaped |
| #143 | Shortcodes Ultimate – Content Elements | 24 | 656 | 1,552 | 400k+ | | | Non-prefixed global variable |
| #144 | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | 24 | 926 | 322 | 10k+ | | | Output is not escaped |
| #145 | SiteGuard WP Plugin | 24 | 363 | 345 | 500k+ | | | Output is not escaped |
| #146 | Slideshow Gallery LITE | 24 | 896 | 414 | 5k+ | | | Output is not escaped |
| #147 | Social Media Auto Publish | 24 | 1,468 | 713 | 6k+ | | | Unsafe printing function |
| #148 | GEO Plugin by Squirrly SEO | 24 | 1,196 | 224 | 40k+ | | | Missing Translators Comment |
| #149 | Stripe Payment Forms by WP Simple Pay – Accept Credit Card Payments + Subscriptions with Stripe | 24 | 634 | 652 | 9k+ | | | Exception output is not escaped |
| #150 | Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! | 24 | 167 | 222 | 400k+ | | | Nonce verification recommended |
