| #551 | TranslatePress – Translate Multilingual sites with AI Translation | 25 | 455 | 1,545 | 400k+ | | | Non-prefixed function |
| #552 | Spectra Gutenberg Blocks – Website Builder for the Block Editor | 25 | 253 | 3,227 | 1m+ | | | Non-prefixed global variable |
| #553 | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | 25 | 691 | 1,581 | 50k+ | | | Non-prefixed global variable |
| #554 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | | | Unsafe printing function |
| #555 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | | | Output is not escaped |
| #556 | Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | 25 | 205 | 959 | 500 | | | Request data is not unslashed |
| #557 | VikAppointments Services Booking Calendar | 25 | 9,753 | 5,207 | 500 | | | Output is not escaped |
| #558 | VikBooking Hotel Booking Engine & PMS | 25 | 13,244 | 8,314 | 8k+ | | | Output is not escaped |
| #559 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | | | Non-prefixed global variable |
| #560 | VikRestaurants Table Reservations and Take-Away | 25 | 11,644 | 4,932 | 600 | | | Output is not escaped |
| #561 | PDF Builder for WooCommerce. Create invoices,packing slips and more | 25 | 372 | 503 | 2k+ | | | Non-prefixed global variable |
| #562 | Pay with Vipps and MobilePay for WooCommerce | 25 | 846 | 514 | 5k+ | | | Output is not escaped |
| #563 | WordPress Importer | 25 | 238 | 110 | 2m+ | | | Output is not escaped |
| #564 | Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals | 25 | 137 | 353 | 60k+ | | | Input is not sanitized |
| #565 | Comments Extra Fields For Post,Pages and CPT | 25 | 577 | 418 | 500 | | | Text Domain Mismatch |
| #566 | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | 25 | 1,431 | 1,270 | 10k+ | | | Output is not escaped |
| #567 | WP Review Slider | 25 | 1,186 | 2,279 | 6k+ | | | Non-prefixed global variable |
| #568 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | | | Unsafe printing function |
| #569 | WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security | 25 | 727 | 1,554 | 50k+ | | | Non-prefixed global variable |
| #570 | WP Photo Album Plus | 25 | 3 | 1,799 | 10k+ | | | Direct Query |
| #571 | WP-Polls | 25 | 618 | 639 | 40k+ | | | Unsafe printing function |
| #572 | Perfect Images: Regenerate Thumbnails, Image Sizes, WebP & AVIF | 25 | 158 | 118 | 60k+ | | | Non-prefixed global variable |
| #573 | SlimStat Analytics | 25 | 1,177 | 870 | 70k+ | | | Exception output is not escaped |
| #574 | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | 25 | 252 | 566 | 1m+ | | | Non-prefixed hook name |
| #575 | Wp Social Login and Register Social Counter | 25 | 80 | 738 | 90k+ | | | Non-prefixed global variable |
| #576 | WP Statistics – Simple, privacy-friendly Google Analytics alternative | 25 | 610 | 2,465 | 600k+ | | | Non-prefixed global variable |
| #577 | WP Super Cache | 25 | 800 | 989 | 1m+ | | | Output is not escaped |
| #578 | WP Time Slots Booking Form | 25 | 439 | 1,137 | 1k+ | | | Non-prefixed global variable |
| #579 | WPCargo Track & Trace | 25 | 239 | 557 | 10k+ | | | Non-prefixed global variable |
| #580 | Team Members Showcase | 25 | 591 | 1,494 | 4k+ | | | Non-prefixed global variable |
| #581 | WPvivid Backup for MainWP | 25 | 818 | 1,794 | 10k+ | | | Missing nonce verification |
| #582 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | | | Non-prefixed namespace |
| #583 | Backup, Restore and Migrate your sites with XCloner | 25 | 238 | 864 | 10k+ | | | Input is not sanitized |
| #584 | YeeMail — Email Template Builder & Customizer | 25 | 606 | 222 | 600 | | | wp function not compatible with requires wp |
| #585 | ActiveCampaign for WooCommerce | 26 | 541 | 190 | 6k+ | | | Exception output is not escaped |
| #586 | AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) | 26 | 286 | 291 | 8k+ | | | Text Domain Mismatch |
| #587 | Attesa Extra | 26 | 316 | 151 | 1k+ | | | Output is not escaped |
| #588 | Booking Manager – Sync WP Booking Calendar – Import Events, Export Bookings to ICS Calendar | 26 | 526 | 263 | 5k+ | | | Output is not escaped |
| #589 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #590 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | 26 | 113 | 671 | 400k+ | | | Non-prefixed global variable |
| #591 | Database for Contact Form 7, WPforms, Elementor forms | 26 | 317 | 489 | 60k+ | | | Non-prefixed global variable |
| #592 | ELEX WooCommerce Google Shopping (Google Product Feed) | 26 | 226 | 242 | 1k+ | | | Text Domain Mismatch |
| #593 | Event Monster – Event Manager, Ticket Booking & Registration | 26 | 781 | 781 | 700 | | | Non-prefixed global variable |
| #594 | ezCache | 26 | 127 | 269 | 10k+ | | | Direct Query |
| #595 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | 26 | 113 | 597 | 90k+ | | | Non-prefixed global variable |
| #596 | FV Antispam | 26 | 332 | 239 | 900 | | | Output is not escaped |
| #597 | Translate WordPress – Google Language Translator | 26 | 200 | 317 | 100k+ | | | Non-prefixed global variable |
| #598 | Integrate Razorpay for Contact Form 7 | 26 | 152 | 97 | 500 | | | curl curl setopt |
| #599 | Kadence Central – Site Management, Backups, Security, and Reporting | 26 | 462 | 213 | 30k+ | | | Text Domain Mismatch |
| #600 | Media File Renamer: Rename for better SEO (AI-Powered) | 26 | 154 | 170 | 40k+ | | | Direct Query |