| #151 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,192 | 770 | 30k+ | | Output is not escaped |
| #152 | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | 24 | 926 | 322 | 10k+ | | Output is not escaped |
| #153 | MoreConvert Wishlist for WooCommerce | 24 | 3,678 | 629 | 9k+ | | Text Domain Mismatch |
| #154 | Spotlight Social Feeds – Block, Shortcode, and Widget | 24 | 411 | 147 | 60k+ | | Output is not escaped |
| #155 | Tainacan | 24 | 156 | 598 | 1k+ | | Direct Query |
| #156 | Timber | 24 | 85 | 128 | 20k+ | | Non-prefixed hook name |
| #157 | UpdraftPlus: WP Backup & Migration Plugin | 24 | 277 | 299 | 3m+ | | Non-prefixed global variable |
| #158 | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 24 | 664 | 3,318 | 60k+ | | Non-prefixed global variable |
| #159 | PDF Ink Lite – Free PDF Watermark & Password Protection | 24 | 226 | 561 | 2k+ | | Non-prefixed global variable |
| #160 | WCMultiShipping — Mondial Relay, Inpost & Chronopost for WooCommerce | 24 | 730 | 499 | 5k+ | | Output is not escaped |
| #161 | Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates | 24 | 522 | 135 | 10k+ | | Output is not escaped |
| #162 | Bulk Edit Products for WooCommerce – WP Sheet Editor | 24 | 941 | 936 | 10k+ | | Text Domain Mismatch |
| #163 | Payment Plugins Braintree For WooCommerce | 24 | 731 | 755 | 2k+ | | Output is not escaped |
| #164 | EU VAT Assistant for WooCommerce | 24 | 1,742 | 495 | 5k+ | | Non Singular String Literal Domain |
| #165 | European VAT Compliance Assistant for WooCommerce | 24 | 515 | 317 | 3k+ | | Output is not escaped |
| #166 | Yoast SEO – Advanced SEO with real-time guidance and built-in AI | 24 | 159 | 386 | 10m+ | | Non-prefixed global variable |
| #167 | WP Fastest Cache – WordPress Cache Plugin | 24 | 541 | 753 | 1m+ | | Unsafe printing function |
| #168 | Iptanus File Upload | 24 | 509 | 1,325 | 10k+ | | Non-prefixed function |
| #169 | WP Hotel Booking | 24 | 1,250 | 1,555 | 7k+ | | Non-prefixed global variable |
| #170 | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | 24 | 69 | 1,089 | 8k+ | | Missing Version |
| #171 | WP RSS Aggregator – RSS Import, Feed to Post, Autoblogging, AI Content | 24 | 1,775 | 393 | 40k+ | | Text Domain Mismatch |
| #172 | Bulk Edit Posts and Products in Spreadsheet | 24 | 918 | 912 | 9k+ | | Text Domain Mismatch |
| #173 | SlimStat Analytics | 24 | 1,169 | 737 | 70k+ | | Exception output is not escaped |
| #174 | WP-Stateless – Google Cloud Storage | 24 | 1,036 | 482 | 4k+ | | Non Singular String Literal Domain |
| #175 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | 24 | 2,576 | 2,103 | 100k+ | | Output is not escaped |
| #176 | WP User Manager – User Profile Builder & Membership | 24 | 787 | 539 | 10k+ | | Exception output is not escaped |
| #177 | WPIDE – File Manager & Code Editor | 24 | 610 | 1,386 | 40k+ | | Non-prefixed global variable |
| #178 | All 404 Redirect to Homepage | 25 | 140 | 301 | 200k+ | | date date |
| #179 | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | 25 | 243 | 854 | 50k+ | | Non-prefixed global variable |
| #180 | Breeze Cache | 25 | 217 | 790 | 400k+ | | Non-prefixed global variable |
| #181 | Colissimo shipping methods for WooCommerce | 25 | 1,755 | 557 | 10k+ | | Text Domain Mismatch |
| #182 | Disable Comments & Delete All Comments | 25 | 503 | 185 | 9k+ | | Output is not escaped |
| #183 | DecaLog | 25 | 943 | 236 | 1k+ | | Exception output is not escaped |
| #184 | Disable Admin Notices – Hide Dashboard Notifications | 25 | 465 | 195 | 100k+ | | Output is not escaped |
| #185 | GD Security Headers | 25 | 407 | 521 | 1k+ | | Output is not escaped |
| #186 | Site Kit by Google – Analytics, Search Console, AdSense, Speed | 25 | 1,304 | 242 | 5m+ | | Missing direct file access protection |
| #187 | Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin | 25 | 608 | 207 | 20k+ | | Text Domain Mismatch |
| #188 | IP Location Block | 25 | 521 | 624 | 10k+ | | Output is not escaped |
| #189 | Create | 25 | 1,558 | 767 | 6k+ | | Text Domain Mismatch |
| #190 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | | Non-prefixed global variable |
| #191 | phpinfo() WP — Site Health, PHP Compatibility & Server Audit | 25 | 276 | 704 | 3k+ | | Non-prefixed global variable |
| #192 | Quttera ThreatSign – Web Malware Scanner for WordPress | 25 | 334 | 471 | 10k+ | | Non-prefixed global variable |
| #193 | SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking | 25 | 196 | 902 | 2k+ | | Direct Query |
| #194 | Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management | 25 | 387 | 935 | 10k+ | | SQL query is not prepared |
| #195 | Tamara Checkout | 25 | 601 | 228 | 2k+ | | Exception output is not escaped |
| #196 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | | Unsafe printing function |
| #197 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | | Output is not escaped |
| #198 | VikBooking Hotel Booking Engine & PMS | 25 | 13,232 | 8,312 | 8k+ | | Output is not escaped |
| #199 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | | Non-prefixed global variable |
| #200 | W3 Total Cache | 25 | 617 | 1,345 | 900k+ | | Non-prefixed global variable |
