| #201 | Timber | 24 | 85 | 128 | 20k+ | | | Non-prefixed hook name |
| #202 | UpdraftPlus: WP Backup & Migration Plugin | 24 | 277 | 299 | 3m+ | | | Non-prefixed global variable |
| #203 | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 24 | 664 | 3,321 | 50k+ | | | Non-prefixed global variable |
| #204 | VikRentItems Flexible Rental Management System | 24 | 4,755 | 4,639 | 600 | | | Non-prefixed global variable |
| #205 | Visitor Traffic Real Time Statistics | 24 | 473 | 930 | 30k+ | | | Non-prefixed global variable |
| #206 | PDF Ink Lite – Free PDF Watermark & Password Protection | 24 | 226 | 561 | 2k+ | | | Non-prefixed global variable |
| #207 | WCMultiShipping — Mondial Relay, Inpost & Chronopost for WooCommerce | 24 | 730 | 499 | 5k+ | | | Output is not escaped |
| #208 | Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates | 24 | 522 | 135 | 10k+ | | | Output is not escaped |
| #209 | Bulk Edit Products for WooCommerce – WP Sheet Editor | 24 | 941 | 936 | 10k+ | | | Text Domain Mismatch |
| #210 | Bulk Edit Coupons for WooCommerce – WP Sheet Editor | 24 | 1,006 | 950 | 500 | | | Text Domain Mismatch |
| #211 | Payment Plugins Braintree For WooCommerce | 24 | 731 | 755 | 2k+ | | | Output is not escaped |
| #212 | EU VAT Assistant for WooCommerce | 24 | 1,742 | 495 | 5k+ | | | Non Singular String Literal Domain |
| #213 | European VAT Compliance Assistant for WooCommerce | 24 | 515 | 317 | 3k+ | | | Output is not escaped |
| #214 | Yoast SEO – Advanced SEO with real-time guidance and built-in AI | 24 | 159 | 386 | 10m+ | | | Non-prefixed global variable |
| #215 | WP Fastest Cache – WordPress Cache Plugin | 24 | 541 | 753 | 1m+ | | | Unsafe printing function |
| #216 | Iptanus File Upload | 24 | 509 | 1,325 | 10k+ | | | Non-prefixed function |
| #217 | WP Hotel Booking | 24 | 1,232 | 1,533 | 7k+ | | | Non-prefixed global variable |
| #218 | WP Job Portal – AI-Powered Recruitment System for Company or Job Board website | 24 | 69 | 1,089 | 8k+ | | | Missing Version |
| #219 | پارسی دیت – Parsi Date | 24 | 106 | 291 | 100k+ | | | Non-prefixed hook name |
| #220 | WP RSS Aggregator – RSS Import, Feed to Post, Autoblogging, AI Content | 24 | 1,775 | 393 | 40k+ | | | Text Domain Mismatch |
| #221 | Bulk Edit Posts and Products in Spreadsheet | 24 | 918 | 912 | 8k+ | | | Text Domain Mismatch |
| #222 | WP-Stateless – Google Cloud Storage | 24 | 1,036 | 482 | 4k+ | | | Non Singular String Literal Domain |
| #223 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | 24 | 2,576 | 2,103 | 100k+ | | | Output is not escaped |
| #224 | WP User Manager – User Profile Builder & Membership | 24 | 787 | 539 | 10k+ | | | Exception output is not escaped |
| #225 | WPIDE – File Manager & Code Editor | 24 | 610 | 1,386 | 40k+ | | | Non-prefixed global variable |
| #226 | 3DPrint Lite | 25 | 175 | 1,029 | 700 | | | Non-prefixed global variable |
| #227 | All 404 Redirect to Homepage | 25 | 140 | 301 | 200k+ | | | date date |
| #228 | Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid | 25 | 243 | 854 | 50k+ | | | Non-prefixed global variable |
| #229 | Booking Calendar Contact Form | 25 | 371 | 884 | 500 | | | Input is not validated |
| #230 | Breeze Cache | 25 | 218 | 800 | 400k+ | | | Non-prefixed global variable |
| #231 | Colissimo shipping methods for WooCommerce | 25 | 1,755 | 557 | 10k+ | | | Text Domain Mismatch |
| #232 | Disable Comments & Delete All Comments | 25 | 503 | 185 | 9k+ | | | Output is not escaped |
| #233 | DecaLog | 25 | 943 | 236 | 1k+ | | | Exception output is not escaped |
| #234 | Disable Admin Notices – Hide Dashboard Notifications | 25 | 465 | 195 | 100k+ | | | Output is not escaped |
| #235 | GD Rating System | 25 | 1,511 | 1,043 | 1k+ | | | Output is not escaped |
| #236 | GD Security Headers | 25 | 407 | 521 | 1k+ | | | Output is not escaped |
| #237 | Site Kit by Google – Analytics, Search Console, AdSense, Speed | 25 | 1,304 | 242 | 5m+ | | | Missing direct file access protection |
| #238 | Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin | 25 | 608 | 207 | 20k+ | | | Text Domain Mismatch |
| #239 | Infinite Uploads – Offload Media and Video to Cloud Storage | 25 | 579 | 720 | 800 | | | Direct Query |
| #240 | IP Location Block | 25 | 521 | 624 | 10k+ | | | Output is not escaped |
| #241 | IP Locator | 25 | 482 | 211 | 600 | | | Text Domain Mismatch |
| #242 | Media Cloud Sync | 25 | 1,095 | 274 | 1k+ | | | Exception output is not escaped |
| #243 | Create | 25 | 1,558 | 769 | 6k+ | | | Text Domain Mismatch |
| #244 | PDF Importer for WPForms | 25 | 332 | 329 | 400 | | | Non-prefixed global variable |
| #245 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | | | Non-prefixed global variable |
| #246 | phpinfo() WP — Site Health, PHP Compatibility & Server Audit | 25 | 276 | 704 | 3k+ | | | Non-prefixed global variable |
| #247 | Quttera ThreatSign – Web Malware Scanner for WordPress | 25 | 334 | 471 | 10k+ | | | Non-prefixed global variable |
| #248 | SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking | 25 | 196 | 902 | 2k+ | | | Direct Query |
| #249 | Tamara Checkout | 25 | 601 | 228 | 2k+ | | | Exception output is not escaped |
| #250 | Taskbuilder – Project Management & Task Management Tool With Kanban Board | 25 | 127 | 4,332 | 800 | | | Non-prefixed global variable |
