| #301 | GD Security Headers | 25 | 407 | 521 | 1k+ | | | Output is not escaped |
| #302 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | 25 | 50 | 1,043 | 1k+ | | | Non-prefixed global variable |
| #303 | WPBruiser {no- Captcha anti-Spam} | 25 | 646 | 259 | 10k+ | | | Non Singular String Literal Domain |
| #304 | Site Kit by Google – Analytics, Search Console, AdSense, Speed | 25 | 1,304 | 242 | 5m+ | | | Missing direct file access protection |
| #305 | Sitemap by BestWebSoft – WordPress XML Site Map Page Generator Plugin | 25 | 608 | 207 | 20k+ | | | Text Domain Mismatch |
| #306 | Hardcore Google Fonts Localizer | 25 | 331 | 261 | 800 | | | Text Domain Mismatch |
| #307 | HT Contact Form – Drag & Drop Form Builder for WordPress | 25 | 160 | 594 | 10k+ | | | Non-prefixed global variable |
| #308 | Independent Analytics – WordPress Analytics Plugin | 25 | 1,148 | 2,293 | 100k+ | | | Non-prefixed global variable |
| #309 | Index WP MySQL For Speed | 25 | 250 | 255 | 50k+ | | | Output is not escaped |
| #310 | Infinite Uploads – Offload Media and Video to Cloud Storage | 25 | 579 | 720 | 800 | | | Direct Query |
| #311 | IP Location Block | 25 | 521 | 624 | 10k+ | | | Output is not escaped |
| #312 | JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin | 25 | 1,541 | 1,578 | 1k+ | | | Non-prefixed global variable |
| #313 | Loginizer | 25 | 814 | 504 | 1m+ | | | Output is not escaped |
| #314 | LWS Optimize – All-in-One Speed Booster & Cache Tools | 25 | 430 | 764 | 20k+ | | | Non-prefixed global variable |
| #315 | MaxButtons – Create buttons | 25 | 626 | 404 | 70k+ | | | Output is not escaped |
| #316 | Media Cloud Sync | 25 | 1,095 | 274 | 1k+ | | | Exception output is not escaped |
| #317 | MyFatoorah – WooCommerce | 25 | 191 | 89 | 2k+ | | | Output is not escaped |
| #318 | Nexter Extension – Security, Performance, Code Snippets & Site Toolkit | 25 | 198 | 712 | 10k+ | | | Nonce verification recommended |
| #319 | PDF Importer for WPForms | 25 | 332 | 329 | 400 | | | Non-prefixed global variable |
| #320 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | | | Non-prefixed global variable |
| #321 | phpinfo() WP — Site Health, PHP Compatibility & Server Audit | 25 | 276 | 704 | 3k+ | | | Non-prefixed global variable |
| #322 | Piotnet Forms | 25 | 187 | 374 | 3k+ | | | Alternative PHP tag found |
| #323 | reSmush.it : The original free image compressor and optimizer plugin | 25 | 155 | 69 | 100k+ | | | Output is not escaped |
| #324 | BerqWP – All-In-One Optimization for Core Web Vitals, Cache, CDN, Images, CSS & JavaScript | 25 | 198 | 501 | 4k+ | | | Non-prefixed global variable |
| #325 | SEO Repair Kit – Meta Manager, Schema Manager, SEO Content Monitoring, GSC Integration, Keyword & Rank Tracking | 25 | 196 | 902 | 2k+ | | | Direct Query |
| #326 | Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin | 25 | 960 | 738 | 60k+ | | | Text Domain Mismatch |
| #327 | Simply Static – The Static Site Generator | 25 | 165 | 448 | 30k+ | | | Non-prefixed hook name |
| #328 | Sitemap by click5 | 25 | 286 | 132 | 6k+ | | | Unsafe printing function |
| #329 | Tamara Checkout | 25 | 601 | 228 | 2k+ | | | Exception output is not escaped |
| #330 | Taskbuilder – Project Management & Task Management Tool With Kanban Board | 25 | 127 | 4,332 | 800 | | | Non-prefixed global variable |
| #331 | Toocheke Companion | 25 | 409 | 1,113 | 1k+ | | | Non-prefixed global variable |
| #332 | TrackShip for WooCommerce | 25 | 421 | 957 | 6k+ | | | Non-prefixed global variable |
| #333 | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | 25 | 691 | 1,581 | 50k+ | | | Non-prefixed global variable |
| #334 | Ultimate Post Kit Addons for Elementor | 25 | 182 | 412 | 30k+ | | | Missing nonce verification |
| #335 | Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | 25 | 205 | 959 | 500 | | | Request data is not unslashed |
| #336 | VikBooking Hotel Booking Engine & PMS | 25 | 13,244 | 8,314 | 8k+ | | | Output is not escaped |
| #337 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | | | Non-prefixed global variable |
| #338 | Advanced Shipment Tracking for WooCommerce | 25 | 501 | 724 | 60k+ | | | Non-prefixed global variable |
| #339 | PDF Builder for WooCommerce. Create invoices,packing slips and more | 25 | 372 | 503 | 2k+ | | | Non-prefixed global variable |
| #340 | Pay with Vipps and MobilePay for WooCommerce | 25 | 846 | 514 | 5k+ | | | Output is not escaped |
| #341 | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) | 25 | 169 | 295 | 20k+ | | | Non-prefixed global variable |
| #342 | Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals | 25 | 137 | 353 | 60k+ | | | Input is not sanitized |
| #343 | WP-DownloadManager | 25 | 607 | 508 | 3k+ | | | Unsafe printing function |
| #344 | WP Encryption – No.1 HTTPS plugin & One Click Free SSL Cert, HTTPS Redirect, Security | 25 | 727 | 1,554 | 50k+ | | | Non-prefixed global variable |
| #345 | SlimStat Analytics | 25 | 1,177 | 870 | 70k+ | | | Exception output is not escaped |
| #346 | Smush – Image Optimization, Compression, Lazy Load, WebP & CDN | 25 | 252 | 566 | 1m+ | | | Non-prefixed hook name |
| #347 | WPvivid — Backup, Migration & Staging | 25 | 899 | 1,461 | 900k+ | | | Non-prefixed namespace |
| #348 | Backup, Restore and Migrate your sites with XCloner | 25 | 238 | 864 | 10k+ | | | Input is not sanitized |
| #349 | ActiveCampaign for WooCommerce | 26 | 541 | 190 | 6k+ | | | Exception output is not escaped |
| #350 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |