| #51 | Paysera Payment Gateway for WooCommerce | 21 | 1,866 | 195 | 7k+ | | | Exception output is not escaped |
| #52 | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | 21 | 786 | 3,395 | 30k+ | | | Non-prefixed global variable |
| #53 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | | | Output is not escaped |
| #54 | WP Compress – Instant Performance & Speed Optimization | 21 | 3,363 | 3,274 | 10k+ | | | Non Singular String Literal Domain |
| #55 | WP-Lister Lite for eBay | 21 | 6,697 | 5,129 | 2k+ | | | Output is not escaped |
| #56 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | | | Missing Arg Domain |
| #57 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | 21 | 1,811 | 1,432 | 70k+ | | | Output is not escaped |
| #58 | Premium Packages – Sell Digital Products Securely | 21 | 2,765 | 2,444 | 3k+ | | | Output is not escaped |
| #59 | Frontend Admin by DynamiApps | 22 | 5,922 | 3,208 | 10k+ | | | Text Domain Mismatch |
| #60 | Booking for Appointments and Events Calendar – Amelia | 22 | 1,489 | 480 | 90k+ | | | Exception output is not escaped |
| #61 | ANAC XML Bandi di Gara | 22 | 294 | 244 | 600 | | | Output is not escaped |
| #62 | Backup Bolt | 22 | 580 | 1,313 | 800 | | | Non-prefixed global variable |
| #63 | BuddyPress | 22 | 583 | 9,008 | 100k+ | | | Non-prefixed function |
| #64 | Better WordPress Minify | 22 | 412 | 484 | 8k+ | | | Non Singular String Literal Domain |
| #65 | Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms | 22 | 493 | 295 | 10k+ | | | Text Domain Mismatch |
| #66 | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | 22 | 2,858 | 1,270 | 50k+ | | | Text Domain Mismatch |
| #67 | Code Profiler – WordPress Performance Profiling and Debugging Made Easy | 22 | 265 | 400 | 8k+ | | | Non-prefixed global variable |
| #68 | Accept PayPal Payments using Contact Form 7 | 22 | 359 | 127 | 600 | | | Text Domain Mismatch |
| #69 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 22 | 3,654 | 5,061 | 8k+ | | | Non-prefixed global variable |
| #70 | WP Customer Area | 22 | 3,308 | 941 | 10k+ | | | Text Domain Mismatch |
| #71 | Data Tables Generator by Supsystic | 22 | 157 | 150 | 10k+ | | | Exception output is not escaped |
| #72 | DirectoryPress – Business Directory And Classified Ad Listing | 22 | 4,787 | 2,795 | 800 | | | Text Domain Mismatch |
| #73 | Download Manager | 22 | 2,284 | 1,335 | 100k+ | | | Output is not escaped |
| #74 | Dynamic QR Code – generator | 22 | 238 | 208 | 6k+ | | | Missing direct file access protection |
| #75 | E2Pdf – Export Pdf Tool for WordPress | 22 | 1,075 | 836 | 10k+ | | | Unsafe printing function |
| #76 | Events Manager – Calendar, Bookings, Tickets, and more! | 22 | 4,713 | 5,647 | 70k+ | | | Output is not escaped |
| #77 | File Manager Pro – Filester | 22 | 565 | 391 | 100k+ | | | Request data is not unslashed |
| #78 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | 22 | 1,031 | 451 | 4k+ | | | Output is not escaped |
| #79 | Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | 22 | 409 | 236 | 700k+ | | | Text Domain Mismatch |
| #80 | Heureka | 22 | 557 | 254 | 400 | | | Exception output is not escaped |
| #81 | Insert or Embed Articulate Content into WordPress | 22 | 659 | 1,437 | 2k+ | | | Non-prefixed global variable |
| #82 | The Innovative Form Builder – IvyForms | 22 | 713 | 250 | 400 | | | Exception output is not escaped |
| #83 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | | | Exception output is not escaped |
| #84 | Import WP – Export and Import CSV and XML files to WordPress | 22 | 580 | 330 | 4k+ | | | Exception output is not escaped |
| #85 | Jim Soft Swiss QR Invoice | 22 | 262 | 392 | 400 | | | Non-prefixed global variable |
| #86 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,619 | 2,453 | 10k+ | | | Output is not escaped |
| #87 | Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | 22 | 207 | 323 | 500k+ | | | Non-prefixed global variable |
| #88 | Moloni | 22 | 902 | 356 | 2k+ | | | Missing Arg Domain |
| #89 | myCred Toolkit with AI Assistant – Scale Your Loyalty & Gamification Rewards With Integrations | 22 | 1,588 | 1,172 | 400 | | | Output is not escaped |
| #90 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,266 | 2,059 | 100k+ | | | Non-prefixed global variable |
| #91 | NinjaScanner – Virus & Malware scan | 22 | 596 | 551 | 30k+ | | | Non-prefixed global variable |
| #92 | PDF Builder for WPForms | 22 | 321 | 266 | 900 | | | SQL query is not prepared |
| #93 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | | | Non Singular String Literal Domain |
| #94 | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | 22 | 1,581 | 2,326 | 300k+ | | | Non-prefixed global variable |
| #95 | Prime Mover – Migrate WordPress Website & Backups | 22 | 1,326 | 1,600 | 10k+ | | | Non-prefixed global variable |
| #96 | Product Catalog Feed by PixelYourSite | 22 | 581 | 357 | 8k+ | | | Output is not escaped |
| #97 | PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP | 22 | 984 | 407 | 5k+ | | | Unsafe printing function |
| #98 | RabbitLoader Cache: Optimize your Website for Speed | 22 | 241 | 163 | 2k+ | | | Output is not escaped |
| #99 | Seraphinite Accelerator | 22 | 594 | 255 | 50k+ | | | Output is not escaped |
| #100 | ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF | 22 | 1,044 | 799 | 300k+ | | | Non-prefixed global variable |
