| #201 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | | | Missing Translators Comment |
| #202 | WP STAGING – WordPress Backup, Restore & Migration | 23 | 1,414 | 1,327 | 100k+ | | | Non-prefixed global variable |
| #203 | Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form | 23 | 419 | 542 | 2k+ | | | Non-prefixed global variable |
| #204 | WP Ultimate CSV Importer – WordPress Import & Export for CSV, XML & Excel | 23 | 1,119 | 3,516 | 20k+ | | | Interpolated SQL is not prepared |
| #205 | WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress | 23 | 4,376 | 890 | 20k+ | | | Output is not escaped |
| #206 | WPMobile.App | 23 | 2,983 | 1,527 | 3k+ | | | Output is not escaped |
| #207 | Comments – wpDiscuz | 23 | 620 | 1,180 | 70k+ | | | Non-prefixed global variable |
| #208 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress | 23 | 2,317 | 1,714 | 5k+ | | | Output is not escaped |
| #209 | 404 Solution | 24 | 479 | 1,333 | 10k+ | | | Non-prefixed class |
| #210 | A2 Optimized WP – Turbocharge and secure your WordPress site | 24 | 271 | 231 | 60k+ | | | Missing Arg Domain |
| #211 | AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress | 24 | 5,230 | 1,464 | 7k+ | | | Output is not escaped |
| #212 | Ad Inserter – Ad Manager & AdSense Ads | 24 | 4,241 | 811 | 300k+ | | | Output is not escaped |
| #213 | Advanced iFrame | 24 | 887 | 1,120 | 40k+ | | | Non-prefixed global variable |
| #214 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | | | Non-prefixed global variable |
| #215 | Starter Templates – AI-Powered Templates for Elementor & Gutenberg | 24 | 125 | 396 | 1m+ | | | Non-prefixed hook name |
| #216 | AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress | 24 | 1,705 | 1,393 | 7k+ | | | Text Domain Mismatch |
| #217 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | | | Non-prefixed global variable |
| #218 | Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces | 24 | 2,248 | 3,338 | 10k+ | | | slow db query meta key |
| #219 | Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More | 24 | 342 | 930 | 6k+ | | | Non-prefixed global variable |
| #220 | Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News | 24 | 699 | 1,693 | 30k+ | | | Non-prefixed global variable |
| #221 | Branda – White Label & Branding, Free Login Page Customizer | 24 | 3,174 | 820 | 20k+ | | | Text Domain Mismatch |
| #222 | Buttonizer – Floating Menus, Sticky Buttons, & Popup Builder | 24 | 576 | 1,344 | 70k+ | | | Non-prefixed global variable |
| #223 | Calculated Fields Form | 24 | 282 | 599 | 40k+ | | | Non-prefixed global variable |
| #224 | Message Filter for Contact Form 7 | 24 | 1,057 | 1,594 | 1k+ | | | Non-prefixed global variable |
| #225 | Smart Online Order for Clover | 24 | 1,746 | 1,246 | 1k+ | | | Text Domain Mismatch |
| #226 | CM Pop-Up – Create engaging popups to capture attention and boost interaction | 24 | 466 | 408 | 8k+ | | | Output is not escaped |
| #227 | Complianz – GDPR/CCPA Cookie Consent | 24 | 487 | 403 | 1m+ | | | Missing Arg Domain |
| #228 | Contact Form by Supsystic | 24 | 1,913 | 633 | 6k+ | | | Non Singular String Literal Domain |
| #229 | WPBot – ChatBot Conversational Forms | 24 | 1,254 | 1,226 | 2k+ | | | Text Domain Mismatch |
| #230 | Custom Twitter Feeds – A Tweets Widget or X Feed Widget | 24 | 446 | 922 | 100k+ | | | Output is not escaped |
| #231 | WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) | 24 | 845 | 2,665 | 4k+ | | | Non-prefixed global variable |
| #232 | Democracy Poll | 24 | 388 | 425 | 7k+ | | | Short PHP open tag found |
| #233 | EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more | 24 | 668 | 1,560 | 100k+ | | | Output is not escaped |
| #234 | Enable Media Replace | 24 | 214 | 276 | 600k+ | | | Output is not escaped |
| #235 | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | 24 | 112 | 632 | 200k+ | | | Non-prefixed global variable |
| #236 | Event Tickets and Registration | 24 | 3,415 | 4,210 | 90k+ | | | Non-prefixed global variable |
| #237 | Fast Velocity Minify | 24 | 282 | 256 | 40k+ | | | Unsafe printing function |
| #238 | Featured Image from URL (FIFU) | 24 | 1,654 | 418 | 70k+ | | | Non Singular String Literal Domain |
| #239 | FeedWordPress | 24 | 496 | 319 | 9k+ | | | Missing Arg Domain |
| #240 | Fix Alt Text | 24 | 544 | 346 | 1k+ | | | Non Singular String Literal Domain |
| #241 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | 24 | 826 | 1,314 | 600k+ | | | Non-prefixed global variable |
| #242 | Photo Gallery – Responsive Image Galleries by Supsystic | 24 | 240 | 91 | 20k+ | | | Text Domain Mismatch |
| #243 | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | 24 | 3,410 | 866 | 70k+ | | | Text Domain Mismatch |
| #244 | InstaWP Connect – 1-click WP Staging & Migration | 24 | 253 | 811 | 40k+ | | | Non-prefixed global variable |
| #245 | Joli Table Of Contents | 24 | 653 | 1,755 | 7k+ | | | Non-prefixed global variable |
| #246 | Koko Analytics – Privacy-Friendly WordPress Analytics | 24 | 161 | 280 | 60k+ | | | Short PHP open tag found |
| #247 | LearnPress – Backup & Migration Tool | 24 | 385 | 469 | 5k+ | | | Output is not escaped |
| #248 | Event Booking Manager for WooCommerce | 24 | 968 | 2,122 | 7k+ | | | Non-prefixed global variable |
| #249 | Mailchimp for WooCommerce | 24 | 523 | 663 | 200k+ | | | Non-prefixed global variable |
| #250 | Mailjet Email Marketing | 24 | 435 | 206 | 10k+ | | | Unsafe printing function |
