| #51 | Accept Stripe Payments | 21 | 373 | 882 | 20k+ | | | Missing nonce verification |
| #52 | TotalPoll for Polls and Contests | 21 | 1,366 | 155 | 1k+ | | | Text Domain Mismatch |
| #53 | Revive Social – Social Media Auto Post and Scheduling Automation Plugin | 21 | 255 | 425 | 20k+ | | | Non-prefixed hook name |
| #54 | UPC/EAN/GTIN Barcode Generator/Importer | 21 | 776 | 311 | 500 | | | Exception output is not escaped |
| #55 | Buckaroo Woocommerce Payments Plugin | 21 | 584 | 326 | 2k+ | | | Exception output is not escaped |
| #56 | WebP Express | 21 | 160 | 427 | 300k+ | | | Non-prefixed global variable |
| #57 | Paysera Payment Gateway for WooCommerce | 21 | 1,866 | 195 | 7k+ | | | Exception output is not escaped |
| #58 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | | | Output is not escaped |
| #59 | WP Compress – Instant Performance & Speed Optimization | 21 | 3,349 | 3,218 | 10k+ | | | Non Singular String Literal Domain |
| #60 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | | | Missing Arg Domain |
| #61 | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin | 21 | 1,811 | 1,432 | 70k+ | | | Output is not escaped |
| #62 | WebTotem Security | 21 | 1,110 | 213 | 900 | | | Text Domain Mismatch |
| #63 | Better Messages – Chat Rooms, Group Chat, Private Messages & AI Chat Bots | 22 | 1,604 | 2,019 | 10k+ | | | Direct Query |
| #64 | Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms | 22 | 493 | 295 | 10k+ | | | Text Domain Mismatch |
| #65 | Accept PayPal Payments using Contact Form 7 | 22 | 359 | 127 | 600 | | | Text Domain Mismatch |
| #66 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 22 | 3,654 | 5,061 | 8k+ | | | Non-prefixed global variable |
| #67 | SysBasics Customize My Account for WooCommerce – Live My Account Customizer | 22 | 742 | 852 | 8k+ | | | Non-prefixed global variable |
| #68 | Data Tables Generator by Supsystic | 22 | 157 | 150 | 10k+ | | | Exception output is not escaped |
| #69 | Database Access with Adminer | 22 | 983 | 2,553 | 1k+ | | | Non-prefixed global variable |
| #70 | Download Manager | 22 | 2,290 | 1,301 | 100k+ | | | Output is not escaped |
| #71 | Diverse Solutions IDX Real Estate Listings & MLS Search | 22 | 745 | 605 | 1k+ | | | Heredoc Output Not Escaped |
| #72 | Events Maker by dFactory | 22 | 588 | 819 | 1k+ | | | Output is not escaped |
| #73 | File Manager Pro – Filester | 22 | 565 | 391 | 100k+ | | | Request data is not unslashed |
| #74 | Five Star Restaurant Menu and Food Ordering | 22 | 752 | 609 | 5k+ | | | Output is not escaped |
| #75 | FunnelKit Payment Gateway for Stripe WooCommerce | 22 | 244 | 321 | 20k+ | | | Input is not sanitized |
| #76 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,466 | 3,972 | 10k+ | | | Output is not escaped |
| #77 | Heureka | 22 | 557 | 254 | 400 | | | Exception output is not escaped |
| #78 | Insert or Embed Articulate Content into WordPress | 22 | 659 | 1,437 | 2k+ | | | Non-prefixed global variable |
| #79 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | | | Exception output is not escaped |
| #80 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,361 | 3,384 | 70k+ | | | Non-prefixed global variable |
| #81 | Mail Baby SMTP | 22 | 385 | 699 | 600 | | | SQL query is not prepared |
| #82 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,619 | 2,453 | 10k+ | | | Output is not escaped |
| #83 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution | 22 | 1,131 | 1,844 | 800 | | | Non-prefixed global variable |
| #84 | Moloni | 22 | 902 | 356 | 2k+ | | | Missing Arg Domain |
| #85 | Newsletters | 22 | 2,968 | 2,248 | 2k+ | | | Text Domain Mismatch |
| #86 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | | | Non-prefixed global variable |
| #87 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | | | Non Singular String Literal Domain |
| #88 | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | 22 | 1,581 | 2,326 | 300k+ | | | Non-prefixed global variable |
| #89 | PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP | 22 | 984 | 407 | 5k+ | | | Unsafe printing function |
| #90 | Quick Contact Form | 22 | 260 | 623 | 1k+ | | | Non-prefixed function |
| #91 | Slim Jetpack | 22 | 2,586 | 1,947 | 2k+ | | | Text Domain Mismatch |
| #92 | SNS Count Cache | 22 | 918 | 120 | 8k+ | | | Non Singular String Literal Domain |
| #93 | NextScripts: Social Networks Auto-Poster | 22 | 2,408 | 1,133 | 30k+ | | | Output is not escaped |
| #94 | SportsPress – Sports Club & League Manager | 22 | 460 | 2,242 | 10k+ | | | Non-prefixed global variable |
| #95 | Swift Performance Lite | 22 | 2,346 | 1,325 | 7k+ | | | Text Domain Mismatch |
| #96 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | 22 | 225 | 519 | 8k+ | | | error log error log |
| #97 | Customize Feeds for Twitter | 22 | 92 | 171 | 4k+ | | | Non-prefixed global variable |
| #98 | Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links | 22 | 1,044 | 1,797 | 20k+ | | | Non-prefixed global variable |
| #99 | UpStream: a Project Management Plugin for WordPress | 22 | 683 | 703 | 600 | | | Non-prefixed global variable |
| #100 | URL Shortify – Simple and Easy URL Shortener | 22 | 1,520 | 2,689 | 10k+ | | | Non-prefixed global variable |
