| #101 | Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent | 22 | 225 | 519 | 8k+ | | | error log error log |
| #102 | Customize Feeds for Twitter | 22 | 92 | 171 | 4k+ | | | Non-prefixed global variable |
| #103 | Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links | 22 | 1,044 | 1,797 | 20k+ | | | Non-prefixed global variable |
| #104 | UpStream: a Project Management Plugin for WordPress | 22 | 683 | 703 | 600 | | | Non-prefixed global variable |
| #105 | URL Shortify – Simple and Easy URL Shortener | 22 | 1,520 | 2,689 | 10k+ | | | Non-prefixed global variable |
| #106 | Welcart e-Commerce | 22 | 10,378 | 10,931 | 10k+ | | | Text Domain Mismatch |
| #107 | WCFM Marketplace – Multivendor Marketplace for WooCommerce | 22 | 1,934 | 1,966 | 10k+ | | | Non-prefixed global variable |
| #108 | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | 22 | 559 | 675 | 10k+ | | | Non-prefixed global variable |
| #109 | CoDesigner – All in One Elementor WooCommerce Builder | 22 | 4,131 | 774 | 5k+ | | | Text Domain Mismatch |
| #110 | Simple Shopping Cart | 22 | 796 | 536 | 10k+ | | | Unsafe printing function |
| #111 | ManageWP Worker | 22 | 507 | 565 | 1m+ | | | Non-prefixed class |
| #112 | WP Express Checkout (Fast Payments via PayPal & Stripe) | 22 | 591 | 627 | 1k+ | | | Output is not escaped |
| #113 | File Manager | 22 | 740 | 520 | 1m+ | | | Unsafe printing function |
| #114 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 918 | 916 | 70k+ | | | Exception output is not escaped |
| #115 | AidWP – Donation & Payment Forms (Stripe Powered) | 22 | 1,317 | 1,675 | 800 | | | Non-prefixed global variable |
| #116 | YaySMTP – WP Mail SMTP with Email Logs, Tracking & Reports | 22 | 654 | 435 | 10k+ | | | Exception output is not escaped |
| #117 | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | 23 | 1,185 | 1,027 | 1k+ | | | Text Domain Mismatch |
| #118 | AI Engine – The Chatbot, AI Framework & MCP for WordPress | 23 | 412 | 539 | 100k+ | | | error log error log |
| #119 | Affiliate Super Assistent | 23 | 1,280 | 267 | 2k+ | | | Text Domain Mismatch |
| #120 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | | | Missing Translators Comment |
| #121 | Geo Controller | 23 | 91 | 450 | 1k+ | | | Non-prefixed global variable |
| #122 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | | | Non-prefixed global variable |
| #123 | Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor) | 23 | 306 | 587 | 100k+ | | | Dynamic hook name |
| #124 | Double Opt-In for Contact Form 7 & Avada – Secure, GDPR-Compliant Email Verification | 23 | 675 | 643 | 1k+ | | | Unsafe printing function |
| #125 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | | | Non-prefixed namespace |
| #126 | Ezoic | 23 | 432 | 516 | 10k+ | | | Output is not escaped |
| #127 | Flexmls® IDX Plugin | 23 | 1,268 | 957 | 1k+ | | | Output is not escaped |
| #128 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | | | Non Singular String Literal Domain |
| #129 | GAinWP Google Analytics Integration for WordPress | 23 | 525 | 176 | 8k+ | | | Output is not escaped |
| #130 | RealHomes Memberships | 23 | 516 | 264 | 1k+ | | | Non Singular String Literal Domain |
| #131 | IP Geo Block | 23 | 399 | 589 | 9k+ | | | Output is not escaped |
| #132 | Joli FAQ SEO – WordPress FAQ Plugin | 23 | 1,083 | 1,526 | 700 | | | Non-prefixed global variable |
| #133 | Justified Gallery | 23 | 589 | 1,417 | 8k+ | | | Non-prefixed global variable |
| #134 | License Manager for WooCommerce | 23 | 129 | 819 | 6k+ | | | Request data is not unslashed |
| #135 | Like Button Rating ♥ LikeBtn | 23 | 1,231 | 617 | 4k+ | | | Unsafe printing function |
| #136 | Locatoraid Store Locator | 23 | 318 | 645 | 1k+ | | | Non-prefixed global variable |
| #137 | MailPoet – Newsletters, Email Marketing, and Automation | 23 | 931 | 719 | 500k+ | | | Exception output is not escaped |
| #138 | MasterStudy LMS WordPress Plugin – for Online Courses and Education | 23 | 1,419 | 4,875 | 10k+ | | | Non-prefixed global variable |
| #139 | Media Library Assistant | 23 | 1,144 | 3,943 | 70k+ | | | Nonce verification recommended |
| #140 | Order Bump for WooCommerce | 23 | 1,720 | 1,562 | 600 | | | Output is not escaped |
| #141 | MotoPress Appointment Booking | 23 | 2,362 | 857 | 2k+ | | | Text Domain Mismatch |
| #142 | Restaurant Menu and Food Ordering | 23 | 385 | 853 | 2k+ | | | Non-prefixed global variable |
| #143 | MStore API – Create Native Android & iOS Apps On The Cloud | 23 | 618 | 764 | 3k+ | | | SQL query is not prepared |
| #144 | MultiParcels Shipping For WooCommerce | 23 | 179 | 356 | 4k+ | | | Request data is not unslashed |
| #145 | MyWorks Sync for WooCommerce & QuickBooks Online | 23 | 2,292 | 9,101 | 5k+ | | | Non-prefixed global variable |
| #146 | Next Active Directory Integration | 23 | 683 | 284 | 2k+ | | | Exception output is not escaped |
| #147 | NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization | 23 | 316 | 639 | 100k+ | | | Output is not escaped |
| #148 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | | | Missing nonce verification |
| #149 | Photo Gallery by 10Web – Mobile-Friendly Image Gallery | 23 | 4,159 | 1,553 | 100k+ | | | Output is not escaped |
| #150 | AI Popup | 23 | 1,224 | 636 | 400 | | | Text Domain Mismatch |