| #251 | Multibanco / MB Way / Payshop / Cofidis Pay (by LUSOPAY) for WooCommerce | 25 | 492 | 216 | 400 | | | Text Domain Mismatch |
| #252 | All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements | 25 | 352 | 597 | 40k+ | | | Non-prefixed global variable |
| #253 | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | 25 | 257 | 400 | 40k+ | | | Non-prefixed hook name |
| #254 | PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin | 25 | 1,084 | 1,296 | 9k+ | | | Non-prefixed global variable |
| #255 | Plover Kit – Blocks, Patterns, Responsive Layout and Gutenberg Editor Enhancements | 25 | 685 | 1,382 | 3k+ | | | Non-prefixed global variable |
| #256 | Poll Maker by AYS – Versus Polls, Anonymous Polls, Image Polls | 25 | 488 | 1,412 | 7k+ | | | Non-prefixed global variable |
| #257 | Simple Link Directory – AI Powered | 25 | 133 | 420 | 2k+ | | | Non-prefixed global variable |
| #258 | Survey Maker by AYS | 25 | 567 | 2,397 | 6k+ | | | Non-prefixed global variable |
| #259 | Ultimate Blocks – 25+ Gutenberg Blocks for Block Editor | 25 | 691 | 1,581 | 50k+ | | | Non-prefixed global variable |
| #260 | Ultimate Bootstrap Elements for Elementor | 25 | 6,326 | 122 | 6k+ | | | Text Domain Mismatch |
| #261 | Ultimate Post Kit Addons for Elementor | 25 | 182 | 412 | 30k+ | | | Missing nonce verification |
| #262 | Social Media Share Buttons & Social Sharing Icons | 25 | 2,433 | 1,383 | 100k+ | | | Unsafe printing function |
| #263 | Social Share Icons & Social Share Buttons | 25 | 2,365 | 1,357 | 10k+ | | | Output is not escaped |
| #264 | Vayu Blocks – Website Builder for the Gutenberg Block Editor | 25 | 174 | 233 | 1k+ | | | Text Domain Mismatch |
| #265 | VikAppointments Services Booking Calendar | 25 | 9,753 | 5,207 | 500 | | | Output is not escaped |
| #266 | VikBooking Hotel Booking Engine & PMS | 25 | 13,244 | 8,314 | 8k+ | | | Output is not escaped |
| #267 | VikRentCar Car Rental Management System | 25 | 5,537 | 5,048 | 4k+ | | | Non-prefixed global variable |
| #268 | VikRestaurants Table Reservations and Take-Away | 25 | 11,644 | 4,932 | 600 | | | Output is not escaped |
| #269 | Product Customer List for WooCommerce | 25 | 610 | 1,334 | 9k+ | | | Non-prefixed global variable |
| #270 | weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | 25 | 279 | 518 | 4k+ | | | Non-prefixed global variable |
| #271 | weForms – Easy Drag & Drop Contact Form Builder For WordPress | 25 | 916 | 450 | 10k+ | | | Output is not escaped |
| #272 | Super Page Cache – Cloudflare Cache, Page Speed & Core Web Vitals | 25 | 137 | 353 | 60k+ | | | Input is not sanitized |
| #273 | WP Coupons and Deals – WordPress Coupon Plugin | 25 | 914 | 1,460 | 1k+ | | | Non-prefixed global variable |
| #274 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | | | Unsafe printing function |
| #275 | WP Time Slots Booking Form | 25 | 439 | 1,137 | 1k+ | | | Non-prefixed global variable |
| #276 | WPCargo Track & Trace | 25 | 239 | 557 | 10k+ | | | Non-prefixed global variable |
| #277 | Video Gallery – YouTube Gallery, Playlist & Video Grid | 25 | 275 | 1,066 | 2k+ | | | Non-prefixed hook name |
| #278 | Attesa Extra | 26 | 316 | 151 | 1k+ | | | Output is not escaped |
| #279 | Blog Floating Button | 26 | 705 | 240 | 9k+ | | | Output is not escaped |
| #280 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More | 26 | 97 | 270 | 10k+ | | | error log error log |
| #281 | Translate WordPress with ConveyThis – AI Multilingual Plugin | 26 | 159 | 297 | 1k+ | | | Non-prefixed global variable |
| #282 | CP Multi View Events Calendar | 26 | 86 | 439 | 1k+ | | | Non-prefixed global variable |
| #283 | Ibtana – WordPress Website Builder | 26 | 173 | 409 | 10k+ | | | Non-prefixed global variable |
| #284 | MakeStories (for Google Web Stories) | 26 | 117 | 416 | 600 | | | Nonce verification recommended |
| #285 | Hotel Booking | 26 | 690 | 940 | 4k+ | | | Unsafe printing function |
| #286 | Online Contact Widget-多合一在线客服插件 | 26 | 708 | 80 | 800 | | | Non Singular String Literal Domain |
| #287 | OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) | 26 | 272 | 576 | 6k+ | | | Request data is not unslashed |
| #288 | Organic Builder Widgets – Simple WordPress Page Builder | 26 | 1,034 | 125 | 4k+ | | | Output is not escaped |
| #289 | Portfolio by BestWebSoft – Work and Projects Presentation Plugin for WordPress | 26 | 525 | 240 | 600 | | | Text Domain Mismatch |
| #290 | Profile Extra Fields by BestWebSoft | 26 | 514 | 532 | 2k+ | | | Text Domain Mismatch |
| #291 | Send Users Email – Email Subscribers, Email Marketing Newsletter | 26 | 188 | 415 | 5k+ | | | Non-prefixed global variable |
| #292 | Subscriber by BestWebSoft | 26 | 550 | 376 | 900 | | | Text Domain Mismatch |
| #293 | Visitors Online by BestWebSoft | 26 | 512 | 269 | 1k+ | | | Text Domain Mismatch |
| #294 | Accordions – Responsive Accordion & FAQ Plugin for WordPress | 27 | 554 | 158 | 1k+ | | | Text Domain Mismatch |
| #295 | Arconix FAQ | 27 | 552 | 201 | 6k+ | | | Text Domain Mismatch |
| #296 | Polls CP | 27 | 399 | 500 | 400 | | | Output is not escaped |
| #297 | Custom Scrollbar | 27 | 184 | 191 | 2k+ | | | Output is not escaped |
| #298 | Cyrlitera – Transliteration of Links and File Names | 27 | 453 | 204 | 40k+ | | | Output is not escaped |
| #299 | Gallery – Photo Albums Plugin | 27 | 647 | 252 | 2k+ | | | Output is not escaped |
| #300 | iQ Block Country | 27 | 164 | 245 | 20k+ | | | Request data is not unslashed |