| #51 | PixelYourSite – Your smart PIXEL (TAG) & API Manager | 24 | 1,160 | 2,407 | 500k+ | | | Non-prefixed namespace |
| #52 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 769 | 30k+ | | | Output is not escaped |
| #53 | Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin | 24 | 938 | 2,935 | 200k+ | | | Non-prefixed global variable |
| #54 | Ultimate Product Catalog | 24 | 554 | 525 | 5k+ | | | Unsafe printing function |
| #55 | Unlimited Elements For Elementor | 24 | 710 | 2,093 | 300k+ | | | Non-prefixed global variable |
| #56 | User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 24 | 664 | 3,321 | 60k+ | | | Non-prefixed global variable |
| #57 | Vimeography: Vimeo Video Gallery WordPress Plugin | 24 | 98 | 212 | 5k+ | | | Nonce verification recommended |
| #58 | WP-Stateless – Google Cloud Storage | 24 | 1,036 | 482 | 4k+ | | | Non Singular String Literal Domain |
| #59 | WP User Manager – User Profile Builder & Membership | 24 | 787 | 539 | 10k+ | | | Exception output is not escaped |
| #60 | Cryptocurrency Payment Gateway | 25 | 1,963 | 589 | 400 | | | Text Domain Mismatch |
| #61 | Demo Importer Plus | 25 | 58 | 239 | 10k+ | | | Non-prefixed hook name |
| #62 | WEB-Translation – eTranslation Multilingual | 25 | 217 | 1,057 | 400 | | | Non-prefixed function |
| #63 | 胖鼠采集(Fat Rat Collect) | 25 | 630 | 190 | 900 | | | Missing Arg Domain |
| #64 | Gallery Images Ape | 25 | 588 | 341 | 1k+ | | | Output is not escaped |
| #65 | WPBruiser {no- Captcha anti-Spam} | 25 | 646 | 259 | 10k+ | | | Non Singular String Literal Domain |
| #66 | Knit Pay – Cashfree, Instamojo, Razorpay, PayPal and more | 25 | 4,019 | 1,265 | 2k+ | | | Text Domain Mismatch |
| #67 | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | 25 | 4,675 | 1,455 | 5k+ | | | Text Domain Mismatch |
| #68 | Smart Manager – Advanced WooCommerce Bulk Edit & Inventory Management | 25 | 366 | 923 | 10k+ | | | SQL query is not prepared |
| #69 | TranslatePress – Translate Multilingual sites with AI Translation | 25 | 452 | 1,541 | 400k+ | | | Non-prefixed hook name |
| #70 | weForms – Easy Drag & Drop Contact Form Builder For WordPress | 25 | 916 | 450 | 10k+ | | | Output is not escaped |
| #71 | Pay with Vipps and MobilePay for WooCommerce | 25 | 846 | 514 | 5k+ | | | Output is not escaped |
| #72 | WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards | 25 | 1,431 | 1,270 | 10k+ | | | Output is not escaped |
| #73 | WP Statistics – Simple, privacy-friendly Google Analytics alternative | 25 | 610 | 2,465 | 600k+ | | | Non-prefixed global variable |
| #74 | AfterShip Tracking – All-In-One WooCommerce Order Tracking (Free plan available) | 26 | 286 | 291 | 8k+ | | | Text Domain Mismatch |
| #75 | AI Content Writing Assistant | 26 | 1,069 | 516 | 700 | | | Text Domain Mismatch |
| #76 | FlagShip WooCommerce Shipping | 26 | 495 | 188 | 400 | | | Non Singular String Literal Domain |
| #77 | StoreGrowth: Smart Sales Booster for WooCommerce | BOGO, Upsells, Direct Checkout, Quick View, Side Cart | 26 | 125 | 420 | 2k+ | | | Non-prefixed global variable |
| #78 | XL NMI Gateway for WooCommerce | 26 | 695 | 436 | 1k+ | | | Text Domain Mismatch |
| #79 | Faktur Pro for WooCommerce | 26 | 416 | 218 | 1k+ | | | Text Domain Mismatch |
| #80 | Lean Player – Video and Audio Player with Playlist for WordPress, Elementor and Gutenberg | 27 | 1,616 | 463 | 2k+ | | | Text Domain Mismatch |
| #81 | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin | 27 | 122 | 135 | 3k+ | | | Non-prefixed global variable |
| #82 | Gravity Forms + Stripe | 27 | 368 | 210 | 600 | | | Output is not escaped |
| #83 | PublishPress Permissions: Control User Access for Posts, Pages, Categories, Tags | 27 | 424 | 323 | 10k+ | | | Missing Translators Comment |
| #84 | Shipit | 27 | 371 | 209 | 400 | | | Text Domain Mismatch |
| #85 | Ultimate FAQ Accordion Plugin | 28 | 386 | 227 | 30k+ | | | Unsafe printing function |
| #86 | Bitcoin Payments – Blockonomics | 29 | 208 | 227 | 3k+ | | | Output is not escaped |
| #87 | Login Me Now – Passwordless, Magic Link, OTP & Social Login for WordPress | 29 | 86 | 233 | 500 | | | Nonce verification recommended |
| #88 | SamedayCourier Shipping | 29 | 336 | 269 | 4k+ | | | Non Singular String Literal Domain |
| #89 | Custom Post Types and Custom Fields creator – WCK | 29 | 1,300 | 143 | 10k+ | | | Text Domain Mismatch |
| #90 | PiWeb Export Customers Users & Guest customer to CSV for WooCommerce | 30 | 173 | 75 | 1k+ | | | Text Domain Mismatch |
| #91 | Checkout with Cash App on WooCommerce | 30 | 122 | 308 | 2k+ | | | Non-prefixed global variable |
| #92 | remarketable | 30 | 281 | 93 | 600 | | | Output is not escaped |
| #93 | WP Helper Premium | 30 | 635 | 131 | 1k+ | | | Text Domain Mismatch |
| #94 | ActiveCampaign – The autonomous marketing platform | 31 | 235 | 98 | 40k+ | | | Output is not escaped |
| #95 | CashBill.pl – Płatności WooCommerce | 31 | 181 | 101 | 900 | | | Output is not escaped |
| #96 | Mailgun for WordPress | 31 | 144 | 78 | 80k+ | | | Unsafe printing function |
| #97 | Tooltips for WordPress | 31 | 312 | 252 | 5k+ | | | Output is not escaped |
| #98 | WP Visitor Statistics (Real Time Traffic) | 31 | 353 | 691 | 20k+ | | | Nonce verification recommended |
| #99 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | 32 | 396 | 142 | 20k+ | | | Output is not escaped |
| #100 | TS Poll – Survey, Versus Poll, Image Poll, Video Poll | 32 | 570 | 171 | 4k+ | | | Text Domain Mismatch |
