| #151 | Download Manager | 22 | 2,290 | 1,301 | 100k+ | | | Output is not escaped |
| #152 | Diverse Solutions IDX Real Estate Listings & MLS Search | 22 | 745 | 605 | 1k+ | | | Heredoc Output Not Escaped |
| #153 | E2Pdf – Export Pdf Tool for WordPress | 22 | 1,075 | 836 | 10k+ | | | Unsafe printing function |
| #154 | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | 22 | 1,567 | 1,277 | 30k+ | | | Non-prefixed global variable |
| #155 | easyReservations | 22 | 5,307 | 2,480 | 800 | | | Text Domain Mismatch |
| #156 | Estatik Real Estate Plugin | 22 | 3,049 | 325 | 10k+ | | | Text Domain Mismatch |
| #157 | Events Maker by dFactory | 22 | 588 | 819 | 1k+ | | | Output is not escaped |
| #158 | Events Manager – Calendar, Bookings, Tickets, and more! | 22 | 4,722 | 5,621 | 70k+ | | | Output is not escaped |
| #159 | Falang multilanguage for WordPress | 22 | 716 | 769 | 1k+ | | | Output is not escaped |
| #160 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | 22 | 1,031 | 451 | 4k+ | | | Output is not escaped |
| #161 | Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar | 22 | 1,321 | 1,371 | 3k+ | | | Non-prefixed global variable |
| #162 | Five Star Restaurant Menu and Food Ordering | 22 | 752 | 609 | 5k+ | | | Output is not escaped |
| #163 | FunnelKit Payment Gateway for Stripe WooCommerce | 22 | 244 | 321 | 20k+ | | | Input is not sanitized |
| #164 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,466 | 3,972 | 10k+ | | | Output is not escaped |
| #165 | Gutenberg | 22 | 628 | 342 | 300k+ | | | Missing direct file access protection |
| #166 | Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms | 22 | 1,037 | 722 | 20k+ | | | Unsafe printing function |
| #167 | HeadSpace2 SEO | 22 | 940 | 360 | 3k+ | | | Text Domain Mismatch |
| #168 | Hesabfa Accounting | 22 | 467 | 718 | 400 | | | Text Domain Mismatch |
| #169 | History Log by click5 | 22 | 675 | 1,290 | 400 | | | Direct Query |
| #170 | Csomagpontok és Címkék WooCommerce-hez | 22 | 2,001 | 769 | 7k+ | | | Text Domain Mismatch |
| #171 | IMPress for IDX Broker | 22 | 1,085 | 636 | 7k+ | | | Text Domain Mismatch |
| #172 | Számlázz.hu integráció WooCommerce-hez | 22 | 1,169 | 460 | 7k+ | | | Text Domain Mismatch |
| #173 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | | | Exception output is not escaped |
| #174 | Import WP – Export and Import CSV and XML files to WordPress | 22 | 580 | 330 | 4k+ | | | Exception output is not escaped |
| #175 | JCC Payment Gateway for Woocommerce | 22 | 2,273 | 1,136 | 600 | | | Text Domain Mismatch |
| #176 | Jim Soft Swiss QR Invoice | 22 | 263 | 392 | 400 | | | Non-prefixed global variable |
| #177 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,346 | 3,341 | 70k+ | | | Non-prefixed global variable |
| #178 | Leyka | 22 | 253 | 3,445 | 2k+ | | | Request data is not unslashed |
| #179 | Custom Login Page Customizer – Login Designer | 22 | 588 | 1,455 | 30k+ | | | Non-prefixed global variable |
| #180 | Mail Baby SMTP | 22 | 385 | 699 | 600 | | | SQL query is not prepared |
| #181 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,619 | 2,453 | 10k+ | | | Output is not escaped |
| #182 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution | 22 | 1,131 | 1,844 | 800 | | | Non-prefixed global variable |
| #183 | Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | 22 | 207 | 323 | 500k+ | | | Non-prefixed global variable |
| #184 | Molongui Authorship – Author Boxes, Guest Authors & Co-Authors for WordPress | 22 | 919 | 1,230 | 10k+ | | | Output is not escaped |
| #185 | Moloni | 22 | 902 | 356 | 2k+ | | | Missing Arg Domain |
| #186 | Motors – Car Dealership & Classified Listings Plugin | 22 | 5,340 | 5,958 | 9k+ | | | Text Domain Mismatch |
| #187 | myCred Toolkit with AI Assistant – Scale Your Loyalty & Gamification Rewards With Integrations | 22 | 1,588 | 1,172 | 400 | | | Output is not escaped |
| #188 | Newsletters | 22 | 2,968 | 2,248 | 2k+ | | | Text Domain Mismatch |
| #189 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,266 | 2,059 | 100k+ | | | Non-prefixed global variable |
| #190 | WP OAuth Server (OAuth Authentication) | 22 | 189 | 347 | 3k+ | | | Non-prefixed function |
| #191 | oik | 22 | 489 | 180 | 2k+ | | | Non Singular String Literal Domain |
| #192 | PagBank / PagSeguro Connect para WooCommerce | 22 | 504 | 743 | 4k+ | | | Non-prefixed global variable |
| #193 | PAYCOMET for WooCommerce | 22 | 1,206 | 423 | 2k+ | | | Text Domain Mismatch |
| #194 | PDF Builder for WPForms | 22 | 321 | 266 | 900 | | | SQL query is not prepared |
| #195 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | | | Non Singular String Literal Domain |
| #196 | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | 22 | 1,581 | 2,326 | 300k+ | | | Non-prefixed global variable |
| #197 | Prime Mover – Migrate WordPress Website & Backups | 22 | 1,326 | 1,600 | 10k+ | | | Non-prefixed global variable |
| #198 | Product Catalog Feed by PixelYourSite | 22 | 581 | 357 | 8k+ | | | Output is not escaped |
| #199 | PageSpeed Ninja – Cache, Minify, Defer CSS JavaScript, Critical CSS, Optimize Images, Convert WebP | 22 | 984 | 407 | 5k+ | | | Unsafe printing function |
| #200 | Quick Contact Form | 22 | 260 | 623 | 1k+ | | | Non-prefixed function |
