| #151 | EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more | 24 | 669 | 1,550 | 100k+ | | | Output is not escaped |
| #152 | Event Tickets and Registration | 24 | 3,415 | 4,210 | 90k+ | | | Non-prefixed global variable |
| #153 | FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution | 24 | 193 | 747 | 80k+ | | | Direct Query |
| #154 | Football Pool | 24 | 1,085 | 733 | 1k+ | | | Output is not escaped |
| #155 | Forminator Forms – Contact Form, Payment Form & Custom Form Builder | 24 | 826 | 1,314 | 600k+ | | | Non-prefixed global variable |
| #156 | FV Player 8 | 24 | 323 | 1,383 | 1k+ | | | Non-prefixed function |
| #157 | Photo Gallery – Responsive Image Galleries by Supsystic | 24 | 240 | 91 | 20k+ | | | Text Domain Mismatch |
| #158 | GEO my WP | 24 | 554 | 2,089 | 3k+ | | | Non-prefixed hook name |
| #159 | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | 24 | 118 | 442 | 300k+ | | | Nonce verification recommended |
| #160 | Simple Calendar – Google Calendar Plugin | 24 | 2,035 | 591 | 50k+ | | | Missing direct file access protection |
| #161 | Easy Google Maps | 24 | 1,764 | 389 | 20k+ | | | Non Singular String Literal Domain |
| #162 | Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN | 24 | 3,410 | 866 | 70k+ | | | Text Domain Mismatch |
| #163 | Social Slider Feed – Social Media Feed & Gallery Widgets | 24 | 929 | 707 | 20k+ | | | Non-prefixed global variable |
| #164 | LatePoint – Calendar Booking Plugin for Appointments and Events | 24 | 1,841 | 937 | 100k+ | | | Output is not escaped |
| #165 | Mailchimp for WooCommerce | 24 | 523 | 663 | 200k+ | | | Non-prefixed global variable |
| #166 | Newsletter – Send awesome emails from WordPress | 24 | 898 | 2,214 | 200k+ | | | Non-prefixed global variable |
| #167 | Simple Newsletter Plugin – Noptin | 24 | 66 | 591 | 10k+ | | | Non-prefixed global variable |
| #168 | NEX-Forms – Ultimate Forms Plugin for WordPress | 24 | 2,008 | 1,195 | 6k+ | | | Text Domain Mismatch |
| #169 | Pagar.me para WooCommerce | 24 | 549 | 116 | 5k+ | | | Text Domain Mismatch |
| #170 | Page Builder: Pagelayer – Drag and Drop website builder | 24 | 769 | 556 | 400k+ | | | Output is not escaped |
| #171 | PDF Generator for WordPress Elementor | 24 | 513 | 271 | 1k+ | | | Exception output is not escaped |
| #172 | Product Catalog Simple | 24 | 1,555 | 1,982 | 1k+ | | | Output is not escaped |
| #173 | Product Editor Pro – WooCommerce Bulk Edit: Prices, Stock, Images, Titles, CSV Import & More | 24 | 2,154 | 4,833 | 1k+ | | | Non-prefixed global variable |
| #174 | Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors | 24 | 369 | 820 | 20k+ | | | Nonce verification recommended |
| #175 | ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization | 24 | 926 | 322 | 10k+ | | | Output is not escaped |
| #176 | SiteGuard WP Plugin | 24 | 362 | 345 | 500k+ | | | Output is not escaped |
| #177 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | 24 | 832 | 1,901 | 4k+ | | | Non-prefixed global variable |
| #178 | GEO Plugin by Squirrly SEO | 24 | 1,196 | 224 | 30k+ | | | Missing Translators Comment |
| #179 | Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform | 24 | 428 | 956 | 10k+ | | | Output is not escaped |
| #180 | Ultimate Addons for Beaver Builder – Lite | 24 | 2,751 | 486 | 20k+ | | | Text Domain Mismatch |
| #181 | Ultra Addons for Contact Form 7 | 24 | 1,538 | 460 | 60k+ | | | Text Domain Mismatch |
| #182 | Ultimate Maps by Supsystic | 24 | 1,034 | 374 | 10k+ | | | Non Singular String Literal Domain |
| #183 | Vimeography: Vimeo Video Gallery WordPress Plugin | 24 | 98 | 212 | 5k+ | | | Nonce verification recommended |
| #184 | Extra Fees for WooCommerce | 24 | 1,113 | 1,569 | 7k+ | | | Non-prefixed global variable |
| #185 | XT Floating Cart for WooCommerce | 24 | 1,249 | 2,023 | 4k+ | | | Non-prefixed global variable |
| #186 | pensopay Payments | 24 | 397 | 246 | 2k+ | | | Output is not escaped |
| #187 | Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers | 24 | 480 | 1,272 | 7k+ | | | Non-prefixed function |
| #188 | WP-Appbox | 24 | 418 | 390 | 2k+ | | | Missing Arg Domain |
| #189 | WP-Stateless – Google Cloud Storage | 24 | 1,036 | 482 | 4k+ | | | Non Singular String Literal Domain |
| #190 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software | 24 | 2,010 | 5,688 | 20k+ | | | Non-prefixed global variable |
| #191 | YITH WooCommerce Product Add-Ons | 24 | 460 | 2,069 | 20k+ | | | Non-prefixed global variable |
| #192 | Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & Automation | 24 | 1,211 | 3,152 | 30k+ | | | Non-prefixed global variable |
| #193 | Online Scheduling and Appointment Booking System – Bookly | 25 | 3,528 | 870 | 60k+ | | | Text Domain Mismatch |
| #194 | Broken Link Checker | 25 | 727 | 600 | 500k+ | | | Output is not escaped |
| #195 | PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus | 25 | 362 | 1,586 | 100k+ | | | Non-prefixed global variable |
| #196 | CheckoutWC Lite | 25 | 1,359 | 850 | 3k+ | | | Text Domain Mismatch |
| #197 | Conditional Payment Methods for WooCommerce | 25 | 548 | 1,398 | 1k+ | | | Non-prefixed global variable |
| #198 | Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | 25 | 554 | 982 | 200k+ | | | Output is not escaped |
| #199 | FunnelKit – Funnel Builder for WooCommerce Checkout | 25 | 3,164 | 2,624 | 30k+ | | | Text Domain Mismatch |
| #200 | GeekyBot — AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content | 25 | 87 | 863 | 6k+ | | | Non-prefixed global variable |
