| #401 | WP Global Site Tag | 45 | 48 | 9 | 7k+ | | | Output is not escaped |
| #402 | Category AJAX Filter — Advanced Filter for Posts & Custom Post Types | 50 | 2 | 435 | 6k+ | | | Non-prefixed global variable |
| #403 | AVIF Uploader | 51 | 50 | 44 | 4k+ | | | Missing Arg Domain |
| #404 | Firelight Lightbox | 51 | 78 | 97 | 200k+ | | | Non-prefixed global variable |
| #405 | aBlocks – Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & Animation Builder | 54 | 8 | 382 | 2k+ | | | Non-prefixed global variable |
| #406 | Boostify Header Footer Builder for Elementor | 54 | 419 | 55 | 7k+ | | | Text Domain Mismatch |
| #407 | Helpie FAQ — Accordion, Docs & Knowledge Base | 54 | 96 | 89 | 9k+ | | | Nonce verification recommended |
| #408 | WP Call Button – Easy Click to Call Button for WordPress | 54 | 21 | 38 | 40k+ | | | Non-prefixed global variable |
| #409 | Semrush Content Toolkit | 55 | 22 | 24 | 2k+ | | | Non-prefixed global variable |
| #410 | ELEX WooCommerce Catalog Mode | 61 | 97 | 49 | 10k+ | | | Text Domain Mismatch |
| #411 | Qikink Print On Demand and DropShipping | 61 | 14 | 23 | 1k+ | | | Input is not validated |
| #412 | Contact Form to Chat Apps | Click to Chat to Order – FormyChat | 63 | 18 | 136 | 3k+ | | | Direct Query |
| #413 | ELEX WooCommerce Product Price Custom Text (Before & After Text) and Discount | 64 | 444 | 137 | 2k+ | | | Missing Arg Domain |
| #414 | WooCommerce Accepted Payment Methods | 66 | 28 | 4 | 2k+ | | | badly named files |
| #415 | Kraken.io Image Optimizer – Compress, Convert to WebP & AVIF, Resize & Bulk Optimize | 67 | 293 | 80 | 9k+ | | | Text Domain Mismatch |
| #416 | Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) | 69 | 33 | 368 | 200k+ | | | Direct Query |
| #417 | Patterns Kit | 69 | 182 | 5 | 3k+ | | | Missing direct file access protection |
| #418 | WP Bulk Delete | 69 | 7 | 44 | 100k+ | | | Non-prefixed hook name |
| #419 | Simple Post Notes | 70 | 5 | 16 | 9k+ | | | Request data is not unslashed |
| #420 | Responsive Blocks – Page Builder for Blocks & Patterns | 72 | 47 | 43 | 4k+ | | | badly named files |
| #421 | Wonder PDF Embed | 75 | 53 | 1 | 8k+ | | | badly named files |
| #422 | wp-forecast | 75 | 263 | 117 | 5k+ | | | Missing Arg Domain |
| #423 | YITH Slider for page builders | 75 | 13 | 22 | 1k+ | | | Nonce verification recommended |
| #424 | Change Mail Sender | 76 | 97 | 19 | 20k+ | | | Text Domain Mismatch |
| #425 | Hide Dashboard Notifications | 76 | 10 | 10 | 20k+ | | | Output is not escaped |
| #426 | Simple Floating Menu | 77 | 13 | 3 | 10k+ | | | Missing direct file access protection |
| #427 | RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator | 78 | 31 | 276 | 40k+ | | | Non-prefixed global variable |
| #428 | WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map by aBlocks | 79 | 6 | 10 | 20k+ | | | trademarked term |
| #429 | Joinchat – Enhanced "click to chat" | 81 | 18 | 32 | 700k+ | | | wp function not compatible with requires wp |
| #430 | GSheetConnector for Elementor Forms – Sync Elementor Forms to Google Sheets | 81 | 11 | 12 | 9k+ | | | Non-prefixed global variable |
| #431 | LoftLoader | 81 | 17 | 19 | 70k+ | | | Missing direct file access protection |
| #432 | Appointment Bookings for Zoom GoogleMeet and more – Wappointment | 81 | 22 | 52 | 1k+ | | | Non-prefixed class |
| #433 | Make Disable Admin Email Verification Prompt| Aims Infosoft | 83 | 10 | 4 | 2k+ | | | Text Domain Mismatch |
| #434 | SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster | 84 | 9 | 17 | 8k+ | | | Non-prefixed class |
| #435 | Notifima – WooCommerce Stock Manager, Inventory Management, Waitlist | 85 | 130 | 40 | 3k+ | | | Text Domain Mismatch |
| #436 | PayPal Enterprise Payments (formerly Braintree) for WooCommerce | 86 | 3 | 33 | 10k+ | | | Direct Query |
| #437 | WPGet API – Connect to any external REST API | 89 | 15 | 19 | 10k+ | | | Missing direct file access protection |
| #438 | Beehive Analytics – Google Analytics Dashboard | 90 | 611 | 22 | 20k+ | | | Text Domain Mismatch |
| #439 | Payment Forms for Paystack | 90 | 494 | 23 | 3k+ | | | Text Domain Mismatch |
| #440 | Slider by Soliloquy – Responsive Image Slider for WordPress | 90 | 470 | 29 | 30k+ | | | Text Domain Mismatch |
| #441 | Icegram Engage – Popups, Optins, CTAs & Lead Generation | 91 | 14 | 10 | 10k+ | | | wp function not compatible with requires wp |
| #442 | Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More | 92 | 17 | 65 | 100k+ | | | Non-prefixed global variable |
| #443 | External Links – nofollow, noopener & new window | 93 | 24 | 67 | 90k+ | | | Non-prefixed global variable |
| #444 | Cool FormKit Lite – Advanced Form Builder for Elementor | 94 | 5 | 24 | 20k+ | | | Non-prefixed constant |
| #445 | Prevent Files / Folders Access | 94 | 100 | 3 | 1k+ | | | wp function not compatible with requires wp |
| #446 | Telephone field for Elementor Forms | 94 | 115 | 6 | 4k+ | | | wp function not compatible with requires wp |
| #447 | WP Sync for Notion – Notion to WordPress | 94 | 14 | 47 | 1k+ | | | Non-prefixed hook name |
| #448 | Ghost Kit – Page Builder Blocks, Motion Effects & Extensions | 95 | 17 | 60 | 7k+ | | | Non-prefixed hook name |
| #449 | PDF Viewer Block for Gutenberg | 95 | 39 | 3 | 10k+ | | | badly named files |
| #450 | Prevent Direct Access – Protect WordPress Files | 96 | 4 | 26 | 10k+ | | | Non-prefixed constant |
