| #1 | WPtouch – Make your WordPress Website Mobile-Friendly | 17 | 1,466 | 325 | 50k+ | | Text Domain Mismatch |
| #2 | Shopping Cart & eCommerce Store | 18 | 5,459 | 17,298 | 4k+ | | Non-prefixed global variable |
| #3 | Event Organiser | 19 | 1,106 | 544 | 20k+ | | Text Domain Mismatch |
| #4 | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | 19 | 1,295 | 2,679 | 9k+ | | Output is not escaped |
| #5 | Razorpay Payment Button Plugin | 19 | 486 | 98 | 2k+ | | Exception output is not escaped |
| #6 | Realtyna Organic IDX plugin + WPL Real Estate | 19 | 947 | 3,653 | 2k+ | | Non-prefixed global variable |
| #7 | WP Email Template | 19 | 342 | 350 | 2k+ | | Exception output is not escaped |
| #8 | Brizy – Page Builder | 20 | 589 | 720 | 70k+ | | Output is not escaped |
| #9 | Nimble Page Builder | 20 | 1,591 | 1,684 | 30k+ | | Missing Arg Domain |
| #10 | Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts | 20 | 866 | 338 | 1k+ | | wp function not compatible with requires wp |
| #11 | Store Locator WordPress | 21 | 2,372 | 1,572 | 10k+ | | Text Domain Mismatch |
| #12 | Smart Grid-Layout Design for Contact Form 7 | 21 | 1,126 | 734 | 10k+ | | Output is not escaped |
| #13 | Comet Cache | 21 | 857 | 245 | 20k+ | | Output is not escaped |
| #14 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | | Output is not escaped |
| #15 | Eupago Gateway For Woocommerce | 21 | 612 | 320 | 2k+ | | Output is not escaped |
| #16 | FileOrganizer – WordPress File Manager | 21 | 536 | 241 | 200k+ | | unlink unlink |
| #17 | MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder | 21 | 1,133 | 3,011 | 2k+ | | Non-prefixed global variable |
| #18 | Five Star Restaurant Reservations – WordPress Booking Plugin | 21 | 1,099 | 1,147 | 10k+ | | Output is not escaped |
| #19 | Royal Addons for Elementor – Addons and Templates Kit for Elementor | 21 | 13,011 | 2,530 | 600k+ | | Text Domain Mismatch |
| #20 | Revive Social – Social Media Auto Post and Scheduling Automation Plugin | 21 | 255 | 425 | 20k+ | | Non-prefixed hook name |
| #21 | Advanced Form Integration — Connect Forms to 200+ Apps | 22 | 5,771 | 4,678 | 10k+ | | wp function not compatible with requires wp |
| #22 | Divi Carousel Lite – 17+ Carousel Module | 22 | 967 | 1,275 | 10k+ | | Non-prefixed global variable |
| #23 | RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login | 22 | 3,654 | 5,061 | 8k+ | | Non-prefixed global variable |
| #24 | EleSpare – News, Magazine and Blog Addons for Elementor | 22 | 733 | 1,423 | 10k+ | | Non-prefixed global variable |
| #25 | File Manager Pro – Filester | 22 | 565 | 391 | 100k+ | | Request data is not unslashed |
| #26 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | 22 | 1,031 | 451 | 4k+ | | Output is not escaped |
| #27 | Happyforms – Form Builder for WordPress: Drag & Drop Contact Forms, Surveys, Payments & Multipurpose Forms | 22 | 1,037 | 722 | 20k+ | | Unsafe printing function |
| #28 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,361 | 3,384 | 70k+ | | Non-prefixed global variable |
| #29 | Custom Login Page Customizer – Login Designer | 22 | 588 | 1,455 | 30k+ | | Non-prefixed global variable |
| #30 | Smart Popup by Supsystic | 22 | 3,172 | 503 | 10k+ | | Non Singular String Literal Domain |
| #31 | Product Catalog Feed by PixelYourSite | 22 | 581 | 357 | 8k+ | | Output is not escaped |
| #32 | Slick Popup: Contact Form 7 Popup Plugin | 22 | 2,322 | 316 | 2k+ | | Text Domain Mismatch |
| #33 | Stylish Price List – Price Table Builder & QR Code Restaurant Menu | 22 | 674 | 678 | 3k+ | | Output is not escaped |
| #34 | 10Web Booster – Website speed optimization, Cache & Page Speed optimizer | 22 | 513 | 601 | 80k+ | | Non-prefixed global variable |
| #35 | Customize Feeds for Twitter | 22 | 92 | 171 | 4k+ | | Non-prefixed global variable |
| #36 | WCFM Marketplace – Multivendor Marketplace for WooCommerce | 22 | 1,937 | 1,969 | 10k+ | | Non-prefixed global variable |
| #37 | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | 22 | 559 | 675 | 10k+ | | Non-prefixed global variable |
| #38 | WP Easy Pay – Payment and Donation form Builder for Square | 22 | 893 | 1,828 | 1k+ | | Non-prefixed global variable |
| #39 | WP Express Checkout (Fast Payments via PayPal & Stripe) | 22 | 591 | 627 | 1k+ | | Output is not escaped |
| #40 | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | 22 | 5,996 | 2,790 | 5k+ | | Text Domain Mismatch |
| #41 | Recipe Cards For Your Food Blog from Zip Recipes | 22 | 1,126 | 1,731 | 1k+ | | Non-prefixed global variable |
| #42 | Admin and Site Enhancements (ASE) | 23 | 136 | 330 | 200k+ | | Nonce verification recommended |
| #43 | Autocomplete Address and Location Picker for WooCommerce | 23 | 630 | 1,299 | 2k+ | | Non-prefixed global variable |
| #44 | Beds24 Online Booking | 23 | 532 | 374 | 2k+ | | wp function not compatible with requires wp |
| #45 | Brave Popup Builder – Popup, Optins, Lead Generation, Survey & Interactive Content | 23 | 238 | 294 | 20k+ | | error log print r |
| #46 | Captivate Sync | 23 | 174 | 557 | 1k+ | | Non-prefixed global variable |
| #47 | Export WordPress Pages to Static HTML & PDF — Static Site Export | 23 | 490 | 301 | 5k+ | | Text Domain Mismatch |
| #48 | Ezoic | 23 | 432 | 516 | 10k+ | | Output is not escaped |
| #49 | Image Photo Gallery Final Tiles Grid | 23 | 578 | 1,502 | 20k+ | | Non-prefixed global variable |
| #50 | The GDPR Framework By Data443 | 23 | 1,287 | 517 | 10k+ | | Short PHP open tag found |
