| #7101 | WP-PageNavi | 35 | 84 | 95 | 500k+ | | | Non Singular String Literal Domain |
| #7102 | Meta pixel for WordPress | 35 | 90 | 40 | 400k+ | | | Exception output is not escaped |
| #7103 | PDF Invoices & Packing Slips for WooCommerce | 35 | 35 | 966 | 300k+ | | | Non-prefixed hook name |
| #7104 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | 35 | 131 | 41 | 300k+ | | | Missing direct file access protection |
| #7105 | Simple History – Track, Log, and Audit WordPress Changes | 35 | 32 | 122 | 300k+ | | | Non-prefixed global variable |
| #7106 | Health Check & Troubleshooting | 35 | 264 | 238 | 300k+ | | | Missing Arg Domain |
| #7107 | Fonts Plugin | Google Fonts, Adobe Fonts & Upload Fonts | 35 | 41 | 8 | 200k+ | | | Missing direct file access protection |
| #7108 | PrettyLinks – Affiliate Link Management, URL Shortener, Link Cloaking, Tracking & Branded Short Links | 35 | 1 | 5 | 200k+ | | | Database parameter is not escaped |
| #7109 | Cloudflare | 35 | 28 | 85 | 200k+ | | | Non-prefixed namespace |
| #7110 | Force Regenerate Thumbnails | 35 | 12 | 17 | 200k+ | | | unlink unlink |
| #7111 | TikTok | 35 | 31 | 22 | 200k+ | | | Missing Arg Domain |
| #7112 | Imsanity | 35 | 32 | 29 | 200k+ | | | Direct Query |
| #7113 | Instant Indexing for Google | 35 | 13 | 62 | 200k+ | | | Non-prefixed global variable |
| #7114 | Custom Post Type Permalinks | 35 | 8 | 4 | 200k+ | | | Setting is missing a sanitization callback |
| #7115 | Page Optimize | 35 | 70 | 41 | 200k+ | | | Non Singular String Literal Domain |
| #7116 | SiteOrigin CSS | 35 | 61 | 84 | 100k+ | | | Not In Footer |
| #7117 | WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets | 35 | 35 | 22 | 100k+ | | | Missing direct file access protection |
| #7118 | Starter Sites & Templates by Neve | 35 | 28 | 88 | 100k+ | | | Non-prefixed hook name |
| #7119 | Image Widget | 35 | 165 | 31 | 100k+ | | | Output is not escaped |
| #7120 | Presto Player | 35 | 37 | 78 | 100k+ | | | Missing Arg Domain |
| #7121 | CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress | 35 | 20 | 10 | 100k+ | | | Missing Arg Domain |
| #7122 | WP-PostViews | 35 | 132 | 64 | 100k+ | | | Unsafe printing function |
| #7123 | WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel | 35 | 41 | 10 | 100k+ | | | wp function not compatible with requires wp |
| #7124 | Disable and Remove Google Fonts | GDPR & DSGVO friendly | 35 | 21 | 11 | 100k+ | | | Missing Translators Comment |
| #7125 | SSL Insecure Content Fixer | 35 | 28 | 60 | 100k+ | | | Input is not sanitized |
| #7126 | ACF Content Analysis for Yoast SEO | 35 | 9 | 17 | 100k+ | | | Non-prefixed constant |
| #7127 | Simple CAPTCHA with Cloudflare Turnstile | 35 | 82 | 148 | 100k+ | | | Output is not escaped |
| #7128 | MainWP Child Reports | 35 | 49 | 116 | 100k+ | | | Non-prefixed hook name |
| #7129 | TypeSquare Webfonts for エックスサーバー | 35 | 183 | 98 | 100k+ | | | Missing Arg Domain |
| #7130 | String locator | 35 | 52 | 319 | 100k+ | | | Non-prefixed global variable |
| #7131 | Flexible SSL for CloudFlare | 35 | 9 | 6 | 100k+ | | | Output is not escaped |
| #7132 | Newsletters, Email Marketing, SMS and Popups by Omnisend | 35 | 4 | 2 | 100k+ | | | Hidden files included |
| #7133 | Disable XML-RPC-API | 35 | 444 | 52 | 100k+ | | | Text Domain Mismatch |
| #7134 | WPZOOM Connect: Social Icons Widget, Share Buttons & Click to Chat | 35 | 28 | 31 | 90k+ | | | Input is not sanitized |
| #7135 | Cache Enabler | 35 | 44 | 75 | 90k+ | | | Input is not sanitized |
| #7136 | Social Feed Gallery | 35 | 104 | 52 | 80k+ | | | Text Domain Mismatch |
| #7137 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | 35 | 6 | 56 | 80k+ | | | Post Not In exclude |
| #7138 | Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager | 35 | 64 | 64 | 80k+ | | | Non-prefixed global variable |
| #7139 | SiteGround Migrator | 35 | 113 | 74 | 80k+ | | | Missing Arg Domain |
| #7140 | Heartbeat Control | 35 | 27 | 18 | 80k+ | | | Missing Arg Domain |
| #7141 | Database Backup for WordPress | 35 | 128 | 88 | 70k+ | | | Output is not escaped |
| #7142 | Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts | 35 | 64 | 91 | 60k+ | | | Output is not escaped |
| #7143 | ImageMagick Engine | 35 | 63 | 29 | 60k+ | | | Unsafe printing function |
| #7144 | Simple Image Sizes | 35 | 53 | 75 | 60k+ | | | Unsafe printing function |
| #7145 | Conditional Menus | 35 | 92 | 28 | 60k+ | | | Text Domain Mismatch |
| #7146 | WP Duplicate Page | 35 | 44 | 50 | 60k+ | | | Text Domain Mismatch |
| #7147 | Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing | 35 | 50 | 236 | 50k+ | | | Non-prefixed hook name |
| #7148 | Open Graph and Twitter Card Tags | 35 | 15 | 27 | 50k+ | | | error log error log |
| #7149 | WP Store Locator | 35 | 26 | 14 | 50k+ | | | wp function not compatible with requires wp |
| #7150 | Gum Addon for Elementor | 35 | 660 | 72 | 50k+ | | | Text Domain Mismatch |