| #3801 | Rife Extensions & Templates for Elementor | 69 | 22 | 7 | 20k+ | | | Output is not escaped |
| #3802 | Scroll Down Arrow | 69 | 30 | 30 | 800 | | | Missing Arg Domain |
| #3803 | Search by SKU for Woocommerce | 69 | 13 | 10 | 10k+ | | | Direct Query |
| #3804 | Search & Filter | 69 | 21 | 28 | 50k+ | | | Input is not sanitized |
| #3805 | Shoppable Social Media Galleries by Sauce | 69 | 13 | 13 | 2k+ | | | Non-prefixed function |
| #3806 | Simple Login Lockdown | 69 | 13 | 6 | 4k+ | | | Output is not escaped |
| #3807 | Simple Mathjax | 69 | 29 | 3 | 4k+ | | | Short PHP open tag found |
| #3808 | Simple YouTube Embed | 69 | 11 | 11 | 5k+ | | | Nonce verification recommended |
| #3809 | SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | 69 | 17 | 952 | 6k+ | | | Non-prefixed global variable |
| #3810 | TJ Custom CSS | 69 | 18 | 10 | 8k+ | | | Output is not escaped |
| #3811 | Easy Username Updater | 69 | 19 | 28 | 10k+ | | | Missing Arg Domain |
| #3812 | VWE – Voorheen Autodealers.nl | 69 | 23 | 10 | 500 | | | curl curl setopt |
| #3813 | WC Variations Radio Buttons | 69 | 12 | 21 | 3k+ | | | Non-prefixed global variable |
| #3814 | WP Bulk Delete | 69 | 7 | 44 | 100k+ | | | Non-prefixed hook name |
| #3815 | WP Disable Automatic Updates | 69 | 14 | 8 | 2k+ | | | Output is not escaped |
| #3816 | Export WordPress Menus | 69 | 94 | 22 | 1k+ | | | wp function not compatible with requires wp |
| #3817 | WP Mapa Politico España | 69 | 32 | 12 | 400 | | | Output is not escaped |
| #3818 | WP Original Media Path | 69 | 35 | 3 | 6k+ | | | Non Singular String Literal Domain |
| #3819 | WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google/Matomo) Analytics) | 69 | 9 | 24 | 700 | | | Non-prefixed constant |
| #3820 | Zapper Payments | 69 | 11 | 11 | 700 | | | Output is not escaped |
| #3821 | ACF: Yandex Maps Field | 68 | 73 | 10 | 800 | | | Text Domain Mismatch |
| #3822 | Auto Image Title & Alt | 68 | 13 | 4 | 400 | | | Missing direct file access protection |
| #3823 | Autoclear Autoptimize Cache | 68 | 16 | 3 | 8k+ | | | Output is not escaped |
| #3824 | Book Previewer for Woocommerce | 68 | 23 | 40 | 1k+ | | | Non-prefixed global variable |
| #3825 | Booter – Bots & Crawlers Manager | 68 | | 81 | 7k+ | | | Non-prefixed global variable |
| #3826 | Member Swipe for BuddyPress | 68 | 9 | 13 | 600 | | | Missing direct file access protection |
| #3827 | Category Featured Images | 68 | 5 | 12 | 600 | | | Input is not sanitized |
| #3828 | Clearout Email Validator – Real-Time Email Verification on WordPress Forms | 68 | 21 | 80 | 600 | | | Non-prefixed function |
| #3829 | Collapsing Categories | 68 | 29 | 8 | 4k+ | | | Missing direct file access protection |
| #3830 | Comment Approved | 68 | 6 | 14 | 500 | | | Input is not sanitized |
| #3831 | Controls for Contact Form 7 (Redirects, Analytics & Tracking) | 68 | 4 | 14 | 10k+ | | | Missing nonce verification |
| #3832 | ConvertBox Auto Embed WordPress plugin | 68 | 18 | 10 | 5k+ | | | Missing direct file access protection |
| #3833 | Envíos Coordinadora Woocommerce (Oficial) – WordPress plugin | 68 | 12 | 30 | 600 | | | Missing Arg Domain |
| #3834 | Content Security Policy Manager | 68 | 19 | 2 | 2k+ | | | Output is not escaped |
| #3835 | Default Attributes for WooCommerce | 68 | 22 | 18 | 400 | | | Non-prefixed hook name |
| #3836 | Desert Companion | 68 | 412 | 837 | 20k+ | | | Non-prefixed global variable |
| #3837 | Exchange Rates Today | 68 | 9 | 10 | 400 | | | Non-prefixed function |
| #3838 | Expire Sticky Posts | 68 | 16 | 8 | 1k+ | | | Text Domain Mismatch |
| #3839 | Export media with selected content (by DKZR) | 68 | 10 | 14 | 40k+ | | | Direct Query |
| #3840 | Faire for WooCommerce | 68 | 4 | 86 | 800 | | | Direct Query |
| #3841 | Fatal Error Notify | 68 | 10 | 12 | 6k+ | | | Request data is not unslashed |
| #3842 | Featured Video for WooCommerce | 68 | 40 | 13 | 700 | | | Text Domain Mismatch |
| #3843 | Free Assets Library – Openverse/Pixabay 600+ Million Images | 68 | 44 | 36 | 4k+ | | | Text Domain Mismatch |
| #3844 | WCAG 2.0 form fields for Gravity Forms | 68 | 11 | 13 | 5k+ | | | Output is not escaped |
| #3845 | Guestplan Booking Widget | 68 | 43 | 6 | 1k+ | | | Text Domain Mismatch |
| #3846 | Hreflang Manager – Hreflang Implementation for International SEO | 68 | 21 | 15 | 8k+ | | | wp function not compatible with requires wp |
| #3847 | 简数采集器 | 68 | 5 | 25 | 1k+ | | | Request data is not unslashed |
| #3848 | Logo Switcher | 68 | 14 | 2 | 800 | | | Output is not escaped |
| #3849 | Mailster Contact Form 7 | 68 | 35 | 20 | 1k+ | | | Text Domain Mismatch |
| #3850 | ミエルカヒートマップ タグマネージャー | 68 | 9 | 11 | 800 | | | Input is not validated |
