| #51 | MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites | 38 | 3 | 136 | 700k+ | | | Non-prefixed hook name |
| #52 | Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery | 23 | 2,129 | 993 | 400k+ | | | Text Domain Mismatch |
| #53 | Autoptimize | 23 | 288 | 191 | 800k+ | | | Output is not escaped |
| #54 | WooPayments: Integrated WooCommerce Payments | 30 | 182 | 308 | 900k+ | | | Exception output is not escaped |
| #55 | XML Sitemap Generator for Google | 37 | 43 | 79 | 1m+ | | | Input is not validated |
| #56 | Google for WooCommerce | 37 | 328 | 121 | 800k+ | | | Exception output is not escaped |
| #57 | Spectra Gutenberg Blocks – Website Builder for the Block Editor | 25 | 253 | 3,227 | 1m+ | | | Non-prefixed global variable |
| #58 | Yoast Duplicate Post | 70 | 8 | 88 | 4m+ | | | Nonce verification recommended |
| #59 | Duplicate Page | 40 | 39 | 43 | 3m+ | | | Unsafe printing function |
| #60 | Compliance by Hu-manity.co | 31 | 153 | 335 | 900k+ | | | Missing nonce verification |
| #61 | Kadence Blocks — Page Builder Toolkit for Gutenberg Editor | 23 | 55 | 2,127 | 600k+ | | | Non-prefixed global variable |
| #62 | Kadence Security – Password, Two Factor Authentication, and Brute Force Protection | 23 | 1,053 | 967 | 700k+ | | | Missing Translators Comment |
| #63 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | | | Non-prefixed global variable |
| #64 | Loco Translate | 26 | 454 | 242 | 1m+ | | | Output is not escaped |
| #65 | WP Statistics – Simple, privacy-friendly Google Analytics alternative | 25 | 610 | 2,465 | 600k+ | | | Non-prefixed global variable |
| #66 | Sucuri Security – Auditing, Malware Scanner and Security Hardening | 94 | 52 | 5 | 600k+ | | | Missing direct file access protection |
| #67 | Advanced Editor Tools | 41 | 143 | 84 | 1m+ | | | Unsafe printing function |
| #68 | Newsletter – Send awesome emails from WordPress | 24 | 898 | 2,214 | 200k+ | | | Non-prefixed global variable |
| #69 | File Manager | 22 | 740 | 520 | 1m+ | | | Unsafe printing function |
| #70 | Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode | 25 | 99 | 1,035 | 700k+ | | | Non-prefixed global variable |
| #71 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | | | Request data is not unslashed |
| #72 | Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | 22 | 207 | 323 | 500k+ | | | Non-prefixed global variable |
| #73 | Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] | 53 | 15 | 46 | 1m+ | | | Non-prefixed global variable |
| #74 | Redux Framework | 100 | | 0 | 900k+ | | | No open findings |
| #75 | YITH WooCommerce Wishlist | 24 | 448 | 1,486 | 400k+ | | | Non-prefixed global variable |
| #76 | WPS Hide Login | 41 | 34 | 72 | 2m+ | | | Nonce verification recommended |
| #77 | Loginizer | 25 | 814 | 504 | 1m+ | | | Output is not escaped |
| #78 | Complianz – GDPR/CCPA Cookie Consent | 24 | 487 | 403 | 1m+ | | | Missing Arg Domain |
| #79 | Page Builder Gutenberg Blocks – CoBlocks | 50 | 167 | 36 | 300k+ | | | block api version too low |
| #80 | ManageWP Worker | 22 | 507 | 565 | 1m+ | | | Non-prefixed class |
| #81 | Polylang | 26 | 36 | 564 | 800k+ | | | Non-prefixed hook name |
| #82 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | | | Unsafe printing function |
| #83 | Ocean Extra | 23 | 1,494 | 2,107 | 500k+ | | | Non-prefixed global variable |
| #84 | Formidable Forms – WordPress Form Builder for Contact Forms, Calculators, Quizzes & More | 21 | 52 | 1,959 | 300k+ | | | Non-prefixed global variable |
| #85 | WooCommerce PayPal Payments | 37 | 194 | 110 | 800k+ | | | Exception output is not escaped |
| #86 | Shortcodes Ultimate – Content Elements | 24 | 656 | 1,552 | 400k+ | | | Non-prefixed global variable |
| #87 | CleanTalk Anti-Spam. Spam Firewall & Bot protection | 24 | 825 | 1,079 | 200k+ | | | Missing nonce verification |
| #88 | BackWPup – WordPress Backup & Restore Plugin | 35 | 12 | 779 | 500k+ | | | Non-prefixed global variable |
| #89 | TablePress – Tables in WordPress made easy | 25 | 847 | 2,174 | 600k+ | | | Non-prefixed global variable |
| #90 | Custom Post Type UI | 53 | 16 | 23 | 1m+ | | | Output is not escaped |
| #91 | Meta Box | 96 | 5 | 16 | 500k+ | | | Non-prefixed hook name |
| #92 | Mailchimp for WooCommerce | 24 | 523 | 663 | 200k+ | | | Non-prefixed global variable |
| #93 | Smart Slider 3 | 23 | 261 | 268 | 800k+ | | | Non-prefixed global variable |
| #94 | PDF Invoices & Packing Slips for WooCommerce | 35 | 35 | 964 | 300k+ | | | Non-prefixed hook name |
| #95 | Regenerate Thumbnails | 82 | 10 | 9 | 1m+ | | | Direct Query |
| #96 | Broken Link Checker | 25 | 727 | 600 | 500k+ | | | Output is not escaped |
| #97 | User Role Editor | 43 | 117 | 145 | 700k+ | | | Output is not escaped |
| #98 | Code Snippets | 36 | 34 | 203 | 1m+ | | | Nonce verification recommended |
| #99 | Query Monitor | 31 | 44 | 273 | 200k+ | | | Non-prefixed class |
| #100 | One Click Demo Import | 38 | 22 | 84 | 1m+ | | | Non-prefixed global variable |