| #3851 | Setmore Appointments | 44 | 45 | 13 | 4k+ | | | Output is not escaped |
| #3852 | Spreaker Shortcode | 95 | 23 | 3 | 4k+ | | | Text Domain Mismatch |
| #3853 | Simple Admin Language Change | 98 | 4 | 2 | 10k+ | | | Missing direct file access protection |
| #3854 | Team Members Showcase | 25 | 591 | 1,494 | 4k+ | | | Non-prefixed global variable |
| #3855 | Omnibus — show the lowest price | 41 | 35 | 37 | 10k+ | | | Output is not escaped |
| #3856 | External Store for Shopify | 38 | 97 | 33 | 2k+ | | | Output is not escaped |
| #3857 | Hyve Lite – AI Chatbot, ChatGPT-Powered Conversational Support | 35 | 1 | 40 | 7k+ | | | Direct Query |
| #3858 | Carousel Block – Responsive Image and Content Carousel | 100 | | 1 | 7k+ | | | mismatched plugin name |
| #3859 | Superb Table (SEO Optimized Tables With Schema) | 89 | 44 | 12 | 2k+ | | | wp function not compatible with requires wp |
| #3860 | Grid Gallery – for Photo Gallery, Image Gallery & Portfolio | 41 | 9 | 74 | 1k+ | | | Request data is not unslashed |
| #3861 | Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce | 93 | 4 | 128 | 1k+ | | | Direct Query |
| #3862 | Click To Tweet | 87 | 8 | 7 | 2k+ | | | trademarked term |
| #3863 | Better Admin Bar | 54 | 27 | 63 | 3k+ | | | Non-prefixed global variable |
| #3864 | HivePress Reviews | 90 | 5 | 11 | 7k+ | | | Non-prefixed global variable |
| #3865 | Formidable PRO2PDF | 24 | 218 | 477 | 1k+ | | | Non-prefixed global variable |
| #3866 | Lord of the Files: Enhanced Upload Security | 35 | 62 | 42 | 1k+ | | | Non-prefixed global variable |
| #3867 | BuddyPress for LearnDash | 32 | 190 | 284 | 1k+ | | | Output is not escaped |
| #3868 | Icon Widget | 66 | 14 | 9 | 4k+ | | | Output is not escaped |
| #3869 | Donation Thermometer | 39 | 718 | 84 | 2k+ | | | Output is not escaped |
| #3870 | Contact Form 7 – Success Page Redirects | 65 | 5 | 15 | 10k+ | | | Input is not sanitized |
| #3871 | Optimize Images Resizing | 83 | 12 | 4 | 6k+ | | | Unsafe printing function |
| #3872 | Liveblog | 95 | 22 | 34 | 1k+ | | | Non-prefixed global variable |
| #3873 | WP Swiper | 49 | 67 | 28 | 5k+ | | | Text Domain Mismatch |
| #3874 | Post My CF7 Form | 74 | 21 | 168 | 2k+ | | | Non-prefixed global variable |
| #3875 | NIF (Num. de Contribuinte Português) for WooCommerce | 98 | 2 | 9 | 5k+ | | | Non-prefixed constant |
| #3876 | Sticky Chat Widget – Floating Chat Icons, Contact Form, Call, Click to Chat, Email & Message Buttons | 35 | 33 | 293 | 10k+ | | | Non-prefixed global variable |
| #3877 | AnyComment | 17 | 445 | 449 | 5k+ | | | Output is not escaped |
| #3878 | Error Log Viewer by BestWebSoft | 58 | 433 | 172 | 6k+ | | | Text Domain Mismatch |
| #3879 | QODE Optimizer | 74 | 1 | 249 | 20k+ | | | Non-prefixed global variable |
| #3880 | WP Posts Carousel | 40 | 199 | 12 | 3k+ | | | Unsafe printing function |
| #3881 | Color and Image Swatches for Variable Product Attributes | 32 | 173 | 111 | 1k+ | | | Output is not escaped |
| #3882 | Require Featured Image | 56 | 20 | 6 | 3k+ | | | Output is not escaped |
| #3883 | Chatbot with IBM watsonx Assistant | 33 | 324 | 83 | 400 | | | Non Singular String Literal Domain |
| #3884 | WP Mail From II | 82 | 3 | 7 | 5k+ | | | trademarked term |
| #3885 | reCAPTCHA for Ninja Forms | 56 | 21 | 9 | 600 | | | Output is not escaped |
| #3886 | OTP Login & Register Woocommerce | 34 | 148 | 202 | 1k+ | | | Missing nonce verification |
| #3887 | Gabfire Widget Pack | 31 | 1,041 | 60 | 600 | | | Output is not escaped |
| #3888 | Barion Payment Gateway for WooCommerce | 26 | 71 | 221 | 6k+ | | | Non-prefixed global variable |
| #3889 | User Specific Content | 38 | 143 | 19 | 1k+ | | | Text Domain Mismatch |
| #3890 | Ko-fi Button | 41 | 75 | 15 | 5k+ | | | Output is not escaped |
| #3891 | Showcase IDX Real Estate Search & Lead Capture | 32 | 123 | 52 | 2k+ | | | Output is not escaped |
| #3892 | Request a Quote – Quote Forms for Any WordPress Site | 23 | 240 | 1,099 | 1k+ | | | Non-prefixed hook name |
| #3893 | Log cleaner for Solid Security | 41 | 65 | 47 | 8k+ | | | Text Domain Mismatch |
| #3894 | Moloni | 22 | 902 | 356 | 2k+ | | | Missing Arg Domain |
| #3895 | Jotform – AI Chatbot | 85 | | 8 | 5k+ | | | Input is not validated |
| #3896 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages | 21 | 668 | 1,569 | 900 | | | Non-prefixed global variable |
| #3897 | CoCart – Headless REST API for WooCommerce | 99 | 1 | 2 | 1k+ | | | Non-prefixed global variable |
| #3898 | UpStream: a Project Management Plugin for WordPress | 22 | 683 | 703 | 600 | | | Non-prefixed global variable |
| #3899 | Add Follow Button For Pintrest | 91 | 21 | 5 | 400 | | | Non Singular String Literal Domain |
| #3900 | YAHMAN Add-ons | 31 | 468 | 141 | 1k+ | | | Output is not escaped |