| #4051 | Auto iFrame | 81 | 2 | 11 | 3k+ | | | Input is not sanitized |
| #4052 | Ultimate Member – Terms & Conditions | 57 | 19 | 9 | 4k+ | | | Output is not escaped |
| #4053 | WP-Cron Control | 37 | 54 | 22 | 1k+ | | | Output is not escaped |
| #4054 | CCAvenue Payment Gateway for WooCommerce | 42 | 53 | 40 | 3k+ | | | Text Domain Mismatch |
| #4055 | Easy Social Sharing | 34 | 16 | 240 | 1k+ | | | Non-prefixed global variable |
| #4056 | Jetpack Lite | 91 | 3 | 7 | 600 | | | Non-prefixed function |
| #4057 | SEO合集(支持百度/Google/Bing/头条推送) | 31 | 13 | 1,407 | 800 | | | Direct Query |
| #4058 | MMWD Remove Add To Cart for WooCommerce | 99 | 6 | 2 | 3k+ | | | Text Domain Mismatch |
| #4059 | Icon List Block – Add Icon-Based Lists with Custom Styles | 91 | 3 | 7 | 4k+ | | | Not In Footer |
| #4060 | WP-CRM System – Manage Clients and Projects | 23 | 297 | 1,094 | 800 | | | Non-prefixed global variable |
| #4061 | CoolClock – a Javascript Analog Clock | 79 | 21 | 9 | 2k+ | | | Output is not escaped |
| #4062 | jQuery Manager for WordPress | 33 | 86 | 24 | 7k+ | | | Output is not escaped |
| #4063 | Automatic Post Tagger | 38 | 592 | 307 | 2k+ | | | Output is not escaped |
| #4064 | Transcoder | 35 | 42 | 111 | 400 | | | Non-prefixed function |
| #4065 | WPEPP – Essential Security, Password Protect & Login Page Customizer | 39 | 34 | 29 | 3k+ | | | Unsupported Identifier Placeholder |
| #4066 | WP Old Post Date Remover | 57 | 25 | 7 | 2k+ | | | Unsafe printing function |
| #4067 | Align Woo Buttons | 98 | 3 | 6 | 3k+ | | | Non-prefixed function |
| #4068 | PDF Ink Lite – Free PDF Watermark & Password Protection | 24 | 226 | 561 | 2k+ | | | Non-prefixed global variable |
| #4069 | Flexible Quantity – Measurement Price Calculator for WooCommerce | 98 | 2 | 9 | 2k+ | | | Non-prefixed global variable |
| #4070 | Popup Box – Easily Create WordPress Popups | 45 | 7 | 151 | 7k+ | | | Non-prefixed global variable |
| #4071 | Code Manager | 32 | 217 | 261 | 500 | | | Nonce verification recommended |
| #4072 | Bangla Date Display | 74 | 43 | 4 | 4k+ | | | Text Domain Mismatch |
| #4073 | Premmerce SEO for WooCommerce | 26 | 550 | 1,285 | 1k+ | | | Non-prefixed global variable |
| #4074 | Anti-Captcha (anti-spam botblocker) | 56 | 23 | 26 | 1k+ | | | rand mt rand |
| #4075 | Always Edit In HTML | 77 | 7 | 5 | 1k+ | | | Output is not escaped |
| #4076 | Version Control for jQuery | 92 | 5 | 1 | 6k+ | | | Offloaded Content |
| #4077 | WebberZone Snippetz – Header, Body and Footer manager | 96 | 1 | 53 | 2k+ | | | Dynamic hook name |
| #4078 | AIO Forms – Craft Complex Forms Easily | 25 | 189 | 418 | 700 | | | Mixed line endings |
| #4079 | Simple JWT Login – Allows you to use JWT on REST endpoints. | 38 | 712 | 95 | 4k+ | | | Output is not escaped |
| #4080 | Google Plus Authorship | 69 | 6 | 15 | 1k+ | | | trademarked term |
| #4081 | WP Paint – WordPress Image Editor | 40 | 30 | 29 | 6k+ | | | Missing Arg Domain |
| #4082 | WPS Child Theme Generator | 39 | 111 | 85 | 6k+ | | | Unsafe printing function |
| #4083 | Ads.txt Manager | 61 | 33 | 16 | 4k+ | | | Text Domain Mismatch |
| #4084 | TK Google Fonts GDPR Compliant | 32 | 582 | 34 | 1k+ | | | Output is not escaped |
| #4085 | Simple Client Dashboard | 47 | 38 | 36 | 2k+ | | | Missing direct file access protection |
| #4086 | Simple Post Notes | 70 | 5 | 16 | 9k+ | | | Request data is not unslashed |
| #4087 | GST Invoice for WooCommerce | 59 | 10 | 42 | 1k+ | | | Missing nonce verification |
| #4088 | Civic Cookie Control | 33 | 1,881 | 219 | 2k+ | | | Text Domain Mismatch |
| #4089 | Mango Buttons | 59 | 14 | 21 | 3k+ | | | Output is not escaped |
| #4090 | Dinosaur Game | 99 | 1 | 0 | 1k+ | | | outdated tested upto header |
| #4091 | Express, Certified Post, Bike Delivery and Iranian Postal Companies for WooCommerce | 99 | 1 | 2 | 900 | | | Non-prefixed function |
| #4092 | Bulk Edit and Create User Profiles – WP Sheet Editor | 24 | 979 | 969 | 1k+ | | | Text Domain Mismatch |
| #4093 | PDF Flipbook, WPBakery Addon – Unreal FlipBook | 36 | 400 | 92 | 1k+ | | | Non Singular String Literal Domain |
| #4094 | Announcement & Notification Banner – Bulletin | 23 | 930 | 1,576 | 2k+ | | | Non-prefixed global variable |
| #4095 | Breadcrumbs Divi Module | 67 | 44 | 38 | 10k+ | | | Text Domain Mismatch |
| #4096 | Post title marquee scroll | 43 | 43 | 25 | 1k+ | | | Output is not escaped |
| #4097 | Sp*tify Play Button for WordPress | 54 | 21 | 15 | 3k+ | | | Text Domain Mismatch |
| #4098 | WP-Markdown | 35 | 31 | 39 | 400 | | | Output is not escaped |
| #4099 | Grow for WordPress | 96 | 7 | 5 | 10k+ | | | trademarked term |
| #4100 | Display Featured Image for Genesis | 46 | 64 | 59 | 1k+ | | | Non-prefixed global variable |