| #4751 | Manage Privacy Options Page | 79 | 3 | 11 | 1k+ | | | Input is not validated |
| #4752 | Manage Upload Types | 67 | 7 | 13 | 500 | | | Output is not escaped |
| #4753 | Manage User Columns | 42 | 15 | 27 | 1k+ | | | Request data is not unslashed |
| #4754 | Manage XML-RPC | 98 | 3 | 1 | 6k+ | | | file system operations is writable |
| #4755 | Manager for IcoMoon | 32 | 270 | 68 | 400 | | | Short PHP open tag found |
| #4756 | Manage/View Your Posts Only | 87 | 5 | 3 | 400 | | | Input is not sanitized |
| #4757 | Cool Integration for LearnPress & WooCommerce | 96 | 4 | 4 | 1k+ | | | trademarked term |
| #4758 | Mang Board WP | 24 | 1,249 | 4,720 | 9k+ | | | Non-prefixed global variable |
| #4759 | Mango Buttons | 59 | 14 | 21 | 3k+ | | | Output is not escaped |
| #4760 | Mantenimiento web | 63 | 49 | 15 | 20k+ | | | Text Domain Mismatch |
| #4761 | MantraBrain Starter Sites | MantraBrain Theme Demo Importer | 34 | 117 | 61 | 1k+ | | | Output is not escaped |
| #4762 | Manual Image Crop | 40 | 178 | 61 | 8k+ | | | Output is not escaped |
| #4763 | Admin Tweaks | 24 | 1,507 | 206 | 1k+ | | | Text Domain Mismatch |
| #4764 | Map Block for Google Maps | 35 | 6 | 5 | 20k+ | | | Hidden files included |
| #4765 | Map Block Leaflet | 67 | 52 | 7 | 700 | | | Short PHP open tag found |
| #4766 | Map Categories to Pages | 39 | 48 | 13 | 700 | | | Output is not escaped |
| #4767 | Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce | 39 | 76 | 64 | 1k+ | | | Missing Translators Comment |
| #4768 | MapPress Maps for WordPress | 32 | 695 | 133 | 30k+ | | | Missing Arg Domain |
| #4769 | Block for Apple Maps | 92 | 14 | 3 | 1k+ | | | Missing direct file access protection |
| #4770 | Maps for WP | 39 | 169 | 73 | 400 | | | Output is not escaped |
| #4771 | Mapster WP Maps | 21 | 3,440 | 2,903 | 3k+ | | | Text Domain Mismatch |
| #4772 | MapSVG – Vector maps, Image maps, Google Maps | 35 | 74 | 47 | 1k+ | | | Missing direct file access protection |
| #4773 | Marin Companion | 87 | 19 | 66 | 500 | | | Non-prefixed global variable |
| #4774 | Mark New Posts | 40 | 61 | 39 | 500 | | | Non Singular String Literal Domain |
| #4775 | Mark Posts | 35 | 30 | 34 | 1k+ | | | Output is not escaped |
| #4776 | Markdown for AI Agents | 99 | 1 | 1 | 500 | | | Non-prefixed class |
| #4777 | Marker.io – Visual Website Feedback | 61 | 6 | 31 | 4k+ | | | Request data is not unslashed |
| #4778 | Market Exporter | 93 | 10 | 20 | 1k+ | | | Non-prefixed hook name |
| #4779 | Marketing Automation | 24 | 440 | 677 | 600 | | | Non-prefixed global variable |
| #4780 | Gist All-In-One Marketing – Live Chat, Popups, Email | 69 | 24 | 11 | 500 | | | Output is not escaped |
| #4781 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution | 22 | 1,131 | 1,844 | 800 | | | Non-prefixed global variable |
| #4782 | Markup by Attribute for WooCommerce | 39 | 46 | 102 | 2k+ | | | Direct Query |
| #4783 | Markup Markdown | 74 | 18 | 128 | 2k+ | | | Non-prefixed global variable |
| #4784 | Marquee Addons for Elementor – Essential Motion Widgets & Templates | 94 | 2 | 24 | 20k+ | | | Post Not In exclude |
| #4785 | Marquee Block | 99 | 2 | 0 | 1k+ | | | Missing direct file access protection |
| #4786 | Marquee image crawler | 35 | 168 | 136 | 700 | | | Non-prefixed global variable |
| #4787 | Marquee Running Text | 85 | 11 | 7 | 5k+ | | | Missing direct file access protection |
| #4788 | MarqueeAll – Elementor Marquee for Image, Text, Post Grid, Testimonial, Cryptocurrency & News Ticker 🌀 | 100 | | 0 | 1k+ | | | No open findings |
| #4789 | LexonRank: AI Link Building, Free Backlinks & SEO Automation | 55 | 15 | 20 | 1k+ | | | Nonce verification recommended |
| #4790 | Marvy – Background Animations for Elementor | 55 | 63 | 34 | 4k+ | | | Text Domain Mismatch |
| #4791 | MAS Elementor | 89 | 19 | 216 | 1k+ | | | Non-prefixed hook name |
| #4792 | MAS Static Content | 91 | 3 | 7 | 10k+ | | | Non-prefixed hook name |
| #4793 | MAS Brands for WooCommerce | 56 | 80 | 15 | 10k+ | | | Text Domain Mismatch |
| #4794 | MAS Companies For WP Job Manager | 33 | 62 | 308 | 1k+ | | | Non-prefixed hook name |
| #4795 | MAS Company Reviews For WP Job Manager | 40 | 44 | 71 | 1k+ | | | Output is not escaped |
| #4796 | Mascaras CF7 | 39 | 54 | 16 | 1k+ | | | Text Domain Mismatch |
| #4797 | Muslim Prayer Time-Salah/Iqamah | 32 | 155 | 179 | 400 | | | date date |
| #4798 | Input Mask For Elementor Form Fields | 100 | | 1 | 20k+ | | | Non-prefixed class |
| #4799 | Masks Form Fields | 99 | 2 | 0 | 9k+ | | | Missing direct file access protection |
| #4800 | Mass Delete Unused Tags | 42 | 21 | 9 | 900 | | | Output is not escaped |
