| #9901 | Threat Scan Plugin | 41 | 29 | 17 | 400 | | | Output is not escaped |
| #9902 | Tiny gtag.js Analytics | 51 | 39 | 0 | 400 | | | Output is not escaped |
| #9903 | Tock Widget | 78 | 6 | 9 | 400 | | | Missing direct file access protection |
| #9904 | TopList.cz | 38 | 138 | 7 | 400 | | | Output is not escaped |
| #9905 | Topper Pack | 98 | 3 | 0 | 400 | | | mismatched tested up to header |
| #9906 | Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction | 63 | 177 | 27 | 400 | | | Missing direct file access protection |
| #9907 | Trackserver | 38 | 17 | 356 | 400 | | | Input is not sanitized |
| #9908 | Transcoder | 35 | 42 | 111 | 400 | | | Non-prefixed function |
| #9909 | Trust Payments Gateway for WooCommerce | 80 | 15 | 17 | 400 | | | Non-prefixed class |
| #9910 | Trusty Whistleblowing Solution | 44 | 234 | 16 | 400 | | | Text Domain Mismatch |
| #9911 | Tumblr Widget | 40 | 106 | 1 | 400 | | | Output is not escaped |
| #9912 | turboSMTP | 40 | 114 | 112 | 400 | | | Unsafe printing function |
| #9913 | Tuxedo Responsive Widget Columns | 78 | 19 | 3 | 400 | | | Output is not escaped |
| #9914 | Uix Shortcodes | 33 | 246 | 444 | 400 | | | Non-prefixed global variable |
| #9915 | Flipbox Addon for Elementor | 100 | 1 | 0 | 400 | | | Missing Translators Comment |
| #9916 | Ultimate Fonts | 92 | 6 | 3 | 400 | | | Missing Arg Domain |
| #9917 | Ultimate Member Widgets for Elementor – Login Form, Register Form & User Directory | 43 | 15 | 102 | 400 | | | Non-prefixed namespace |
| #9918 | Ultimate Reviews | 26 | 515 | 345 | 400 | | | Output is not escaped |
| #9919 | Universal Google Analytics (GA3 and GA4) | 57 | 28 | 2 | 400 | | | Output is not escaped |
| #9920 | Unlimited Elements Blocks Library | 22 | 708 | 1,822 | 400 | | | Non-prefixed global variable |
| #9921 | Upload Converter for WebP | 95 | 1 | 3 | 400 | | | Input is not sanitized |
| #9922 | Url Rewrite Analyzer | 40 | 73 | 23 | 400 | | | Unsafe printing function |
| #9923 | User Location and IP | 70 | 2 | 25 | 400 | | | Input is not sanitized |
| #9924 | User role based shipping methods | 43 | 53 | 7 | 400 | | | Output is not escaped |
| #9925 | utm.codes | 43 | 34 | 33 | 400 | | | Missing nonce verification |
| #9926 | UTM Leads Tracker – XLPlugins | 40 | 21 | 38 | 400 | | | Output is not escaped |
| #9927 | UTMs Carry Pages | 84 | 4 | 11 | 400 | | | Non-prefixed global variable |
| #9928 | Image Hotspot With Tooltip For WPBakery Page Builder (formerly Visual Composer) | 92 | 61 | 12 | 400 | | | Text Domain Mismatch |
| #9929 | VenoMaps – OpenStreetMap & Privacy-Friendly Geo Maps | 86 | 20 | 6 | 400 | | | wp function not compatible with requires wp |
| #9930 | Verge3D Publishing and E-Commerce | 27 | 245 | 298 | 400 | | | Nonce verification recommended |
| #9931 | Virtual Classroom – Video Conferencing & Online Meeting with BigBlueButton | 36 | 47 | 138 | 400 | | | Nonce verification recommended |
| #9932 | Visual Header | 85 | 6 | 42 | 400 | | | Non-prefixed function |
| #9933 | Visual Sitemap | 51 | 23 | 6 | 400 | | | Output is not escaped |
| #9934 | Voyapp Chile – Lugares y Cotizador de Despachos | 35 | 225 | 84 | 400 | | | Output is not escaped |
| #9935 | Chatbox Manager | 38 | 855 | 78 | 400 | | | Output is not escaped |
| #9936 | WaveSurfer-WP | 41 | 83 | 22 | 400 | | | Unsafe printing function |
| #9937 | BeGateway Payment Gateway for WooCommerce | 39 | 57 | 44 | 400 | | | Unsafe printing function |
| #9938 | BitPay Gateway for WooCommerce | 67 | 64 | 21 | 400 | | | Text Domain Mismatch |
| #9939 | Payment Gateway for Cpay with WooCommerce | 67 | 67 | 26 | 400 | | | wp function not compatible with requires wp |
| #9940 | Change Product Author For WooCommerce | 98 | 3 | 2 | 400 | | | license mismatch |
| #9941 | Multi-Carrier EasyPost Shipping Methods & Address Validation for WooCommerce | 33 | 424 | 69 | 400 | | | Non Singular String Literal Domain |
| #9942 | Konnect Payment Gateway for WooCommerce | 59 | 39 | 16 | 400 | | | Text Domain Mismatch |
| #9943 | Web Directory Free | 20 | 808 | 174 | 400 | | | Missing direct file access protection |
| #9944 | Webhook for Discord | 71 | 119 | 20 | 400 | | | Text Domain Mismatch |
| #9945 | WebPlanex: GST Invoice India | 42 | 63 | 63 | 400 | | | Text Domain Mismatch |
| #9946 | Textmetrics | 33 | 324 | 163 | 400 | | | Output is not escaped |
| #9947 | Weer | 56 | 54 | 6 | 400 | | | Output is not escaped |
| #9948 | Wenprise WeChatPay Payment Gateway For WooCommerce | 22 | 443 | 178 | 400 | | | Exception output is not escaped |
| #9949 | Widgets for Social Post Feed | 91 | 1 | 146 | 400 | | | Non-prefixed global variable |
| #9950 | WING Website Migrator | 95 | 2 | 4 | 400 | | | Discouraged PHP function |