| #5301 | New Order Notification for WooCommerce | 45 | 21 | 42 | 900 | | | Output is not escaped |
| #5302 | Notix – Web Push Notifications | 44 | 22 | 41 | 600 | | | Non-prefixed global variable |
| #5303 | Page Visits Counter – Lite | 35 | 28 | 35 | 5k+ | | | Output is not escaped |
| #5304 | Razorpay Subscriptions for WooCommerce | 44 | 28 | 35 | 600 | | | Exception output is not escaped |
| #5305 | Real Thumbnail Generator: Efficient regeneration of thumbnails in all sizes | 85 | 5 | 58 | 1k+ | | | Non-prefixed constant |
| #5306 | Retrigger Notifications Gravity Forms | 64 | 55 | 8 | 1k+ | | | Text Domain Mismatch |
| #5307 | Russian Post and EMS for WooCommerce | 68 | 16 | 47 | 1k+ | | | Non-prefixed global variable |
| #5308 | Sendy Widget | 40 | 46 | 17 | 700 | | | Output is not escaped |
| #5309 | SnapScan Payment Gateway | 41 | 33 | 30 | 700 | | | Output is not escaped |
| #5310 | Visual Builder for Contact Form 7 | 40 | 20 | 43 | 500 | | | Output is not escaped |
| #5311 | Widget Icon | 53 | 53 | 10 | 700 | | | Output is not escaped |
| #5312 | Print Invoice & Delivery Notes for WooCommerce | 95 | 5 | 58 | 30k+ | | | Non-prefixed global variable |
| #5313 | WPEPP – Essential Security, Password Protect & Login Page Customizer | 39 | 34 | 29 | 3k+ | | | Unsupported Identifier Placeholder |
| #5314 | WP Hotel Booking Stripe Payment | 43 | 34 | 29 | 400 | | | Text Domain Mismatch |
| #5315 | atec Cache APCu | 81 | 41 | 21 | 3k+ | | | wp function not compatible with requires wp |
| #5316 | AADMY – Add Auto Date Month Year Into Posts | 73 | 30 | 32 | 400 | | | Non-prefixed function |
| #5317 | Autocomplete LearnDash Lessons and Topics | 40 | 46 | 16 | 1k+ | | | Missing Arg Domain |
| #5318 | Billingo Official for WooCommerce | 40 | 25 | 37 | 3k+ | | | Output is not escaped |
| #5319 | Blockskit | 54 | 33 | 29 | 8k+ | | | Text Domain Mismatch |
| #5320 | Custom Buttons for WooCommerce – Add To Cart Button for Product Types | 61 | 58 | 4 | 2k+ | | | Text Domain Mismatch |
| #5321 | Contact Form 7 Modules | 60 | 47 | 15 | 5k+ | | | Text Domain Mismatch |
| #5322 | Contador de Visitas | 42 | 37 | 25 | 500 | | | SQL query is not prepared |
| #5323 | Controlled Admin Access | 41 | 22 | 40 | 10k+ | | | Nonce verification recommended |
| #5324 | Dashboard Welcome for Beaver Builder | 40 | 38 | 24 | 2k+ | | | Output is not escaped |
| #5325 | Discount Rules for WooCommerce – Disco | Dynamic Pricing, Conditions, Bulk, Bundle, BOGO | 54 | 1 | 61 | 2k+ | | | Request data is not unslashed |
| #5326 | Simple HTML Sitemap | 42 | 42 | 20 | 1k+ | | | Text Domain Mismatch |
| #5327 | Download Media Library | 49 | 22 | 40 | 1k+ | | | Text Domain Mismatch |
| #5328 | Drip for Gravity Forms | 39 | 41 | 21 | 500 | | | Unsafe printing function |
| #5329 | Genesis Connect for WooCommerce | 96 | 45 | 17 | 10k+ | | | Text Domain Mismatch |
| #5330 | GravityExport Lite for Gravity Forms | 67 | 48 | 14 | 10k+ | | | Output is not escaped |
| #5331 | Hide Cart Functions | 42 | 12 | 50 | 3k+ | | | Nonce verification recommended |
| #5332 | Hide WP Admin Login | 41 | 23 | 39 | 500 | | | Nonce verification recommended |
| #5333 | WP All Import – Import SEO Settings for Rank Math SEO | 42 | 18 | 44 | 7k+ | | | Nonce verification recommended |
| #5334 | Impressum | 89 | 50 | 12 | 4k+ | | | Short PHP open tag found |
| #5335 | LegalBlink for Aruba | 91 | 33 | 29 | 8k+ | | | Missing direct file access protection |
| #5336 | onepay Payment Gateway For WooCommerce | 70 | 49 | 13 | 900 | | | Text Domain Mismatch |
| #5337 | WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation | 75 | 2 | 60 | 1k+ | | | Database parameter is not escaped |
| #5338 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | 35 | 6 | 56 | 80k+ | | | Post Not In exclude |
| #5339 | Push7 | 35 | 45 | 17 | 700 | | | Short PHP open tag found |
| #5340 | SimpleModal Login | 39 | 50 | 12 | 700 | | | Unsafe printing function |
| #5341 | Sucuri Security – Auditing, Malware Scanner and Security Hardening | 82 | 51 | 11 | 600k+ | | | Missing direct file access protection |
| #5342 | Ultimate Floating Widgets – Make popup sidebars | 50 | 48 | 14 | 3k+ | | | Output is not escaped |
| #5343 | Novalnet Payment Gateway for WooCommerce | 94 | 4 | 58 | 1k+ | | | Non-prefixed class |
| #5344 | WP-Farsi | 65 | 26 | 36 | 600 | | | Non-prefixed function |
| #5345 | WP Google Search | 48 | 45 | 17 | 5k+ | | | Output is not escaped |
| #5346 | WP Hotel Booking WPML Support | 43 | 10 | 52 | 400 | | | Direct Query |
| #5347 | WP All Import – Job Listing Import for WP Job Manager | 40 | 35 | 27 | 2k+ | | | Output is not escaped |
| #5348 | XPoster – Share to Bluesky and Mastodon | 62 | 26 | 36 | 10k+ | | | Missing nonce verification |
| #5349 | XML Feed for Skroutz & BestPrice for WooCommerce | 57 | 12 | 50 | 600 | | | Input is not sanitized |
| #5350 | Advanced Custom Fields – Taxonomy Field add-on | 50 | 57 | 4 | 1k+ | | | Non Singular String Literal Domain |