| #1 | AI Agent by SiteGround | 54 | 28 | 6 | 1m+ | | | Exception output is not escaped |
| #2 | Hostinger Reach – AI-Powered Email Marketing for WordPress | 40 | 9 | 46 | 1m+ | | | Direct Query |
| #3 | CookieAdmin – Cookie Consent Banner | 37 | 43 | 86 | 400k+ | | | Nonce verification recommended |
| #4 | SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema | 77 | 58 | 94 | 300k+ | | | Non-prefixed hook name |
| #5 | SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers | 80 | 45 | 65 | 200k+ | | | Non-prefixed hook name |
| #6 | Site Mailer – SMTP Replacement, Email API Deliverability & Email Log | 74 | 8 | 23 | 200k+ | | | Output is not escaped |
| #7 | LatePoint – Calendar Booking Plugin for Appointments and Events | 24 | 1,841 | 937 | 100k+ | | | Output is not escaped |
| #8 | WPConsent – Cookie Banner & Cookie Consent for Privacy Compliance (GDPR / CCPA / EU Compliance Cookie Notice) | 91 | 2 | 12 | 100k+ | | | Post Not In exclude |
| #9 | Hello Plus | 94 | 15 | 38 | 80k+ | | | Post Not In exclude |
| #10 | Secure Custom Fields | 23 | 240 | 1,369 | 80k+ | | | Non-prefixed function |
| #11 | Angie – Agentic AI (Beta) | 98 | | 17 | 70k+ | | | Discouraged PHP function |
| #12 | WooCommerce Shipping | 72 | | 47 | 70k+ | | | Direct Query |
| #13 | Reddit for WooCommerce | 97 | 1 | 17 | 60k+ | | | Dynamic hook name |
| #14 | Snapchat for WooCommerce | 98 | 1 | 12 | 60k+ | | | Dynamic hook name |
| #15 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | 83 | 2 | 73 | 60k+ | | | Direct Query |
| #16 | Manage – Centralized site maintenance and monitoring | 95 | 5 | 47 | 50k+ | | | Direct Query |
| #17 | Modern Cart – WooCommerce Side Cart & Popup Cart | 86 | 8 | 95 | 50k+ | | | Non-prefixed global variable |
| #18 | Accessibility Widget by OneTap – Easy One-Click Accessibility Toolbar | 97 | 5 | 18 | 50k+ | | | Non-prefixed global variable |
| #19 | FormLayer | 96 | | 2 | 40k+ | | | Nonce verification recommended |
| #20 | Website LLMs.txt | 39 | 13 | 145 | 40k+ | | | Non-prefixed global variable |
| #21 | WP All Import – Import Add-On for ACF | 84 | 3 | 46 | 40k+ | | | Non-prefixed global variable |
| #22 | Kliken: Ads + Pixel for Meta | 100 | | 2 | 40k+ | | | Discouraged text-domain loading |
| #23 | CompressX — AVIF & WebP Converter, Media Replacement | 35 | 26 | 423 | 40k+ | | | Missing nonce verification |
| #24 | Stripe Tax – Sales tax automation for WooCommerce | 36 | 97 | 61 | 30k+ | | | Exception output is not escaped |
| #25 | SocialFeeds | 90 | | 10 | 20k+ | | | Nonce verification recommended |
| #26 | AI Provider for OpenAI | 76 | 15 | 1 | 20k+ | | | Exception output is not escaped |
| #27 | AI Provider for Google | 65 | 32 | 1 | 20k+ | | | Exception output is not escaped |
| #28 | AI Provider for Anthropic | 78 | 13 | 1 | 20k+ | | | Exception output is not escaped |
| #29 | Cloudways Site Manager | 91 | 14 | 7 | 20k+ | | | wp function not compatible with requires wp |
| #30 | Power Coupons for WooCommerce | 90 | 6 | 91 | 20k+ | | | Non-prefixed global variable |
| #31 | AI | 81 | 11 | 79 | 20k+ | | | Non-prefixed global variable |
| #32 | Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely | 53 | 34 | 90 | 20k+ | | | Database parameter is not escaped |
| #33 | Header Footer Builder for Elementor | 99 | 1 | 3 | 20k+ | | | Non-prefixed class |
| #34 | EasyTest – Simplify A/B Testing | 35 | 9 | 76 | 20k+ | | | Non-prefixed global variable |
| #35 | WooCommerce Analytics | 93 | | 25 | 20k+ | | | Direct Query |
| #36 | Marquee Addons for Elementor – Essential Motion Widgets & Templates | 94 | 2 | 24 | 20k+ | | | Post Not In exclude |
| #37 | QODE Optimizer | 74 | 1 | 249 | 20k+ | | | Non-prefixed global variable |
| #38 | Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution | 42 | 111 | 17 | 20k+ | | | Exception output is not escaped |
| #39 | Cookie Consent – GDPR & CCPA Cookie Banner & Consent Manager | 92 | | 16 | 10k+ | | | Direct Query |
| #40 | WP All Export – Export Add-On for ACF | 98 | 1 | 5 | 10k+ | | | trademarked term |
| #41 | Lead Generation Contact Widget & AI Chatbot: Chat Button, Phone Call, Telegram, Email – SiteLeads | 77 | 17 | 1 | 10k+ | | | Exception output is not escaped |
| #42 | Auto Login for Sakura Rental Server | 35 | 3 | 3 | 10k+ | | | Hidden files included |
| #43 | Instant Back/Forward | 98 | 1 | 5 | 10k+ | | | Non-prefixed hook name |
| #44 | Image Hub – Free Images from Unsplash, Pixabay, Pexels, Openverse & Giphy | 99 | | 2 | 10k+ | | | mismatched plugin name |
| #45 | Visa Acceptance Solutions | 100 | | 0 | 10k+ | | | No open findings |
| #46 | View Transitions | 99 | | 3 | 10k+ | | | Non-prefixed constant |
| #47 | MilesWeb Tools | 95 | 4 | 49 | 10k+ | | | Non-prefixed global variable |
| #48 | Shiptastic for WooCommerce | 29 | 136 | 630 | 10k+ | | | Non-prefixed global variable |
| #49 | Inspiro Starter Sites – 20+ Free Demo Templates for Gutenberg & Elementor | 35 | 6 | 200 | 10k+ | | | Non-prefixed global variable |
| #50 | Xagio SEO – AI Powered SEO | 29 | 1 | 1,268 | 10k+ | | | Direct Query |
