| #201 | WP Crontrol | 41 | 20 | 91 | 300k+ | | | Nonce verification recommended |
| #202 | WP Go Maps – Google Map, OpenStreetMap, Leaflet Map | 25 | 4,996 | 1,008 | 300k+ | | | Unsafe printing function |
| #203 | Insert Headers And Footers | 34 | 83 | 113 | 300k+ | | | Non-prefixed global variable |
| #204 | WP Mail Logging | 34 | 76 | 258 | 300k+ | | | Nonce verification recommended |
| #205 | WP Reset | 96 | 8 | 31 | 300k+ | | | Non-prefixed global variable |
| #206 | WP Rollback – Rollback Plugins and Themes | 98 | 1 | 9 | 300k+ | | | Non-prefixed hook name |
| #207 | WP Activity Log | 27 | 96 | 230 | 300k+ | | | Nonce verification recommended |
| #208 | SEOPress – AI SEO Plugin & On-site SEO | 32 | 138 | 429 | 300k+ | | | Non-prefixed global variable |
| #209 | DearFlip – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer | 92 | 10 | 11 | 200k+ | | | Missing direct file access protection |
| #210 | Admin and Site Enhancements (ASE) | 23 | 136 | 330 | 200k+ | | | Nonce verification recommended |
| #211 | Adminimize | 29 | 296 | 691 | 200k+ | | | Non-prefixed global variable |
| #212 | Advanced Google reCAPTCHA | 97 | 3 | 15 | 200k+ | | | Non-prefixed global variable |
| #213 | All 404 Redirect to Homepage | 25 | 140 | 301 | 200k+ | | | date date |
| #214 | Activity Log – Monitor & Record User Changes | 38 | 81 | 149 | 200k+ | | | Nonce verification recommended |
| #215 | Astra Widgets | 86 | 10 | 15 | 200k+ | | | Missing direct file access protection |
| #216 | The SEO Framework – Fast, Automated, Effortless. | 31 | 363 | 609 | 200k+ | | | Non-prefixed global variable |
| #217 | Black Studio TinyMCE Widget | 40 | 39 | 28 | 200k+ | | | Output is not escaped |
| #218 | Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) | 69 | 33 | 368 | 200k+ | | | Direct Query |
| #219 | Call Now Button – The #1 Click to Call Button for WordPress | 37 | 1,273 | 5 | 200k+ | | | Exception output is not escaped |
| #220 | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | 21 | 462 | 654 | 200k+ | | | Text Domain Mismatch |
| #221 | CleanTalk Anti-Spam. Spam Firewall & Bot protection | 24 | 825 | 1,079 | 200k+ | | | Missing nonce verification |
| #222 | Cloudflare | 35 | 27 | 85 | 200k+ | | | Non-prefixed namespace |
| #223 | CMP – Coming Soon & Maintenance Plugin by NiteoThemes | 24 | 949 | 1,336 | 200k+ | | | Non-prefixed global variable |
| #224 | Crowdsignal Forms | 100 | | 0 | 200k+ | | | No open findings |
| #225 | Smash Balloon Social Post Feed – Simple Social Feeds for WordPress | 25 | 554 | 982 | 200k+ | | | Output is not escaped |
| #226 | Custom Post Type Permalinks | 35 | 8 | 4 | 200k+ | | | Setting is missing a sanitization callback |
| #227 | Disable XML-RPC | 100 | 1 | 0 | 200k+ | | | Missing direct file access protection |
| #228 | Firelight Lightbox | 51 | 78 | 97 | 200k+ | | | Non-prefixed global variable |
| #229 | Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns | 24 | 120 | 684 | 200k+ | | | Non-prefixed global variable |
| #230 | Instant Indexing for Google | 35 | 13 | 62 | 200k+ | | | Non-prefixed global variable |
| #231 | Favicon by RealFaviconGenerator | 97 | 10 | 18 | 200k+ | | | Non-prefixed constant |
| #232 | FileBird – WordPress Media Library Folders & File Manager | 24 | 239 | 377 | 200k+ | | | wp function not compatible with requires wp |
| #233 | FileOrganizer – WordPress File Manager | 21 | 536 | 241 | 200k+ | | | unlink unlink |
| #234 | Force Regenerate Thumbnails | 35 | 12 | 17 | 200k+ | | | unlink unlink |
| #235 | GenerateBlocks | 97 | 9 | 8 | 200k+ | | | file system operations is writable |
| #236 | Header and Footer Scripts | 99 | 2 | 1 | 200k+ | | | Non-prefixed class |
| #237 | Imsanity | 35 | 32 | 29 | 200k+ | | | Direct Query |
| #238 | iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more | 60 | 405 | 271 | 200k+ | | | Text Domain Mismatch |
| #239 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | | | Exception output is not escaped |
| #240 | Jetpack Boost – Website Speed, Performance and Critical CSS | 29 | 659 | 247 | 200k+ | | | Text Domain Mismatch |
| #241 | Layout Grid Block | 98 | 5 | 1 | 200k+ | | | Missing direct file access protection |
| #242 | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | 97 | 6 | 4 | 200k+ | | | Missing direct file access protection |
| #243 | LoginPress | wp-login Custom Login Page Customizer | 55 | 124 | 301 | 200k+ | | | Non-prefixed function |
| #244 | Mailchimp for WooCommerce | 24 | 523 | 663 | 200k+ | | | Non-prefixed global variable |
| #245 | MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall | 82 | 55 | 22 | 200k+ | | | Missing direct file access protection |
| #246 | Microsoft Clarity | 36 | 48 | 163 | 200k+ | | | Nonce verification recommended |
| #247 | Migrate Guru – Site Migration & Cloning | 81 | 7 | 8 | 200k+ | | | Database parameter is not escaped |
| #248 | MW WP Form | 27 | 334 | 219 | 200k+ | | | Output is not escaped |
| #249 | Newsletter – Send awesome emails from WordPress | 24 | 898 | 2,214 | 200k+ | | | Non-prefixed global variable |
| #250 | Nextend Social Login and Register | 27 | 1,668 | 243 | 200k+ | | | Output is not escaped |
