| #9901 | Limit Login Attempts | 40 | 81 | 38 | 300k+ | | | Output is not escaped |
| #9902 | PDF Embedder | 91 | 1 | 7 | 300k+ | | | Non-prefixed class |
| #9903 | Easy Updates Manager | 48 | 13 | 182 | 300k+ | | | Non-prefixed global variable |
| #9904 | Members – Membership & User Role Editor Plugin | 33 | 234 | 244 | 300k+ | | | Output is not escaped |
| #9905 | CMB2 | 36 | 148 | 19 | 300k+ | | | Output is not escaped |
| #9906 | WP Activity Log | 27 | 96 | 230 | 300k+ | | | Nonce verification recommended |
| #9907 | Simple History – Track, Log, and Audit WordPress Changes | 35 | 32 | 122 | 300k+ | | | Non-prefixed global variable |
| #9908 | AddToAny Share Buttons | 37 | 123 | 164 | 300k+ | | | Unsafe printing function |
| #9909 | Really Simple CAPTCHA | 98 | 2 | 2 | 300k+ | | | Non-prefixed constant |
| #9910 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | 54 | 344 | 93 | 300k+ | | | Offloaded Content |
| #9911 | 301 Redirects – Redirect Manager | 88 | 6 | 71 | 300k+ | | | Non-prefixed global variable |
| #9912 | Variation Swatches for WooCommerce | 59 | 11 | 64 | 300k+ | | | Non-prefixed global variable |
| #9913 | Page Builder Gutenberg Blocks – CoBlocks | 50 | 167 | 36 | 300k+ | | | block api version too low |
| #9914 | WP Crontrol | 41 | 20 | 91 | 300k+ | | | Nonce verification recommended |
| #9915 | Child Theme Configurator | 32 | 442 | 267 | 300k+ | | | Unsafe printing function |
| #9916 | Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails | 26 | 51 | 325 | 300k+ | | | Direct Query |
| #9917 | WP Mail Logging | 34 | 76 | 258 | 300k+ | | | Nonce verification recommended |
| #9918 | WP Reset | 96 | 8 | 31 | 300k+ | | | Non-prefixed global variable |
| #9919 | Duplicate Post | 27 | 447 | 274 | 300k+ | | | Unsafe printing function |
| #9920 | WebP Express | 21 | 160 | 427 | 300k+ | | | Non-prefixed global variable |
| #9921 | Max Mega Menu | 37 | 249 | 174 | 300k+ | | | Output is not escaped |
| #9922 | CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7 | 24 | 1,034 | 1,396 | 300k+ | | | Non-prefixed global variable |
| #9923 | Admin Menu Editor | 32 | 159 | 233 | 300k+ | | | Non-prefixed global variable |
| #9924 | Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! | 24 | 167 | 222 | 400k+ | | | Nonce verification recommended |
| #9925 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | 26 | 113 | 671 | 400k+ | | | Non-prefixed global variable |
| #9926 | Custom Fonts – Host Your Fonts Locally | 77 | 14 | 20 | 400k+ | | | Request data is not unslashed |
| #9927 | Intuitive Custom Post Order | 75 | 19 | 96 | 400k+ | | | Direct Query |
| #9928 | CookieAdmin – Cookie Consent Banner | 37 | 43 | 86 | 400k+ | | | Nonce verification recommended |
| #9929 | Redis Object Cache | 28 | 151 | 103 | 400k+ | | | Exception output is not escaped |
| #9930 | Template Kit – Import | 77 | 41 | 60 | 400k+ | | | Non-prefixed global variable |
| #9931 | Happy Addons for Elementor | 23 | 573 | 444 | 400k+ | | | Output is not escaped |
| #9932 | GA Google Analytics – Connect Google Analytics to WordPress | 42 | 46 | 30 | 400k+ | | | Output is not escaped |
| #9933 | Shortcodes Ultimate – Content Elements | 24 | 656 | 1,552 | 400k+ | | | Non-prefixed global variable |
| #9934 | WooCommerce Legacy REST API | 31 | 324 | 177 | 400k+ | | | Missing Translators Comment |
| #9935 | Font Awesome | 89 | 21 | 3 | 400k+ | | | Missing direct file access protection |
| #9936 | AMP | 43 | 63 | 362 | 400k+ | | | Non-prefixed hook name |
| #9937 | YITH WooCommerce Wishlist | 24 | 448 | 1,486 | 400k+ | | | Non-prefixed global variable |
| #9938 | Checkout Field Editor (Checkout Manager) for WooCommerce | 41 | 9 | 88 | 400k+ | | | Nonce verification recommended |
| #9939 | LightStart – Maintenance Mode, Coming Soon and Landing Page Builder | 34 | 42 | 312 | 400k+ | | | Request data is not unslashed |
| #9940 | PixelYourSite – Your smart PIXEL (TAG) & API Manager | 24 | 1,160 | 2,407 | 500k+ | | | Non-prefixed namespace |
| #9941 | WP-PageNavi | 35 | 84 | 95 | 500k+ | | | Non Singular String Literal Domain |
| #9942 | SiteSEO – SEO Simplified | 41 | 20 | 110 | 500k+ | | | Nonce verification recommended |
| #9943 | Converter for Media – Optimize images | Convert WebP & AVIF | 35 | 133 | 53 | 500k+ | | | curl curl setopt |
| #9944 | Category Order and Taxonomy Terms Order | 76 | 35 | 10 | 500k+ | | | wp function not compatible with requires wp |
| #9945 | Meta Box | 96 | 5 | 16 | 500k+ | | | Non-prefixed hook name |
| #9946 | Ally – Web Accessibility & Usability | 41 | 47 | 35 | 500k+ | | | Output is not escaped |
| #9947 | Extendify | 35 | 117 | 168 | 500k+ | | | Non-prefixed global variable |
| #9948 | Broken Link Checker | 25 | 727 | 600 | 500k+ | | | Output is not escaped |
| #9949 | Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider | 22 | 207 | 323 | 500k+ | | | Non-prefixed global variable |
| #9950 | GoSMTP – SMTP for WordPress | 39 | 59 | 42 | 500k+ | | | Output is not escaped |