| #10001 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | | | Output is not escaped |
| #10002 | CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) | 87 | 1 | 291 | 1m+ | | | Non-prefixed global variable |
| #10003 | WP Super Cache | 25 | 800 | 989 | 1m+ | | | Output is not escaped |
| #10004 | Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] | 53 | 15 | 46 | 1m+ | | | Non-prefixed global variable |
| #10005 | Loco Translate | 26 | 454 | 242 | 1m+ | | | Output is not escaped |
| #10006 | Advanced Editor Tools | 41 | 143 | 84 | 1m+ | | | Unsafe printing function |
| #10007 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | | | Output is not escaped |
| #10008 | WPS Hide Login | 41 | 34 | 72 | 2m+ | | | Nonce verification recommended |
| #10009 | Classic Widgets | 97 | 2 | 3 | 2m+ | | | outdated tested upto header |
| #10010 | WordPress Importer | 25 | 238 | 110 | 2m+ | | | Output is not escaped |
| #10011 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | | | Missing Translators Comment |
| #10012 | Duplicate Page | 40 | 39 | 43 | 3m+ | | | Unsafe printing function |
| #10013 | UpdraftPlus: WP Backup & Migration Plugin | 24 | 277 | 299 | 3m+ | | | Non-prefixed global variable |
| #10014 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | | | Non-prefixed global variable |
| #10015 | LiteSpeed Cache | 35 | 286 | 893 | 7m+ | | | Non-prefixed global variable |
| #10016 | Classic Editor | 63 | 17 | 7 | 9m+ | | | Unsafe printing function |
| #10017 | Contact Form 7 | 69 | 56 | 39 | 10m+ | | | Missing direct file access protection |