| #101 | AI Builder | 83 | 3 | 5 | 400 | | | Output is not escaped |
| #102 | FlexStock – Product Stock Sync with Google Sheets for WooCommerce | 48 | | 241 | 700 | | | Direct Query |
| #103 | Pricing Table – Block – Show Product or Service Pricing in Table Format | 95 | | 7 | 2k+ | | | Non-prefixed global variable |
| #104 | Timetics – Appointment Booking Calendar & Scheduling System | 99 | 2 | 3 | 2k+ | | | wp function not compatible with requires wp |
| #105 | Payment Plugins for Stripe WooCommerce | 25 | 347 | 779 | 100k+ | | | Non-prefixed global variable |
| #106 | WishSuite – Wishlist for WooCommerce | 38 | 76 | 133 | 1k+ | | | Output is not escaped |
| #107 | Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress | 23 | 91 | 693 | 300k+ | | | Non-prefixed namespace |
| #108 | Better Badge – Custom Product Badges for WooCommerce | 48 | 21 | 47 | 500 | | | Non Singular String Literal Domain |
| #109 | WPC Price by Quantity for WooCommerce | 92 | | 37 | 1k+ | | | Non-prefixed global variable |
| #110 | AdRotate Banner Manager | 25 | 1,363 | 846 | 20k+ | | | Unsafe printing function |
| #111 | WP Plugin Info Card | 37 | 53 | 376 | 500 | | | Nonce verification recommended |
| #112 | Wallet for WooCommerce | 39 | 36 | 524 | 20k+ | | | Non-prefixed hook name |
| #113 | Code Engine – PHP Snippets, AI Functions & Automation for WordPress | 28 | 124 | 101 | 700 | | | Non Singular String Literal Domain |
| #114 | Lean Player – Video and Audio Player with Playlist for WordPress, Elementor and Gutenberg | 27 | 1,615 | 463 | 2k+ | | | Text Domain Mismatch |
| #115 | Flex Posts – Responsive Posts Block | 100 | | 0 | 3k+ | | | No open findings |
| #116 | WordLift – AI powered SEO – Schema | 19 | 393 | 955 | 400 | | | Non-prefixed hook name |
| #117 | FluentSnippets – High-Performance Code Snippets, Header & Footer Code, Custom CSS & PHP Code Manager | 56 | 31 | 27 | 50k+ | | | Nonce verification recommended |
| #118 | WIP Custom Login | 43 | 21 | 37 | 700 | | | Nonce verification recommended |
| #119 | Chatbox Manager | 38 | 855 | 78 | 400 | | | Output is not escaped |
| #120 | Advanced Product Fields (Product Addons) for WooCommerce | 39 | 145 | 145 | 50k+ | | | Output is not escaped |
| #121 | Easy Form Builder by WhiteStudio — Drag & Drop Form Builder | 24 | 194 | 383 | 1k+ | | | Nonce verification recommended |
| #122 | Accordion Slider | 29 | 391 | 447 | 2k+ | | | Unsafe printing function |
| #123 | Slider Pro | 28 | 583 | 527 | 4k+ | | | Unsafe printing function |
| #124 | g-FFL Checkout | 31 | 249 | 300 | 600 | | | Request data is not unslashed |
| #125 | Ultimate Cursor – Interactive and Animated Cursor and Background Effects Toolkit | 100 | | 1 | 3k+ | | | Non-prefixed constant |
| #126 | Booter – Bots & Crawlers Manager | 68 | | 81 | 7k+ | | | Non-prefixed global variable |
| #127 | Video Gallery – YouTube Gallery, Playlist & Video Grid | 25 | 275 | 1,066 | 2k+ | | | Non-prefixed hook name |
| #128 | Loggedin – Limit Concurrent Sessions | 100 | | 2 | 8k+ | | | Discouraged text-domain loading |
| #129 | Extra Product Options Builder for WooCommerce | 33 | 101 | 155 | 2k+ | | | Non-prefixed hook name |
| #130 | MarqueeX – Smooth Marquee Slider, News Ticker & Post Marquee for Block Editor & Elementor | 100 | | 1 | 600 | | | missing composer json file |
| #131 | Smart Image Resize for WooCommerce | 25 | 582 | 404 | 7k+ | | | Text Domain Mismatch |
| #132 | EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory | 100 | | 0 | 10k+ | | | No open findings |
| #133 | Sticky Elementor – Sticky Header, Menu Color After Sticky, Logo Swap & Back to Top Button | 94 | 1 | 0 | 400 | | | Output is not escaped |
| #134 | Data Exchange for WooCommerce and 1C:Enterprise/1С:Предприятие | 35 | 1 | 2 | 1k+ | | | Hidden files included |
| #135 | Album Gallery for Photo & Video | 81 | 5 | 118 | 4k+ | | | Non-prefixed global variable |
| #136 | Marquee Addons for Elementor – Essential Motion Widgets & Templates | 94 | 2 | 24 | 20k+ | | | Post Not In exclude |
| #137 | Portfolio Filter Gallery – Photo Gallery | 99 | 3 | 2 | 20k+ | | | Offloaded Content |
| #138 | GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites | 26 | 284 | 216 | 500 | | | badly named files |
| #139 | Cryptocurrency Widgets Pack | 40 | 222 | 52 | 700 | | | Unsafe printing function |
| #140 | Block for Mailchimp – Add Email Subscription Forms and Collect Leads | 100 | | 1 | 2k+ | | | Non-prefixed class |
| #141 | CodePeople Post Map for Google Maps | 37 | 257 | 31 | 3k+ | | | Unsafe printing function |
| #142 | CMS Tree Page View – Reorder Pages with a Drag-and-Drop Tree | 41 | 121 | 96 | 50k+ | | | Unsafe printing function |
| #143 | Grid Gallery – for Photo Gallery, Image Gallery & Portfolio | 46 | 7 | 74 | 1k+ | | | Request data is not unslashed |
| #144 | PiWeb Product Enquiry or product catalog for WooCommerce | 38 | 255 | 145 | 1k+ | | | Text Domain Mismatch |
| #145 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | 24 | 831 | 1,903 | 4k+ | | | Non-prefixed global variable |
| #146 | Image Gallery | 81 | 6 | 9 | 4k+ | | | Nonce verification recommended |
| #147 | External files in Media Library | 90 | 16 | 68 | 400 | | | Direct Query |
| #148 | Blocks Kit – Gutenberg Blocks for Freelancers | 93 | 1 | 8 | 500 | | | Non-prefixed constant |
| #149 | Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation | 100 | | 2 | 20k+ | | | Non-prefixed global symbol |
| #150 | Image Hover Effects – Elementor Addon | 64 | 117 | 7 | 40k+ | | | Text Domain Mismatch |
