| #201 | Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) | 69 | 33 | 379 | 200k+ | | | Direct Query |
| #202 | Hostinger Reach – AI-Powered Email Marketing for WordPress | 40 | 9 | 46 | 1m+ | | | Direct Query |
| #203 | OttoKit: All-in-One Automation Platform | 25 | 1,536 | 1,825 | 90k+ | | | Missing direct file access protection |
| #204 | WebToffee EU Order Withdrawal Button for WooCommerce | 100 | | 0 | 500 | | | No open findings |
| #205 | ShopMagic – Twilio SMS | 35 | 2 | 10 | 800 | | | Non-prefixed global variable |
| #206 | pensopay Payments v2 | 59 | 413 | 32 | 1k+ | | | Non Singular String Literal Domain |
| #207 | Turbo Addons Elementor | 100 | | 2 | 2k+ | | | No PHP code found |
| #208 | Constant Contact Forms by MailMunch | 37 | 147 | 53 | 2k+ | | | wp function not compatible with requires wp |
| #209 | OSS Aliyun | 41 | 19 | 40 | 3k+ | | | Request data is not unslashed |
| #210 | MultiParcels Shipping For WooCommerce | 23 | 179 | 356 | 4k+ | | | Request data is not unslashed |
| #211 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 474 | 1,153 | 5k+ | | | Non-prefixed global variable |
| #212 | HashBar – Announcement, Notification Bar & Popup Campaign | 25 | 2,718 | 610 | 8k+ | | | Text Domain Mismatch |
| #213 | GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress | 23 | 3,621 | 2,744 | 10k+ | | | Output is not escaped |
| #214 | CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor | 37 | 47 | 90 | 40k+ | | | Dynamic hook name |
| #215 | Bulk Download for Gravity Forms | 35 | 5 | 2 | 400 | | | Hidden files included |
| #216 | WPC Frequently Bought Together for WooCommerce | 40 | 63 | 109 | 10k+ | | | Output is not escaped |
| #217 | Welcart e-Commerce | 22 | 10,378 | 10,931 | 10k+ | | | Text Domain Mismatch |
| #218 | FormLayer | 96 | | 2 | 50k+ | | | Nonce verification recommended |
| #219 | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | 24 | 652 | 1,495 | 60k+ | | | Non-prefixed hook name |
| #220 | Live Chat & AI Chatbot – onWebChat | 41 | 32 | 90 | 700 | | | error log error log |
| #221 | WP Helper Premium | 23 | 3,908 | 1,517 | 1k+ | | | Text Domain Mismatch |
| #222 | Pixelgrade Assistant | 30 | 1,350 | 153 | 2k+ | | | Text Domain Mismatch |
| #223 | Ziina | 35 | 10 | 25 | 2k+ | | | Input is not sanitized |
| #224 | WowStore – Store Builder & Product Blocks for WooCommerce | 36 | 66 | 429 | 4k+ | | | Non-prefixed global variable |
| #225 | Hostinger Tools | 81 | 14 | 22 | 3m+ | | | wp function not compatible with requires wp |
| #226 | Trusty Whistleblowing Solution | 44 | 234 | 16 | 400 | | | Text Domain Mismatch |
| #227 | WishSuite – Wishlist for WooCommerce | 38 | 76 | 133 | 1k+ | | | Output is not escaped |
| #228 | WP Simple HTML Sitemap | 99 | 2 | 3 | 3k+ | | | trademarked term |
| #229 | Cookie Banner for GDPR / CCPA – WPLP Cookie Consent | 24 | 1,211 | 1,930 | 9k+ | | | Non-prefixed global variable |
| #230 | Kubio AI Page Builder | 60 | 283 | 77 | 90k+ | | | Missing direct file access protection |
| #231 | Gianism | 29 | 391 | 154 | 700 | | | Text Domain Mismatch |
| #232 | WP OAuth Server ( Login with WordPress ) | 96 | 26 | 9 | 1k+ | | | wp function not compatible with requires wp |
| #233 | Real Thumbnail Generator: Efficient regeneration of thumbnails in all sizes | 85 | 5 | 58 | 1k+ | | | Non-prefixed constant |
| #234 | Real Category Management: Content Management in Category Folders | 79 | 4 | 73 | 2k+ | | | Non-prefixed constant |
| #235 | Real Custom Post Order: Create a custom order for your content | 89 | 1 | 19 | 8k+ | | | Non-prefixed global variable |
| #236 | Solace Extra | 99 | | 5 | 10k+ | | | Non-prefixed class |
| #237 | Conditional Fields for Elementor Form – Apply Conditional Logic | 94 | | 7 | 10k+ | | | Missing nonce verification |
| #238 | flowpaper | 59 | 13 | 31 | 10k+ | | | Non-prefixed function |
| #239 | Directorist: AI-Powered Business Directory, Listings & Classified Ads | 22 | 548 | 2,172 | 20k+ | | | Non-prefixed global variable |
| #240 | Cool FormKit Lite – Advanced Form Builder for Elementor | 94 | 5 | 24 | 20k+ | | | Non-prefixed constant |
| #241 | Real Media Library: Media Library Folder & File Manager | 47 | 1 | 365 | 100k+ | | | Direct Query |
| #242 | Real Cookie Banner: GDPR & ePrivacy Cookie Consent | 30 | 9 | 496 | 100k+ | | | Database parameter is not escaped |
| #243 | WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager | 88 | 27 | 33 | 3m+ | | | wp function not compatible with requires wp |
| #244 | Captivate Sync | 24 | 173 | 557 | 1k+ | | | Non-prefixed global variable |
| #245 | Snow Monkey Blocks | 92 | 87 | 173 | 30k+ | | | Non-prefixed global variable |
| #246 | Rich Showcase for Google Reviews | 33 | 213 | 278 | 100k+ | | | Output is not escaped |
| #247 | DesignSetGo | 35 | 7 | 1 | 4k+ | | | Hidden files included |
| #248 | Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations | 35 | 255 | 225 | 10k+ | | | Output is not escaped |
| #249 | Quttera ThreatSign – Web Malware Scanner for WordPress | 25 | 334 | 471 | 10k+ | | | Non-prefixed global variable |
| #250 | IP2Location Redirection | 33 | 198 | 122 | 8k+ | | | Output is not escaped |