| #1 | FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler | 25 | 318 | 462 | 7k+ | | | Non-prefixed global variable |
| #2 | The Courier Guy Shipping for WooCommerce | 35 | 57 | 107 | 3k+ | | | Missing nonce verification |
| #3 | ActiveCampaign for WooCommerce | 26 | 541 | 190 | 6k+ | | | Exception output is not escaped |
| #4 | Alma – Pay in installments or later for WooCommerce | 41 | 116 | 68 | 1k+ | | | Exception output is not escaped |
| #5 | AppScenic – Smart AI Dropshipping | 70 | 16 | 41 | 3k+ | | | Dynamic hook name |
| #6 | Bold pagos en linea | 89 | 4 | 32 | 4k+ | | | Non-prefixed global variable |
| #7 | Bulky – Bulk Edit Products for WooCommerce | 81 | 3 | 21 | 10k+ | | | Non-prefixed hook name |
| #8 | CDEKDelivery | 37 | 98 | 75 | 2k+ | | | Exception output is not escaped |
| #9 | Channel.io | 64 | 14 | 3 | 1k+ | | | Output is not escaped |
| #10 | Contact Form 7 – PayPal & Stripe Add-on | 30 | 385 | 233 | 7k+ | | | Unsafe printing function |
| #11 | Continue Shopping for WooCommerce | 73 | 9 | 20 | 5k+ | | | Input is not sanitized |
| #12 | Nexi Checkout | 35 | 45 | 308 | 3k+ | | | Dynamic hook name |
| #13 | Disable WooCommerce Reviews | 93 | 2 | 4 | 2k+ | | | trademarked term |
| #14 | Download Manager | 22 | 2,290 | 1,301 | 100k+ | | | Output is not escaped |
| #15 | Download Monitor | 19 | 425 | 1,364 | 80k+ | | | Non-prefixed hook name |
| #16 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | | | Non-prefixed namespace |
| #17 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | | | Unsafe printing function |
| #18 | eCommerce Product Catalog Plugin for WordPress | 24 | 621 | 3,177 | 7k+ | | | Non-prefixed function |
| #19 | Ecwid by Lightspeed Ecommerce Shopping Cart | 23 | 339 | 307 | 20k+ | | | Missing direct file access protection |
| #20 | Force Default Variant for WooCommerce | 97 | 7 | 0 | 3k+ | | | Missing direct file access protection |
| #21 | GazChap's WooCommerce Auto Category Product Thumbnails | 85 | 4 | 8 | 1k+ | | | trademarked term |
| #22 | GetResponse Official | 100 | | 0 | 4k+ | | | No open findings |
| #23 | GoDaddy Payments for WooCommerce | 38 | 58 | 65 | 2k+ | | | Output is not escaped |
| #24 | iConvert Promoter | 57 | 98 | 217 | 1k+ | | | Non-prefixed global variable |
| #25 | iyzico for WooCommerce | 42 | 34 | 54 | 10k+ | | | Unsafe printing function |
| #26 | Kustom Checkout for WooCommerce | 35 | 82 | 497 | 10k+ | | | Dynamic hook name |
| #27 | Klarna for WooCommerce | 26 | 284 | 507 | 30k+ | | | Dynamic hook name |
| #28 | Mailchimp for WooCommerce | 24 | 523 | 663 | 200k+ | | | Non-prefixed global variable |
| #29 | Mollie Payments for WooCommerce | 33 | 70 | 123 | 100k+ | | | Dynamic hook name |
| #30 | Moosend Website Connector | 64 | 15 | 12 | 1k+ | | | Non Singular String Literal Domain |
| #31 | Multibanco, MB WAY, Credit card, Apple Pay, Google Pay, Payshop, Cofidis Pay, and PIX (ifthenpay) for WooCommerce | 95 | | 86 | 8k+ | | | Non-prefixed function |
| #32 | MyBookTable Bookstore by Stormhill Media | 82 | 15 | 33 | 1k+ | | | Direct Query |
| #33 | NIF (Num. de Contribuinte Português) for WooCommerce | 98 | 2 | 9 | 5k+ | | | Non-prefixed constant |
| #34 | Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation | 32 | 462 | 41 | 1m+ | | | Text Domain Mismatch |
| #35 | Order Tip for WooCommerce | 93 | 42 | 68 | 2k+ | | | Non-prefixed global variable |
| #36 | Pagar.me para WooCommerce | 24 | 549 | 116 | 5k+ | | | Text Domain Mismatch |
| #37 | Pay in Store WooCommerce Payment Gateway | 88 | 23 | 6 | 2k+ | | | Text Domain Mismatch |
| #38 | Payfast Gateway for WooCommerce | 81 | 2 | 18 | 2k+ | | | Missing nonce verification |
| #39 | PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin | 24 | 449 | 1,137 | 300k+ | | | Nonce verification recommended |
| #40 | Quiz Builder for WooCommerce – Product Recommendations | 99 | | 21 | 2k+ | | | Non-prefixed constant |
| #41 | Product Variations Swatches for WooCommerce | 67 | 8 | 136 | 10k+ | | | Non-prefixed global variable |
| #42 | Refer A Friend for WooCommerce by WPGens | 55 | 77 | 21 | 1k+ | | | Text Domain Mismatch |
| #43 | Robokassa payment gateway for Woocommerce | 27 | 95 | 211 | 3k+ | | | Non-prefixed global variable |
| #44 | Search by SKU for Woocommerce | 69 | 13 | 10 | 10k+ | | | Direct Query |
| #45 | Simple Catalog for WooCommerce | 87 | 2 | 4 | 1k+ | | | wp redirect wp redirect |
| #46 | Smart Variations Images & Swatches for WooCommerce | 24 | 990 | 1,486 | 1k+ | | | Non-prefixed global variable |
| #47 | Storefront Footer Bar | 91 | 6 | 2 | 3k+ | | | Missing Arg Domain |
| #48 | Storefront Hamburger Menu | 85 | 9 | 1 | 2k+ | | | Output is not escaped |
| #49 | Storefront Product Sharing | 72 | 13 | 3 | 5k+ | | | Output is not escaped |
| #50 | Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation | 37 | 42 | 33 | 10k+ | | | Output is not escaped |
