| #1 | Shopping Cart & eCommerce Store | 18 | 5,459 | 17,298 | 4k+ | | | Non-prefixed global variable |
| #2 | Download Monitor | 19 | 425 | 1,364 | 80k+ | | | Non-prefixed hook name |
| #3 | SureCart – Ecommerce Made Easy For Selling Physical Products, Digital Downloads, Subscriptions, Donations, & Payments | 19 | 526 | 1,119 | 90k+ | | | Non-prefixed global variable |
| #4 | Razorpay for Gravity Forms | 21 | 411 | 47 | 600 | | | Exception output is not escaped |
| #5 | Testerwp ecommerce companion | 21 | 811 | 436 | 1k+ | | | Text Domain Mismatch |
| #6 | Premium Packages – Sell Digital Products Securely | 21 | 2,765 | 2,444 | 3k+ | | | Output is not escaped |
| #7 | Download Manager | 22 | 2,290 | 1,301 | 100k+ | | | Output is not escaped |
| #8 | WooCommerce | 22 | 1,359 | 6,171 | 7m+ | | | Non-prefixed global variable |
| #9 | Simple Shopping Cart | 22 | 796 | 536 | 10k+ | | | Unsafe printing function |
| #10 | WP Express Checkout (Fast Payments via PayPal & Stripe) | 22 | 591 | 627 | 1k+ | | | Output is not escaped |
| #11 | ShopWP | 22 | 430 | 225 | 700 | | | Text Domain Mismatch |
| #12 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | | | Non-prefixed namespace |
| #13 | Ecwid by Lightspeed Ecommerce Shopping Cart | 23 | 339 | 307 | 20k+ | | | Missing direct file access protection |
| #14 | PayPal Brasil para WooCommerce | 23 | 554 | 328 | 1k+ | | | Unsafe printing function |
| #15 | StoreCustomizer – A plugin to Customize all WooCommerce Pages | 23 | 587 | 1,426 | 20k+ | | | Non-prefixed global variable |
| #16 | eCommerce Product Catalog Plugin for WordPress | 24 | 621 | 3,177 | 7k+ | | | Non-prefixed function |
| #17 | Mailchimp for WooCommerce | 24 | 523 | 663 | 200k+ | | | Non-prefixed global variable |
| #18 | Pagar.me para WooCommerce | 24 | 549 | 116 | 5k+ | | | Text Domain Mismatch |
| #19 | PrettyLinks – Affiliate Links, Link Branding, Link Tracking, Marketing and Stripe Payments Plugin | 24 | 449 | 1,137 | 300k+ | | | Nonce verification recommended |
| #20 | Smart Variations Images & Swatches for WooCommerce | 24 | 990 | 1,486 | 1k+ | | | Non-prefixed global variable |
| #21 | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | 24 | 149 | 482 | 600 | | | Non-prefixed global variable |
| #22 | TI WooCommerce Wishlist | 24 | 467 | 546 | 100k+ | | | Output is not escaped |
| #23 | AgenWebsite Shipping – Plugin Ongkos Kirim & Generate Resi Otomatis Semua Kurir Indonesia | 24 | 1,199 | 1,041 | 500 | | | Text Domain Mismatch |
| #24 | WPML Multilingual & Multicurrency for WooCommerce | 24 | 1,453 | 1,618 | 100k+ | | | SQL query is not prepared |
| #25 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | 24 | 2,576 | 2,103 | 100k+ | | | Output is not escaped |
| #26 | FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler | 25 | 319 | 466 | 7k+ | | | Non-prefixed global variable |
| #27 | ActiveCampaign for WooCommerce | 26 | 541 | 190 | 6k+ | | | Exception output is not escaped |
| #28 | Accept Donations with PayPal & Stripe | 26 | 916 | 572 | 10k+ | | | Unsafe printing function |
| #29 | FlagShip WooCommerce Shipping | 26 | 495 | 188 | 400 | | | Non Singular String Literal Domain |
| #30 | Klarna for WooCommerce | 26 | 284 | 507 | 30k+ | | | Dynamic hook name |
| #31 | Robokassa payment gateway for Woocommerce | 27 | 95 | 211 | 3k+ | | | Non-prefixed global variable |
| #32 | Verge3D Publishing and E-Commerce | 27 | 245 | 298 | 400 | | | Nonce verification recommended |
| #33 | WC Booster | 27 | 191 | 282 | 800 | | | Non-prefixed global variable |
| #34 | PlatiOnline Payments | 29 | 304 | 110 | 700 | | | Output is not escaped |
| #35 | Global Payments SecureSubmit Gateway | 29 | 199 | 443 | 600 | | | Non-prefixed class |
| #36 | Contact Form 7 – PayPal & Stripe Add-on | 30 | 385 | 233 | 7k+ | | | Unsafe printing function |
| #37 | WCPOS – Point of Sale (POS) plugin for WooCommerce | 30 | 77 | 228 | 5k+ | | | Nonce verification recommended |
| #38 | YITH WooCommerce Product Slider Carousel | 30 | 389 | 1,479 | 4k+ | | | Non-prefixed global variable |
| #39 | Express Checkout via PayPal for WooCommerce | 31 | 158 | 200 | 800 | | | Nonce verification recommended |
| #40 | Worldline Global Online Pay for WooCommerce | 31 | 160 | 86 | 500 | | | Missing direct file access protection |
| #41 | Popup Builder & Popup Maker for WordPress – OptinMonster Email Marketing and Lead Generation | 32 | 462 | 41 | 1m+ | | | Text Domain Mismatch |
| #42 | Gravity Forms Eway | 33 | 519 | 45 | 500 | | | Missing Translators Comment |
| #43 | Mollie Payments for WooCommerce | 33 | 70 | 123 | 100k+ | | | Dynamic hook name |
| #44 | Newebpay Payment | 33 | 146 | 115 | 600 | | | Text Domain Mismatch |
| #45 | Live Sales Notification (Recent Sales Popups) | 33 | 114 | 120 | 400 | | | SQL query is not prepared |
| #46 | Mercado Pago payments for WooCommerce | 33 | 618 | 63 | 100k+ | | | Short PHP open tag found |
| #47 | WPoperation Elementor Addons | 33 | 891 | 52 | 1k+ | | | Text Domain Mismatch |
| #48 | Beeketing for WooCommerce – Marketing Automation to Boost Sales | 34 | 113 | 123 | 600 | | | SQL query is not prepared |
| #49 | MailerLite – WooCommerce integration | 34 | 64 | 36 | 30k+ | | | Output is not escaped |
| #50 | Nexi Checkout | 35 | 45 | 308 | 3k+ | | | Dynamic hook name |
