| #1 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | | | Output is not escaped |
| #2 | Wordfence Security – Firewall, Malware Scan, and Login Security | 21 | 1,592 | 2,973 | 5m+ | | | Output is not escaped |
| #3 | Anti-Malware Security and Brute-Force Firewall | 22 | 544 | 965 | 100k+ | | | Output is not escaped |
| #4 | NinjaFirewall (WP Edition) – Advanced Security Plugin and Firewall | 22 | 1,265 | 2,065 | 100k+ | | | Non-prefixed global variable |
| #5 | IP Geo Block | 23 | 399 | 589 | 9k+ | | | Output is not escaped |
| #6 | Patchstack – WordPress & Plugins Security | 23 | 107 | 489 | 40k+ | | | Missing nonce verification |
| #7 | Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning | 23 | 1,118 | 202 | 40k+ | | | Missing Translators Comment |
| #8 | All-In-One Security (AIOS) – Security and Firewall | 24 | 552 | 1,228 | 1m+ | | | Non-prefixed global variable |
| #9 | Defender Security – Malware Scanner, Login Security & Firewall | 24 | 306 | 518 | 80k+ | | | Non-prefixed namespace |
| #10 | RSFirewall! | 24 | 563 | 521 | 4k+ | | | Output is not escaped |
| #11 | Security Plugin, Firewall & Malware Scanner with Auto Removal | 24 | 1,191 | 769 | 30k+ | | | Output is not escaped |
| #12 | Limit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention | 25 | 618 | 605 | 1m+ | | | Unsafe printing function |
| #13 | Security Ninja – WordPress Security & Firewall | 29 | 149 | 347 | 7k+ | | | Direct Query |
| #14 | Zero Spam for WordPress | 34 | 79 | 393 | 20k+ | | | Non-prefixed global variable |
| #15 | Security Optimizer – The All-In-One Protection Plugin | 35 | 40 | 82 | 1m+ | | | Request data is not unslashed |
| #16 | Advanced IP Blocker | 40 | 94 | 44 | 2k+ | | | Exception output is not escaped |
| #17 | BBQ Firewall – Fast & Powerful Firewall Security | 44 | 17 | 17 | 100k+ | | | Output is not escaped |
| #18 | Forget Spam Comment | 67 | 5 | 10 | 10k+ | | | Input is not sanitized |
| #19 | MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall | 82 | 55 | 22 | 200k+ | | | Missing direct file access protection |
| #20 | WP Ghost (Hide My WP Ghost) – Security & Firewall | 85 | 6 | 373 | 100k+ | | | Non-prefixed global variable |
| #21 | Login Lockdown & Protection | 94 | 5 | 15 | 100k+ | | | Non-prefixed global variable |
| #22 | Sucuri Security – Auditing, Malware Scanner and Security Hardening | 94 | 52 | 5 | 600k+ | | | Missing direct file access protection |
| #23 | BotBlocker Security – Firewall & Bot Protection | 99 | | 5 | 3k+ | | | Non-prefixed constant |
