| #1 | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | 29 | 148 | 246 | 5k+ | | | Unsafe printing function |
| #2 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,625 | 2,458 | 10k+ | | | Output is not escaped |
| #3 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | 83 | 2 | 73 | 60k+ | | | Direct Query |
| #4 | Smartarget – Chat Buttons & Engagement Apps | 68 | 31 | 11 | 1k+ | | | Non Singular String Literal Domain |
| #5 | WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation | 74 | 11 | 60 | 1k+ | | | Database parameter is not escaped |
| #6 | Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder | 55 | 54 | 692 | 700k+ | | | Non-prefixed hook name |
| #7 | Live Sales Notification (Recent Sales Popups) | 33 | 114 | 120 | 400 | | | SQL query is not prepared |
| #8 | AI Popup | 23 | 1,224 | 636 | 400 | | | Text Domain Mismatch |
| #9 | Really Simple Popup | 98 | 2 | 4 | 400 | | | Missing Version |
| #10 | Fastest Age Verification | 99 | 1 | 0 | 500 | | | outdated tested upto header |
| #11 | Get a Newsletter | 35 | 138 | 144 | 400 | | | Output is not escaped |
| #12 | Easy GDPR Consent Forms – MailChimp | 57 | 72 | 22 | 500 | | | Text Domain Mismatch |
| #13 | Zotabox – 20+ Promotional Sales tools to boost your subscribers and sales | 94 | 12 | 8 | 500 | | | wp function not compatible with requires wp |
| #14 | Light Modal Block | 99 | 1 | 1 | 2k+ | | | Missing direct file access protection |
| #15 | Simple Popup Block | 35 | 14 | 1 | 500 | | | Missing direct file access protection |
| #16 | Gist All-In-One Marketing – Live Chat, Popups, Email | 69 | 24 | 11 | 500 | | | Output is not escaped |
| #17 | I Agree! Popups | 40 | 54 | 46 | 600 | | | Output is not escaped |
| #18 | Alligator Menu Popup | 87 | 4 | 1 | 600 | | | Missing Arg Domain |
| #19 | WPBean Form Popup for WPForms and Contact Form 7 – Create Popup Forms Easily | 94 | | 22 | 600 | | | Direct Query |
| #20 | Popupsmart | 79 | 28 | 2 | 600 | | | Output is not escaped |
| #21 | Modal Builder Block | 97 | 4 | 2 | 700 | | | Missing direct file access protection |
| #22 | Legal Terms and Conditions Popup for User Login and WooCommerce Checkout | 23 | 524 | 237 | 700 | | | Output is not escaped |
| #23 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | 24 | 482 | 1,253 | 50k+ | | | Non-prefixed global variable |
| #24 | Popup for Elementor | 100 | | 2 | 700 | | | Non-prefixed function |
| #25 | Popup Block | 98 | 6 | 2 | 700 | | | Missing direct file access protection |
| #26 | Floating Awesome Button (Sticky Button, Popup, Toast) & 200+ Website Custom Interactive Element | 43 | 66 | 109 | 800 | | | Missing direct file access protection |
| #27 | WP IE Buster | 71 | 13 | 3 | 800 | | | Output is not escaped |
| #28 | Popup for Contact Form 7 | 73 | 13 | 7 | 800 | | | Setting is missing a sanitization callback |
| #29 | OffCanvas / Drawer – Responsive Slide-In Drawer & Popup System | 92 | 6 | 2 | 900 | | | Missing direct file access protection |
| #30 | Nelio Popups | 99 | 5 | 0 | 900 | | | Missing direct file access protection |
| #31 | Popup with fancybox | 35 | 196 | 168 | 1k+ | | | Unsafe printing function |
| #32 | WP Popup | 32 | 539 | 65 | 1k+ | | | Text Domain Mismatch |
| #33 | Popup addon for Ninja Forms | 40 | 121 | 25 | 1k+ | | | Output is not escaped |
| #34 | Wikipedia Preview | 96 | 8 | 15 | 1k+ | | | Non-prefixed function |
| #35 | Easy Lightbox – Image, Gallery and Video Lightbox for WordPress | 97 | 2 | 5 | 1k+ | | | trademarked term |
| #36 | Gutena Video Lightbox | 97 | 7 | 2 | 1k+ | | | Missing Arg Domain |
| #37 | Content Blocks Builder – Create blocks, repeater blocks with carousel, grid, popup layouts | 98 | | 38 | 1k+ | | | Non-prefixed hook name |
| #38 | MakeITeasy Popup | 99 | 3 | 0 | 1k+ | | | Missing direct file access protection |
| #39 | Simple Popup Plugin | 47 | 53 | 5 | 1k+ | | | Output is not escaped |
| #40 | Poptin – Email Marketing Automation, Newsletter & Exit Pop Ups, Email Popups | 35 | 168 | 29 | 20k+ | | | Output is not escaped |
| #41 | All In One Lightbox – Display Images, Audio, and Video in Popups | 100 | | 0 | 3k+ | | | No open findings |
| #42 | YITH WooCommerce Popup | 30 | 395 | 1,551 | 2k+ | | | Non-prefixed global variable |
| #43 | Promolayer – Popup Builder & Abandonment Preventer | 99 | 2 | 0 | 1k+ | | | Non Enqueued Script |
| #44 | Claspo – Popups, Spin the Wheel & Email Capture | 78 | 107 | 16 | 1k+ | | | wp function not compatible with requires wp |
| #45 | Simple Image Popup | 73 | 21 | 5 | 1k+ | | | Output is not escaped |
| #46 | RS Template Builder For Elementor – Complete Control Over Headers, Footers & More | 76 | 11 | 56 | 1k+ | | | Post Not In exclude |
| #47 | Email Subscription Popup — Newsletter & GDPR Consent | 35 | 683 | 193 | 1k+ | | | Output is not escaped |
| #48 | iConvert Promoter | 57 | 98 | 217 | 1k+ | | | Non-prefixed global variable |
| #49 | Disclaimer Popup | 37 | 313 | 53 | 1k+ | | | Text Domain Mismatch |
| #50 | Slick Popup: Contact Form 7 Popup Plugin | 22 | 2,322 | 316 | 2k+ | | | Text Domain Mismatch |