| #1 | Themify Builder | 9 | 5,195 | 2,096 | 5k+ | | Text Domain Mismatch |
| #2 | Podlove Podcast Publisher | 18 | 2,326 | 1,429 | 3k+ | | Output is not escaped |
| #3 | Download Monitor | 19 | 425 | 1,364 | 80k+ | | Non-prefixed hook name |
| #4 | Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) | 19 | 3,275 | 3,228 | 10k+ | | Output is not escaped |
| #5 | Membership Plugin – Kadence Memberships | 19 | 5,082 | 2,982 | 9k+ | | Text Domain Mismatch |
| #6 | SendPress Newsletters | 19 | 2,293 | 1,422 | 2k+ | | Output is not escaped |
| #7 | BetterDocs – AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot | 20 | 508 | 1,406 | 30k+ | | Non-prefixed global variable |
| #8 | Brizy – Page Builder | 20 | 589 | 720 | 70k+ | | Output is not escaped |
| #9 | Filter Everything — WordPress & WooCommerce Filters | 20 | 568 | 730 | 50k+ | | Output is not escaped |
| #10 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,435 | 3,580 | 100k+ | | Output is not escaped |
| #11 | Link Library | 20 | 1,941 | 1,397 | 10k+ | | Unsafe printing function |
| #12 | Robin Image Optimizer – Unlimited Image Optimization, WebP & AVIF | 20 | 557 | 541 | 100k+ | | Output is not escaped |
| #13 | EventPrime – Events Calendar, Bookings and Tickets | 21 | 872 | 4,297 | 7k+ | | Non-prefixed global variable |
| #14 | MotoPress Hotel Booking | 21 | 3,061 | 1,037 | 10k+ | | Text Domain Mismatch |
| #15 | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor | 21 | 696 | 1,483 | 50k+ | | Nonce verification recommended |
| #16 | PublishPress Planner – Editorial Calendar, Marketing Content, Kanban Board | 21 | 603 | 890 | 6k+ | | Output is not escaped |
| #17 | WCFM – Frontend Manager for WooCommerce | 21 | 4,721 | 5,067 | 20k+ | | Non-prefixed global variable |
| #18 | WP phpMyAdmin | 21 | 4,528 | 6,435 | 50k+ | | Missing Arg Domain |
| #19 | Advanced Classifieds & Directory Pro | 22 | 1,229 | 3,511 | 2k+ | | Non-prefixed global variable |
| #20 | All-in-One Video Gallery | 22 | 911 | 2,892 | 20k+ | | Non-prefixed global variable |
| #21 | Knowledge Base documentation & wiki plugin – BasePress Docs | 22 | 671 | 1,767 | 2k+ | | Non-prefixed global variable |
| #22 | Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer | 22 | 2,858 | 1,270 | 50k+ | | Text Domain Mismatch |
| #23 | Directorist: AI-Powered Business Directory, Listings & Classified Ads | 22 | 443 | 2,129 | 20k+ | | Non-prefixed global variable |
| #24 | Easy Social Feed – Social Photos Gallery and Post Feed for WordPress | 22 | 1,567 | 1,277 | 30k+ | | Non-prefixed global variable |
| #25 | Estatik Real Estate Plugin | 22 | 3,049 | 325 | 10k+ | | Text Domain Mismatch |
| #26 | Events Manager – Calendar, Bookings, Tickets, and more! | 22 | 4,722 | 5,621 | 70k+ | | Output is not escaped |
| #27 | GeoDirectory – WP Business Directory Plugin and Classified Listings Directory | 22 | 4,462 | 3,972 | 10k+ | | Output is not escaped |
| #28 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | | Exception output is not escaped |
| #29 | Import WP – Export and Import CSV and XML files to WordPress | 22 | 580 | 330 | 4k+ | | Exception output is not escaped |
| #30 | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | 22 | 2,361 | 3,384 | 70k+ | | Non-prefixed global variable |
| #31 | MailOptin – Popup, Optin Forms & Email Newsletters for Mailchimp, HubSpot, AWeber Etc. | 22 | 2,619 | 2,453 | 10k+ | | Output is not escaped |
| #32 | Modula Image Gallery – Photo Grid & Video Gallery | 22 | 474 | 436 | 100k+ | | Text Domain Mismatch |
| #33 | Product Catalog Feed by PixelYourSite | 22 | 581 | 357 | 8k+ | | Output is not escaped |
| #34 | Restrict User Access – Ultimate Membership & Content Protection | 22 | 977 | 1,840 | 10k+ | | Non-prefixed global variable |
| #35 | Seraphinite Accelerator | 22 | 594 | 255 | 50k+ | | Output is not escaped |
| #36 | URL Shortify – Simple and Easy URL Shortener | 22 | 1,520 | 2,689 | 10k+ | | Non-prefixed global variable |
| #37 | WCFM Marketplace – Multivendor Marketplace for WooCommerce | 22 | 1,937 | 1,969 | 10k+ | | Non-prefixed global variable |
| #38 | ManageWP Worker | 22 | 507 | 565 | 1m+ | | Non-prefixed class |
| #39 | Asset CleanUp: Page Speed Booster | 22 | 2,030 | 2,485 | 100k+ | | Non-prefixed global variable |
| #40 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 915 | 905 | 70k+ | | Exception output is not escaped |
| #41 | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | 22 | 5,996 | 2,790 | 5k+ | | Text Domain Mismatch |
| #42 | School Management System – WPSchoolPress | 22 | 314 | 5,220 | 1k+ | | Non-prefixed global variable |
| #43 | BA Book Everything | 23 | 1,184 | 1,086 | 10k+ | | Output is not escaped |
| #44 | Booking calendar, Appointment Booking System | 23 | 1,079 | 1,125 | 4k+ | | Output is not escaped |
| #45 | WPBot – AI ChatBot for Live Support, Lead Generation, AI Services | 23 | 264 | 1,038 | 5k+ | | Non-prefixed global variable |
| #46 | Content Aware Sidebars – Fastest Widget Area Plugin | 23 | 993 | 1,738 | 30k+ | | Non-prefixed global variable |
| #47 | Content Egg – Affiliate Product Importer & Price Comparison | 23 | 1,231 | 1,257 | 10k+ | | Non-prefixed global variable |
| #48 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | 23 | 3,723 | 10,283 | 40k+ | | Non-prefixed namespace |
| #49 | Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder | 23 | 4,746 | 1,279 | 30k+ | | Non Singular String Literal Domain |
| #50 | FV Flowplayer Video Player | 23 | 1,311 | 1,454 | 20k+ | | Output is not escaped |
