| #1 | Crowdsignal Forms | 100 | | 0 | 200k+ | | | No open findings |
| #2 | LeadConnector | 100 | | 0 | 20k+ | | | No open findings |
| #3 | Email Marketing for WordPress and WooCommerce – Retainful | 100 | | 2 | 500 | | | trademarked term |
| #4 | Superb Addons: Blocks, Patterns, Pre-built Pages, Sliders, Popups, Free Forms, Animations & More | 100 | | 0 | 80k+ | | | No open findings |
| #5 | WS Form LITE – Drag & Drop Contact Form Builder | 100 | | 0 | 10k+ | | | No open findings |
| #6 | Online Forms — Customizable Payment, Contact, Quiz, Survey Form Builder – Jotform | 99 | 1 | 0 | 20k+ | | | outdated tested upto header |
| #7 | Unique Submissions for Elementor Forms | 99 | 1 | 2 | 500 | | | No Caching |
| #8 | Add-On for Contact Form 7 to Notion | 98 | 2 | 7 | 400 | | | Non-prefixed hook name |
| #9 | Formsite | Embed online forms to collect orders, registrations, leads, and surveys | 98 | 3 | 2 | 900 | | | Missing direct file access protection |
| #10 | GravityWP – Count | 98 | 2 | 3 | 2k+ | | | trademarked term |
| #11 | GravityWP – CSS Selector | 98 | 2 | 4 | 4k+ | | | trademarked term |
| #12 | HubSpot All-In-One Marketing – Forms, Popups, Live Chat | 97 | 6 | 4 | 200k+ | | | Missing direct file access protection |
| #13 | Quform WPML | 97 | 2 | 8 | 700 | | | trademarked term |
| #14 | WebConnex Form Management | 97 | 3 | 13 | 500 | | | Missing Version |
| #15 | FormLayer | 96 | | 2 | 50k+ | | | Nonce verification recommended |
| #16 | فرم ساز فرم افزار | 94 | 8 | 9 | 400 | | | Non Enqueued Script |
| #17 | Contact Form & SMTP Plugin for WordPress by PirateForms | 93 | 14 | 102 | 30k+ | | | Non-prefixed hook name |
| #18 | Fluent Forms Block | 92 | 4 | 18 | 2k+ | | | Non-prefixed global variable |
| #19 | Antispam for Elementor Forms | 91 | 3 | 3 | 1k+ | | | Missing Translators Comment |
| #20 | Edit Entries for Gravity Forms | 91 | 5 | 3 | 2k+ | | | Nonce verification recommended |
| #21 | Gravity Forms – Placeholders add-on | 90 | 5 | 5 | 2k+ | | | trademarked term |
| #22 | Payment Forms for Paystack | 90 | 494 | 23 | 3k+ | | | Text Domain Mismatch |
| #23 | User Role for Flamingo | 89 | 2 | 4 | 700 | | | Non-prefixed function |
| #24 | G-Forms hCaptcha | 88 | 7 | 5 | 3k+ | | | Missing direct file access protection |
| #25 | Zoho Forms – Drag & Drop Form Builder for Websites – Contact Forms, Payment Forms, Order Forms & More | 85 | 16 | 2 | 10k+ | | | Non Enqueued Script |
| #26 | Wrap form fields in Gravity Forms | 84 | 22 | 3 | 1k+ | | | Text Domain Mismatch |
| #27 | Add-on Brevo for Gravity Forms | 82 | 15 | 13 | 1k+ | | | Text Domain Mismatch |
| #28 | Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation | 79 | 15 | 26 | 1k+ | | | Non-prefixed hook name |
| #29 | WP-FormAssembly | 77 | 4 | 15 | 2k+ | | | Nonce verification recommended |
| #30 | Gravity Forms Auto Placeholders | 77 | 9 | 8 | 700 | | | trademarked term |
| #31 | Advanced Custom Fields: Ninjaforms Add-on | 76 | 43 | 8 | 1k+ | | | Text Domain Mismatch |
| #32 | Cognito Forms | 75 | 13 | 4 | 2k+ | | | wp function not compatible with requires wp |
| #33 | Gravity Forms Multi Currency | 74 | 6 | 12 | 400 | | | Output is not escaped |
| #34 | RD Station | 74 | 2 | 67 | 20k+ | | | Non-prefixed global variable |
| #35 | Contact Form7: Autocomplete | 73 | 27 | 8 | 500 | | | Text Domain Mismatch |
| #36 | Custom Datepicker NMR | 73 | 4 | 12 | 1k+ | | | Missing Version |
| #37 | Gravity Fieldset for Gravity Forms | 73 | 14 | 1 | 900 | | | Output is not escaped |
| #38 | Gravity Forms CSS Ready Class Selector | 72 | 18 | 4 | 4k+ | | | Non Singular String Literal Domain |
| #39 | Woorise – Landing Pages, Forms & Surveys | 71 | 8 | 14 | 1k+ | | | Input is not sanitized |
| #40 | Gist All-In-One Marketing – Live Chat, Popups, Email | 69 | 24 | 11 | 500 | | | Output is not escaped |
| #41 | Widget Contact Form 7 | 67 | 22 | 2 | 1k+ | | | Output is not escaped |
| #42 | Integration for Elementor forms – Sendinblue | 65 | 94 | 56 | 7k+ | | | Text Domain Mismatch |
| #43 | WP Max Submit Protect | 65 | 19 | 12 | 400 | | | Output is not escaped |
| #44 | File Upload For WPForms – Filenzo | 59 | 8 | 16 | 1k+ | | | Output is not escaped |
| #45 | Gravity Forms: Notification Attachments | 59 | 18 | 7 | 500 | | | Output is not escaped |
| #46 | reCAPTCHA for Ninja Forms | 56 | 21 | 9 | 600 | | | Output is not escaped |
| #47 | Formstack Online Forms | 52 | 39 | 20 | 1k+ | | | Output is not escaped |
| #48 | Block IPs for Gravity Forms | 50 | 8 | 36 | 1k+ | | | Request data is not unslashed |
| #49 | Gravity Forms Constant Contact | 46 | 36 | 27 | 3k+ | | | Non-prefixed class |
| #50 | Contact Form 7 Signature Addon | 45 | 147 | 44 | 6k+ | | | Text Domain Mismatch |