Automattic (WordPress)

Security Scorecard

Score

70D

Total CVEs

75

Patch Rate

49%

37 patched

Avg Response

-

days to patch

Critical Gaps

0

exploitable, no detection

Severity Breakdown

Critical1

High14

Medium60

Low0

Patch Status

Patched37 (49%)

Partial/Workaround0 (0%)

Unpatched38 (51%)

CVEs (100)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2026-1298	Easy Replace Image Plugin Vulnerability	Medium	5.3	-	Patched
CVE-2026-1381	WooCommerce Order Minimum/Maximum Amount Limits Vulnerability	Medium	4.4	-	Patched
CVE-2026-1076	Wordpress Plugin XSS	Medium	4.3	-	Patched
CVE-2026-0687	Meta-box GalleryMeta Plugin Vulnerability	Medium	4.3	-	Patched
CVE-2026-1127	CVE-2026-1127	Medium	6.1	-	Patched
CVE-2026-0911	CVE-2026-0911	High	7.5	-	Patched
CVE-2026-24630	Stylish Cost Calculator XSS	Medium	6.5	-	Patched
CVE-2026-24357	CVE-2026-24357	High	8.1	-	Patched
CVE-2026-24389	WP Chill Gallery PhotoBlocks XSS	Medium	6.5	-	Patched
CVE-2026-24390	Kentha Elementor Widgets Plugin Local File Inclusion Vulnerability	High	7.5	-	Patched