Automattic (WordPress)

Security Scorecard

Score

71C

Total CVEs

78

Patch Rate

51%

40 patched

Avg Response

-

days to patch

Critical Gaps

0

exploitable, no detection

Severity Breakdown

Critical2

High14

Medium62

Low0

Patch Status

Patched40 (51%)

Partial/Workaround0 (0%)

Unpatched38 (49%)

CVEs (100)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2026-24357	CVE-2026-24357	High	8.1	-	Patched
CVE-2026-24389	WP Chill Gallery PhotoBlocks XSS	Medium	6.5	-	Patched
CVE-2026-24390	Kentha Elementor Widgets Plugin Local File Inclusion Vulnerability	High	7.5	-	Patched
CVE-2025-68058	Institutions Directory Broken Access Control Vulnerability	High	7.6	-	Patched
CVE-2025-68007	Event Espresso Decaf Vulnerability	Medium	6.5	6d	Unpatched
CVE-2025-15521	Academy LMS WordPress Plugin XSS	Critical	9.8	-	Patched
CVE-2025-14348	weMail Email Marketing Vulnerability	Medium	5.3	-	Patched
CVE-2026-0554	NotificationX Plugin Vulnerability	Medium	4.3	1d	Unpatched
CVE-2025-14478	Demo Importer Plus XML External Entity Injection	High	7.5	-	Patched
CVE-2026-1000	MailerLite - WooCommerce Integration Plugin Vulnerability	Medium	6.5	-	Patched