Automattic
Security Scorecard
Score
68C
Total CVEs
221
Patch Rate
49%
108 patched
Avg Response
40d
days to patch
Critical Gaps
0
exploitable, no detection
Severity Breakdown
Critical10
High30
Medium181
Low0
Patch Status
Patched108 (49%)
Partial/Workaround1 (0%)
Unpatched112 (51%)
CVEs (273)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-13684 | CVE-2025-13684 | Medium | 4.3 | - | Patched |
| CVE-2025-12782 | - | Medium | 4.3 | - | Patched |
| CVE-2025-11379 | WebP Express Plugin Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-13401 | - | Medium | 6.4 | 11d | Unpatched |
| CVE-2025-13390 | WP Directory Kit Plugin XSS | Critical | 10.0 | - | Patched |
| CVE-2025-13486 | Advanced Custom Fields: Extended Plugin XSS | Critical | 9.8 | - | Patched |
| CVE-2025-13697 | - | Medium | 6.4 | 12d | Unpatched |
| CVE-2025-13731 | - | Medium | 6.4 | 12d | Unpatched |
| CVE-2025-13140 | - | Medium | 4.3 | 13d | Unpatched |
| CVE-2025-13516 | SureMail SMTP and Email Logs Plugin Vulnerability | High | 8.1 | 30d | Unpatched |