Automattic
Security Scorecard
Score
68C
Total CVEs
221
Patch Rate
49%
108 patched
Avg Response
40d
days to patch
Critical Gaps
0
exploitable, no detection
Severity Breakdown
Critical10
High30
Medium181
Low0
Patch Status
Patched108 (49%)
Partial/Workaround1 (0%)
Unpatched112 (51%)
CVEs (273)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2026-0717 | CVE-2026-0717 | Medium | 5.3 | - | Patched |
| CVE-2020-36919 | WPForms Cross-Site Scripting Vulnerability | Medium | 6.1 | - | Patched |
| CVE-2025-14943 | CVE-2025-14943 | Medium | 4.3 | - | Patched |
| CVE-2025-13749 | Clearfy Cache Vulnerability | Medium | 4.3 | - | Patched |
| CVE-2026-0627 | AMP for WP Plugin Vulnerability | Medium | 6.4 | - | Patched |
| CVE-2025-13679 | Tutor LMS Plugin Vulnerability | Medium | 6.5 | - | Patched |
| CVE-2026-22518 | PencilWP X Addons for Elementor XSS Vulnerability | Medium | 6.5 | - | Patched |
| CVE-2025-14436 | Brevo for WooCommerce Plugin XSS | High | 7.2 | - | Patched |
| CVE-2025-13215 | Phlox WordPress Plugin XSS | Medium | 5.3 | - | Patched |
| CVE-2025-4776 | Phlox Theme Vulnerability | Medium | 6.4 | 0d | Unpatched |