WordPress Plugin Directory
Security Scorecard
Score
46C
Total CVEs
21
Patch Rate
24%
5 patched
Avg Response
58d
days to patch
Critical Gaps
1
exploitable, no detection
Severity Breakdown
Critical4
High7
Medium10
Low0
Patch Status
Patched5 (24%)
Partial/Workaround1 (5%)
Unpatched15 (71%)
CVEs (27)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2026-24521 | Kama Thumbnail Cross-Site Request Forgery | Medium | 4.3 | - | Patched |
| CVE-2025-68009 | Codeless Slider Templates Vulnerability | Medium | 6.5 | 6d | Unpatched |
| CVE-2025-68011 | GLS Shipping for WooCommerce XSS Vulnerability | High | 7.1 | 6d | Unpatched |
| CVE-2025-22707 | PHP Remote File Inclusion Vulnerability in ThemeMove Moody tm-moody | Critical | 9.8 | - | Patched |
| CVE-2025-67521 | PHP Remote File Inclusion Vulnerability | Critical | 9.8 | - | Patched |
| CVE-2025-63065 | Media Library Assistant Bypass | Medium | 5.4 | - | Patched |
| CVE-2025-62735 | User Spam Remover Vulnerability | Medium | 5.3 | 25d | Unpatched |
| CVE-2025-13141 | - | Medium | 6.4 | 24d | Unpatched |
| CVE-2025-66098 | Camille V Travelers' Map XSS | Medium | 6.5 | 61d | Unpatched |
| CVE-2025-60242 | Anatoly Download Counter Path Traversal Vulnerability | High | 7.5 | 76d | Unpatched |