WordPress.org

Security Scorecard

Score

34D

Total CVEs

888

Patch Rate

46%

412 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High156
Medium691
Low2

Patch Status

Patched412 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)

CVEs (1,100)

CVE IDTitleSeverityScoreDaysPatch
CVE-2026-22355Simple XML Sitemap Plugin XSSHigh7.1-Patched
CVE-2026-23976WP Chill Modula Image Gallery XSSHigh7.1-Patched
CVE-2026-24383bSlider XSSMedium6.5-Patched
CVE-2025-68894ShoutOut ShoutOut XSSHigh7.15dUnpatched
CVE-2025-68518ThemeGoods Hoteller XSSHigh7.1-Patched
CVE-2025-68866Dinatur Plugin XSSHigh7.1-Patched
CVE-2025-68871Dooodl Plugin XSSHigh7.1-Patched
CVE-2025-67946CVE-2025-67946High8.1-Patched
CVE-2025-68913Miion Theme VulnerabilityHigh7.5-Patched
CVE-2025-68008WP Mail XSSHigh7.16dUnpatched