WordPress.org

Security Scorecard

Score

34D

Total CVEs

887

Patch Rate

46%

411 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High156
Medium690
Low2

Patch Status

Patched411 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)

CVEs (1,099)

CVE IDTitleSeverityScoreDaysPatch
CVE-2025-15000Wordpress Page Keys Plugin VulnerabilityN/A-0dUnpatched
CVE-2025-15018WordPress Optional Email Plugin Privilege EscalationN/A-0dUnpatched
CVE-2025-15158WP Enable WebP VulnerabilityN/A-0dUnpatched
CVE-2025-14720WordPress Plugin XSSN/A--Patched
CVE-2025-14782Forminator Forms VulnerabilityN/A--Patched
CVE-2025-15055WordPress Plugin XSSN/A--Patched
CVE-2026-0563WP Google Street View & Google Maps + Local SEO Plugin XSSN/A--Patched
CVE-2025-13935Tutor LMS WordPress Plugin XSSN/A--Patched
CVE-2025-13729CVE-2025-13729N/A--Patched
CVE-2025-13895Top Position Google Finance Plugin VulnerabilityN/A-0dUnpatched