WordPress.org
Security Scorecard
Score
33D
Total CVEs
883
Patch Rate
46%
408 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High152
Medium690
Low2
Patch Status
Patched408 (46%)
Partial/Workaround4 (0%)
Unpatched471 (53%)
CVEs (1,096)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-67986 | Barn2 Plugins Document Library Lite XSS | N/A | - | 36d | Unpatched |
| CVE-2025-67999 | Stefano Lissa Newsletter SQL Injection | N/A | - | 36d | Unpatched |
| CVE-2025-68078 | Salient Portfolio XSS | N/A | - | 36d | Unpatched |
| CVE-2025-54748 | MapSVG Path Traversal Vulnerability | N/A | - | 34d | Unpatched |
| CVE-2025-58923 | PHP Remote File Inclusion Vulnerability in Critique Theme | N/A | - | 34d | Unpatched |
| CVE-2025-58941 | Fabric PHP Remote File Inclusion Vulnerability | N/A | - | 34d | Unpatched |
| CVE-2025-60048 | PHP Tripster Theme Vulnerability | N/A | - | 34d | Unpatched |
| CVE-2025-60059 | PHP Remote File Inclusion Vulnerability in Smart SEO Theme | N/A | - | 34d | Unpatched |
| CVE-2025-60072 | PHP Remote File Inclusion Vulnerability | N/A | - | 34d | Unpatched |
| CVE-2025-60080 | PDF-for-Gravity-Forms + Drag And Drop Template Builder Object Injection | N/A | - | 34d | Unpatched |