WordPress.org

Security Scorecard

Score

33D

Total CVEs

883

Patch Rate

46%

408 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High152
Medium690
Low2

Patch Status

Patched408 (46%)
Partial/Workaround4 (0%)
Unpatched471 (53%)

CVEs (1,096)

CVE IDTitleSeverityScoreDaysPatch
CVE-2025-60086WP Voting Contest Access Control BypassN/A-34dUnpatched
CVE-2025-60182Schiocco Support Board XSS VulnerabilityN/A-34dUnpatched
CVE-2025-64221dt-reservation-plugin Cross-site Scripting VulnerabilityN/A-34dUnpatched
CVE-2025-64258Wordpress Plugin VulnerabilityN/A-34dUnpatched
CVE-2025-64295Wordpress Plugin VulnerabilityN/A-34dUnpatched
CVE-2025-64373PHP Remote File Inclusion Vulnerability in shinetheme TravelerN/A-34dUnpatched
CVE-2025-6324Easy Invoice Cross-site Scripting VulnerabilityN/A-34dUnpatched
CVE-2025-62901Tormorten WP Microdata XSSN/A-31dUnpatched
CVE-2025-68551Vikas Ratudi VPSUForm VulnerabilityN/A-29dUnpatched
CVE-2025-68607Hiroaki Miyashita Custom Field Template XSSN/A-23dUnpatched