WordPress.org
Security Scorecard
Score
33D
Total CVEs
883
Patch Rate
46%
408 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High152
Medium690
Low2
Patch Status
Patched408 (46%)
Partial/Workaround4 (0%)
Unpatched471 (53%)
CVEs (1,096)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-23469 | Sleekplan Cross-site Scripting Vulnerability | N/A | - | 22d | Unpatched |
| CVE-2025-69016 | Phlox Theme Auxin-Elements Vulnerability | N/A | - | 22d | Unpatched |
| CVE-2025-49342 | Wolfgang Häfelinger Custom Style CSRF | N/A | - | 21d | Unpatched |
| CVE-2025-49343 | Social Profilr CSRF Vulnerability | N/A | - | 21d | Unpatched |
| CVE-2025-49344 | Rene SensitiveTagCloud CSRF | N/A | - | 21d | Unpatched |
| CVE-2025-49353 | Marcin Kijak Noindex by Path Vulnerability | N/A | - | 21d | Unpatched |
| CVE-2025-63005 | Tomas WordPress Tooltips XSS | N/A | - | 21d | Unpatched |
| CVE-2025-62743 | MyBookTable Bookstore XSS | N/A | - | 21d | Unpatched |
| CVE-2025-62096 | WPFactory Maximum Products per User for WooCommerce XSS Vulnerability | N/A | - | 21d | Unpatched |
| CVE-2025-62134 | WP Life Contact Form Widget CSRF | N/A | - | 21d | Unpatched |