WordPress.org
Security Scorecard
Score
33D
Total CVEs
870
Patch Rate
46%
396 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High149
Medium680
Low2
Patch Status
Patched396 (46%)
Partial/Workaround4 (0%)
Unpatched470 (54%)
CVEs (1,095)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-14386 | Metasync Plugin Vulnerability | N/A | - | - | Patched |
| CVE-2025-14616 | Recooty Job Widget Cross-Site Request Forgery | N/A | - | - | Patched |
| CVE-2026-1377 | WordPress Plugin XSS | N/A | - | - | Patched |
| CVE-2026-1398 | WP URL Cross-Site Request Forgery | N/A | - | - | Patched |
| CVE-2026-1399 | WordPress Plugin XSS | N/A | - | - | Patched |