WordPress.org

Security Scorecard

Score

34D

Total CVEs

888

Patch Rate

46%

412 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High156
Medium691
Low2

Patch Status

Patched412 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)

CVEs (1,100)

CVE IDTitleSeverityScoreDaysPatch
CVE-2026-1051WordPress Plugin XSSMedium4.3-Patched
CVE-2025-14351CVE-2025-14351Medium5.3-Patched
CVE-2025-14977Dokan: AI Powered WooCommerce Multivendor Marketplace Solution VulnerabilityHigh8.1-Patched
CVE-2026-1042WP Hello Bar Plugin VulnerabilityMedium4.4-Patched
CVE-2025-14533WordPress Plugin XSSCritical9.8-Patched
CVE-2025-15380NotificationX FOMO Plugin XSSHigh7.2-Patched
CVE-2026-0548Tutor LMS Plugin VulnerabilityMedium5.41dUnpatched
CVE-2026-0608WordPress Head Meta Data Plugin VulnerabilityMedium6.41dUnpatched
CVE-2025-12718Quick Contact Form Plugin VulnerabilityMedium5.8-Patched
CVE-2025-14075WP Hotel Booking Plugin VulnerabilityMedium5.3-Patched