WordPress.org

Security Scorecard

Score

34D

Total CVEs

888

Patch Rate

46%

412 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High156
Medium691
Low2

Patch Status

Patched412 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)

CVEs (1,100)

CVE IDTitleSeverityScoreDaysPatch
CVE-2025-14846SocialChamp with WordPress Plugin VulnerabilityMedium4.3-Patched
CVE-2025-15376WordPress Stopwords Plugin VulnerabilityMedium4.3-Patched
CVE-2025-15475PayHere Payment Gateway Plugin VulnerabilityMedium5.3-Patched
CVE-2026-0734WP Allowed Hosts Plugin VulnerabilityMedium4.4-Patched
CVE-2026-0739WMF Mobile Redirector VulnerabilityMedium4.4-Patched
CVE-2026-0741Electric Studio Download Counter Plugin VulnerabilityMedium4.4-Patched
CVE-2026-0813Short Link VulnerabilityMedium4.4-Patched
CVE-2026-23550Modular DS Privilege EscalationCritical10.0-Patched
CVE-2025-14001WP Duplicate Page Plugin VulnerabilityMedium5.4-Patched
CVE-2026-0684WordPress Plugin XSSMedium4.3-Patched