WordPress.org
Security Scorecard
Score
34D
Total CVEs
888
Patch Rate
46%
412 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium691
Low2
Patch Status
Patched412 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,100)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-15364 | WordPress Download Manager Plugin Privilege Escalation | High | 7.3 | - | Unpatched |
| CVE-2025-12067 | WordPress Table Field Add-on Vulnerability | Medium | 6.4 | - | Patched |
| CVE-2025-14371 | CVE-2025-14371 | Medium | 4.3 | - | Patched |
| CVE-2025-9637 | QSM Vulnerability | Medium | 6.5 | - | Patched |
| CVE-2025-69084 | GT3 Photo Gallery XSS | High | 7.1 | - | Patched |
| CVE-2025-69085 | JobBank Plugin XSS | High | 7.1 | - | Patched |
| CVE-2025-69334 | WPFactory Wishlist for WooCommerce XSS | Medium | 6.5 | - | Patched |
| CVE-2025-69349 | Fahad Mahmood RSS Feed Widget | Medium | 5.4 | - | Patched |
| CVE-2025-69354 | BBR Plugin Broken Access Control Vulnerability | Medium | 5.4 | - | Patched |
| CVE-2025-14124 | Team WordPress Plugin Vulnerability | High | 8.6 | 0d | Unpatched |