WordPress.org

Security Scorecard

Score

33D

Total CVEs

870

Patch Rate

46%

396 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39

High149

Medium680

Low2

Patch Status

Patched396 (46%)

Partial/Workaround4 (0%)

Unpatched470 (54%)

CVEs (1,095)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2026-1084	WordPress Plugin XSS	Medium	4.4	-	Patched
CVE-2026-1088	WordPress Plugin XSS	Medium	4.3	-	Patched
CVE-2026-1095	Canto Testimonials Plugin XSS	Medium	6.4	-	Patched
CVE-2026-1257	Wordpress Plugin XSS	High	7.5	-	Patched
CVE-2025-13139	SurveyJS Drag & Drop WordPress Form Builder Plugin Vulnerability	Medium	4.3	-	Patched
CVE-2025-13194	CVE-2025-13194	Medium	4.3	-	Patched
CVE-2025-13205	SurveyJS Drag & Drop WordPress Form Builder Vulnerability	Medium	4.3	-	Patched
CVE-2025-14630	AdminQuickbar Cross-Site Request Forgery	Medium	4.3	0d	Unpatched
CVE-2025-14907	WordPress Moderate Selected Posts Plugin Vulnerability	Medium	4.3	-	Patched
CVE-2026-0800	WordPress User Submitted Posts – Enable Users to Submit Posts from the Front End Plugin Vulnerability	High	7.2	-	Patched