WordPress.org

Security Scorecard

Score

34D

Total CVEs

888

Patch Rate

46%

412 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39

High156

Medium691

Low2

Patch Status

Patched412 (46%)

Partial/Workaround4 (0%)

Unpatched472 (53%)

CVEs (1,100)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-14161	Truefy Embed Plugin Vulnerability	Medium	4.3	-	Patched
CVE-2025-14165	Kirim Email WooCommerce Integration Plugin Vulnerability	Medium	4.3	-	Patched
CVE-2025-14354	WordPress Plugin XSS	Medium	4.3	-	Patched
CVE-2025-14391	WordPress Plugin XSS	Medium	4.3	-	Patched
CVE-2025-14392	WordPress Plugin XSS	Medium	4.3	-	Patched
CVE-2025-14356	Wordpress Plugin XSS	Medium	4.3	-	Patched
CVE-2025-14159	WordPress Plugin XSS	Medium	4.3	-	Patched
CVE-2025-9436	Widgets for Google Reviews Plugin XSS	Medium	6.4	22d	Unpatched
CVE-2025-13613	Elated Membership Plugin Vulnerability	Critical	9.8	-	Patched
CVE-2025-13677	WordPress Simple Download Counter Plugin Vulnerability	Medium	4.9	-	Patched