WordPress.org
Security Scorecard
Score
34D
Total CVEs
889
Patch Rate
47%
413 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium692
Low2
Patch Status
Patched413 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,101)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-67561 | Debug Log Viewer Vulnerability | Medium | 5.4 | - | Patched |
| CVE-2025-62085 | Bertha AI Broken Access Control | Medium | 5.3 | - | Patched |
| CVE-2025-67563 | Post SMTP Plugin Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-67568 | Basel Theme Broken Access Control Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-67575 | Sitewide Notice WP Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-67578 | CVE-2025-67578 | Medium | 5.3 | - | Patched |
| CVE-2025-67579 | vanquish User Extra Fields wp-user-extra-fields Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-62103 | WordPress Plugin XSS | Medium | 4.3 | - | Patched |
| CVE-2025-62734 | Media Library Downloader CSRF Vulnerability | Medium | 4.3 | - | Patched |
| CVE-2025-62866 | Auto Alt Text Plugin Vulnerability | Medium | 4.3 | - | Patched |