WordPress.org

Security Scorecard

Score

34D

Total CVEs

890

Patch Rate

47%

414 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High156
Medium693
Low2

Patch Status

Patched414 (47%)
Partial/Workaround4 (0%)
Unpatched472 (53%)

CVEs (1,102)

CVE IDTitleSeverityScoreDaysPatch
CVE-2025-62994WP Messiah WP AI CoPilot VulnerabilityMedium4.3-Patched
CVE-2025-64257My Tickets Plugin XSSMedium4.3-Patched
CVE-2025-67468WordPress Plugin VulnerabilityMedium4.3-Patched
CVE-2025-67470Portfolio and Projects Plugin Sensitive Data ExposureMedium4.3-Patched
CVE-2025-67589WP Overnight WooCommerce PDF Invoices & Packing Slips XSSMedium4.3-Patched
CVE-2025-67592My Calendar Plugin XSSMedium4.3-Patched
CVE-2023-22675WP Fast Cache Plugin XSSMedium4.3-Patched
CVE-2025-13924Wordpress Plugin XSSMedium4.3-Patched
CVE-2025-14248Simple Shopping Cart SQL InjectionHigh7.3-Patched
CVE-2025-13065WordPress Plugin XSSHigh8.8-Patched