WordPress.org

Security Scorecard

Score

34D

Total CVEs

890

Patch Rate

47%

414 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39

High156

Medium693

Low2

Patch Status

Patched414 (47%)

Partial/Workaround4 (0%)

Unpatched472 (53%)

CVEs (1,102)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-12510	Widgets for Google Reviews Plugin Vulnerability	High	7.2	-	Patched
CVE-2025-12499	Rich Shortcodes for Google Reviews Plugin Vulnerability	High	7.2	-	Patched
CVE-2025-12715	WordPress Plugin XSS	Medium	6.4	-	Patched
CVE-2025-12717	WordPress Plugin XSS	Medium	6.4	-	Patched
CVE-2025-13656	Cute News Ticker Plugin XSS	Medium	6.4	-	Patched
CVE-2025-13856	WordPress Plugin XSS	Medium	6.4	-	Patched
CVE-2025-13857	Yet Another WebClap for WordPress XSS	Medium	6.4	-	Patched
CVE-2025-13863	RevInsite Plugin XSS	Medium	6.4	-	Patched
CVE-2025-13896	WordPress Social Feed Gallery Portfolio Plugin Vulnerability	Medium	6.4	28d	Unpatched
CVE-2025-13898	Ultra Skype Button Plugin Vulnerability	Medium	6.4	28d	Unpatched