WordPress.org
Security Scorecard
Score
34D
Total CVEs
891
Patch Rate
47%
415 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium694
Low2
Patch Status
Patched415 (47%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,103)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-13898 | Ultra Skype Button Plugin Vulnerability | Medium | 6.4 | 28d | Unpatched |
| CVE-2025-13899 | Timthumb Plugin XSS | Medium | 6.4 | - | Patched |
| CVE-2025-13907 | WordPress Plugin XSS | Medium | 6.4 | - | Patched |
| CVE-2025-11263 | WordPress Plugin XSS | Medium | 6.1 | - | Patched |
| CVE-2025-13626 | MyLCO WordPress Plugin XSS | Medium | 6.1 | - | Patched |
| CVE-2025-13894 | CSV Sumotto Plugin Vulnerability | Medium | 6.1 | - | Patched |
| CVE-2025-13308 | Wordpress Plugin XSS | Medium | 5.4 | - | Unpatched |
| CVE-2025-12720 | g-FFL Cockpit Plugin Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-12721 | g-FFL Cockpit Plugin Vulnerability | Medium | 5.3 | 28d | Unpatched |
| CVE-2025-13358 | WordPress Plugin XSS | Medium | 5.3 | - | Patched |