WordPress.org
Security Scorecard
Score
34D
Total CVEs
891
Patch Rate
47%
415 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium694
Low2
Patch Status
Patched415 (47%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,103)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-13666 | Helloprint Plugin Vulnerability | Medium | 5.3 | - | Patched |
| CVE-2025-13748 | Fluent Forms WordPress Plugin XSS | Medium | 5.3 | - | Patched |
| CVE-2025-12091 | Wordpress Plugin XSS | Medium | 4.3 | - | Patched |
| CVE-2025-12577 | WordPress Plugin XSS | Medium | 4.3 | - | Patched |
| CVE-2025-13629 | WP Landing Page Plugin Vulnerability | Medium | 4.3 | - | Patched |
| CVE-2025-13614 | WordPress Plugin XSS | High | 8.1 | 27d | Unpatched |
| CVE-2025-13512 | CoSign Single Signon Plugin Vulnerability | Medium | 6.1 | 29d | Unpatched |
| CVE-2025-12354 | CVE-2025-12354 | Medium | 4.3 | 29d | Unpatched |
| CVE-2025-13313 | WordPress Plugin XSS | Critical | 9.8 | - | Patched |
| CVE-2025-12374 | WordPress User Verification Plugin Vulnerability | Critical | 9.8 | - | Patched |