WordPress.org

Security Scorecard

Score

34D

Total CVEs

896

Patch Rate

47%

419 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High157
Medium698
Low2

Patch Status

Patched419 (47%)
Partial/Workaround4 (0%)
Unpatched473 (53%)

CVEs (1,108)

CVE IDTitleSeverityScoreDaysPatch
CVE-2025-12360-Medium4.340dUnpatched
CVE-2025-12563-Medium4.340dUnpatched
CVE-2025-49386Object Injection in Preserve Code FormattingCritical9.876dUnpatched
CVE-2025-49398Easy Appointments XSSMedium6.176dUnpatched
CVE-2025-53239User Registration Aide Cross-site Scripting VulnerabilityMedium6.176dUnpatched
CVE-2025-53574Doliconnect Cross-site Scripting VulnerabilityMedium6.176dUnpatched
CVE-2025-54711Info Cards Plugin VulnerabilityHigh7.176dUnpatched
CVE-2025-58207WP Messiah Ai Image Alt Text Generator VulnerabilityHigh8.276dUnpatched
CVE-2025-60073PHP Remote File Inclusion VulnerabilityHigh7.576dUnpatched
CVE-2025-60188Vito Peleg Atarim VulnerabilityHigh7.576dUnpatched