WordPress.org

Security Scorecard

Score

33D

Total CVEs

883

Patch Rate

46%

408 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High152
Medium690
Low2

Patch Status

Patched408 (46%)
Partial/Workaround4 (0%)
Unpatched471 (53%)

CVEs (1,096)

CVE IDTitleSeverityScoreDaysPatch
CVE-2026-24587AJAX Hits Counter + Popular Posts Widget VulnerabilityMedium5.4-Patched
CVE-2026-24589Cargus eCommerce Sensitive Data ExposureMedium5.30dUnpatched
CVE-2026-24591Yoast SEO FAQ Block to Accordion XSSMedium5.4-Patched
CVE-2026-24599XLPlugins NextMove Lite Woo-Thank-You Page NextMove Lite XSSMedium5.3-Patched
CVE-2026-24550Blockons XSSMedium5.4-Patched
CVE-2026-24558ABG Rich Pins Cross-site Scripting VulnerabilityMedium5.4-Patched
CVE-2026-24626Logo Slider XSSMedium5.9-Patched
CVE-2026-24632Cross-site Scripting in Delay Redirects PluginMedium5.9-Patched
CVE-2026-24572Nelio Content SQL InjectionHigh8.8-Patched
CVE-2025-15522Uncanny Automator XSS VulnerabilityMedium6.4-Patched