WordPress.org
Security Scorecard
Score
34D
Total CVEs
895
Patch Rate
47%
418 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium698
Low2
Patch Status
Patched418 (47%)
Partial/Workaround4 (0%)
Unpatched473 (53%)
CVEs (1,107)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-64296 | CVE-2025-64296 | Medium | 5.3 | 84d | Unpatched |
| CVE-2025-64234 | Evergreen Content Poster Vulnerability | Medium | 4.3 | 84d | Unpatched |
| CVE-2025-64284 | PHP Remote File Inclusion Vulnerability | High | 7.5 | 84d | Unpatched |
| CVE-2025-62972 | CVE-2025-62972 | Medium | 4.3 | 86d | Unpatched |
| CVE-2025-62899 | THRIVE - Web Design Gold Coast Photospace Responsive photospace-responsive | Medium | 5.4 | 85d | Unpatched |
| CVE-2025-62902 | ThemeHunk WP Popup Builder Exposure | High | 7.5 | - | Patched |
| CVE-2025-62881 | WP-Lister Lite eBay Plugin Vulnerability | Medium | 4.3 | 85d | Unpatched |
| CVE-2025-62898 | Maarten Links Shortcode XSS | Medium | 5.4 | 85d | Unpatched |
| CVE-2025-62900 | Cross-site Scripting in Popular Posts by Webline Plugin | Medium | 5.4 | 85d | Unpatched |
| CVE-2025-62904 | WP Geo Cross-site Scripting | Medium | 5.4 | 85d | Unpatched |