WordPress.org
Security Scorecard
Score
34D
Total CVEs
891
Patch Rate
47%
415 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium694
Low2
Patch Status
Patched415 (47%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,103)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-11807 | - | Medium | 6.4 | 58d | Unpatched |
| CVE-2025-11809 | - | Medium | 6.4 | 58d | Unpatched |
| CVE-2025-48092 | Fix Multiple Redirects Vulnerability | High | 7.1 | 90d | Unpatched |
| CVE-2025-49376 | Delucks SEO Vulnerability | High | 7.5 | 90d | Unpatched |
| CVE-2025-49377 | Hydra Booking Plugin Vulnerability | High | 7.5 | 90d | Unpatched |
| CVE-2025-49923 | Seriously Simple Podcasting XSS | Medium | 6.1 | 90d | Unpatched |
| CVE-2025-49930 | CrocoBlock JetSearch Cross-site Scripting | High | 7.1 | 90d | Unpatched |
| CVE-2025-49938 | CrocoBlock JetEngine XSS | Medium | 6.5 | 90d | Unpatched |
| CVE-2025-49947 | WooCommerce Registration Fields Plugin Cross-site Scripting | High | 7.1 | 90d | Unpatched |
| CVE-2025-49949 | Templazee Templating Engine Vulnerability | Medium | 5.5 | 90d | Unpatched |