WordPress.org

Security Scorecard

Score

34D

Total CVEs

891

Patch Rate

47%

415 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39
High156
Medium694
Low2

Patch Status

Patched415 (47%)
Partial/Workaround4 (0%)
Unpatched472 (53%)

CVEs (1,103)

CVE IDTitleSeverityScoreDaysPatch
CVE-2025-49961Breeze Checkout VulnerabilityMedium6.390dUnpatched
CVE-2025-52735XLPlugins NextMove Lite Woo-Thank-You Page NextMoveLite XSSHigh7.390dUnpatched
CVE-2025-52737WP Store Locator Object InjectionHigh8.890dUnpatched
CVE-2025-52741Barry Kooij Post Connector XSSCritical9.090dUnpatched
CVE-2025-52742Pets Cross-site Scripting VulnerabilityHigh7.190dUnpatched
CVE-2025-52748Directory Pro Cross-site Scripting VulnerabilityHigh7.190dUnpatched
CVE-2025-52755Child Themes Cross-site Scripting VulnerabilityHigh7.190dUnpatched
CVE-2025-53352G5Theme Grid Plus XSS VulnerabilityHigh7.190dUnpatched
CVE-2025-59555Medizin Theme VulnerabilityHigh8.190dUnpatched
CVE-2025-60134WP Media Categories CSRFMedium5.390dUnpatched