WordPress.org
Security Scorecard
Score
34D
Total CVEs
891
Patch Rate
47%
415 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium694
Low2
Patch Status
Patched415 (47%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,103)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-60135 | WeShare Buttons Emailit XSS | Medium | 5.9 | 90d | Unpatched |
| CVE-2025-60224 | Wordpress Subscribe to Download Object Injection | Critical | 9.8 | 90d | Unpatched |
| CVE-2025-62015 | Advanced Coupons for WooCommerce SQL Injection | High | 7.6 | 90d | Unpatched |
| CVE-2025-62042 | Bastien Ho Event Post Vulnerability | Medium | 6.5 | 90d | Unpatched |
| CVE-2025-62052 | One Page Express Companion Vulnerability | Medium | 4.3 | 90d | Unpatched |
| CVE-2025-62058 | Favethemes Houzez Theme Functionality Cross-site Scripting | Medium | 6.5 | 90d | Unpatched |
| CVE-2025-62062 | Easy Post Submission Plugin Vulnerability | Medium | 5.3 | 90d | Unpatched |
| CVE-2025-62063 | WP Travel Gutenberg Blocks XSS | Medium | 6.5 | 90d | Unpatched |
| CVE-2025-11741 | - | Medium | 5.3 | 62d | Unpatched |
| CVE-2025-11510 | - | Medium | 4.3 | 62d | Unpatched |