WordPress.org
Security Scorecard
Score
34D
Total CVEs
888
Patch Rate
46%
412 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium691
Low2
Patch Status
Patched412 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,100)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2024-29094 | HT Easy GA4 Plugin XSS | High | 7.1 | - | Patched |
| CVE-2022-1952 | WordPress Plugin XSS | Critical | 9.8 | - | Patched |
| CVE-2022-1589 | Change wp-admin login WordPress Plugin Vulnerability | High | 7.5 | 1325d | Unpatched |
| CVE-2021-24863 | WP Block Vulnerability | Critical | 9.8 | 1495d | Unpatched |
| CVE-2021-24767 | WordPress Plugin XSS | Medium | 6.5 | - | Patched |
| CVE-2017-18577 | Mailchimp-for-WP Cross-Site Scripting (XSS) | Medium | 6.1 | - | Patched |
| CVE-2017-18536 | WordPress Plugin XSS | Medium | 6.1 | - | Patched |
| CVE-2016-10871 | Mailchimp-for-WP XSS Vulnerability | Medium | 6.1 | - | Patched |
| CVE-2025-13740 | - | N/A | - | 0d | Unpatched |
| CVE-2025-12684 | - | N/A | - | 0d | Unpatched |