WordPress.org

Security Scorecard

Score

34D

Total CVEs

888

Patch Rate

46%

412 patched

Avg Response

104d

days to patch

Critical Gaps

8

exploitable, no detection

Severity Breakdown

Critical39

High156

Medium691

Low2

Patch Status

Patched412 (46%)

Partial/Workaround4 (0%)

Unpatched472 (53%)

CVEs (1,100)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-49045	Highwarden Super Interactive Maps Plugin XSS	Medium	6.1	-	Patched
CVE-2025-49249	ApusTheme Drone XSS	Medium	6.1	-	Patched
CVE-2025-52746	ayecode Restaurante Theme Cross-site Scripting Vulnerability	Medium	6.1	-	Patched
CVE-2025-53240	WordPress Plugin XSS	Medium	6.1	-	Patched
CVE-2025-63018	Bard Theme Broken Access Control Vulnerability	High	8.8	-	Patched
CVE-2025-66135	Merkulove Imager for Elementor Plugin Vulnerability	High	8.8	-	Patched
CVE-2025-69050	Edge-Themes Overworld Remote File Inclusion	High	8.1	-	Patched
CVE-2025-69185	Hotel Listing Plugin Vulnerability	High	7.3	5d	Unpatched
CVE-2025-69318	JobWP XSS	High	7.1	-	Patched
CVE-2026-22347	Carousel Horizontal Posts Content Slider XSS	Medium	6.5	-	Patched