WordPress.org
Security Scorecard
Score
34D
Total CVEs
888
Patch Rate
46%
412 patched
Avg Response
104d
days to patch
Critical Gaps
8
exploitable, no detection
Severity Breakdown
Critical39
High156
Medium691
Low2
Patch Status
Patched412 (46%)
Partial/Workaround4 (0%)
Unpatched472 (53%)
CVEs (1,100)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-47566 | ZoomSounds XSS | N/A | - | - | Patched |
| CVE-2025-66148 | Merkulove Conformer for Elementor Vulnerability | N/A | - | - | Patched |
| CVE-2025-30633 | Amazon Native Shopping Recommendations Plugin SQL Injection | N/A | - | - | Patched |
| CVE-2025-31044 | WordPress Plugin SQL Injection Vulnerability | N/A | - | - | Patched |
| CVE-2025-68865 | Infility Global SQL Injection | N/A | - | - | Patched |
| CVE-2023-49186 | Machic Core Plugin XSS | N/A | - | - | Patched |
| CVE-2025-69033 | WP Filter XSS | N/A | - | 6d | Unpatched |
| CVE-2025-69089 | Auto Listings Cross-site Scripting Vulnerability | N/A | - | 6d | Unpatched |
| CVE-2025-53344 | ThimPress Thim Core CSRF Vulnerability | N/A | - | - | Patched |
| CVE-2025-14155 | Elementor Template Viewer Vulnerability | N/A | - | - | Patched |