Automattic (WordPress)
Security Scorecard
Score
35F
Total CVEs
38
Patch Rate
0%
0 patched
Avg Response
-
days to patch
Critical Gaps
1
exploitable, no detection
Severity Breakdown
Critical1
High4
Medium33
Low0
Patch Status
Patched0 (0%)
Partial/Workaround0 (0%)
Unpatched38 (100%)
CVEs (45)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-67542 | SilkyPress Multi-Step Checkout for WooCommerce XSS | MEDIUM | 6.5 | 5d | Unpatched |
| CVE-2025-63023 | WooPayPal Gateway Vulnerability | MEDIUM | 5.3 | 5d | Unpatched |
| CVE-2025-13626 | MyLCO Plugin Vulnerability | MEDIUM | 6.1 | 8d | Unpatched |
| CVE-2025-12721 | g-FFL Cockpit Plugin Vulnerability | MEDIUM | 5.3 | 8d | Unpatched |
| CVE-2025-10055 | Time Sheets Cross-Site Request Forgery | MEDIUM | 4.3 | 9d | Unpatched |
| CVE-2025-13090 | WP Directory Kit SQL Injection | MEDIUM | 4.9 | 12d | Unpatched |
| CVE-2025-13685 | Photo Gallery by Ays Plugin Vulnerability | MEDIUM | 4.3 | 13d | Unpatched |
| CVE-2025-12752 | Fake Payment Creation in WordPress Subscriptions & Memberships Plugin | MEDIUM | 5.3 | 23d | Unpatched |
| CVE-2025-10938 | UiPress Lite Plugin Vulnerability | MEDIUM | 6.5 | 24d | Unpatched |
| CVE-2025-66114 | WooShow Single Variations as Single Products WooCommerce Plugin Vulnerability | MEDIUM | 5.3 | 24d | Unpatched |