Automattic (WordPress)
Security Scorecard
Score
35F
Total CVEs
38
Patch Rate
0%
0 patched
Avg Response
-
days to patch
Critical Gaps
1
exploitable, no detection
Severity Breakdown
Critical1
High4
Medium33
Low0
Patch Status
Patched0 (0%)
Partial/Workaround0 (0%)
Unpatched38 (100%)
CVEs (45)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-10579 | BackWPup WordPress Backup & Restore Plugin Vulnerability | MEDIUM | 5.3 | 55d | Unpatched |
| CVE-2025-10748 | RapidResult SQL Injection Vulnerability | MEDIUM | 6.5 | 56d | Unpatched |
| CVE-2025-52760 | MultiSite Clone Duplicator XSS | MEDIUM | 6.1 | 58d | Unpatched |
| CVE-2025-9984 | FIFU Plugin Vulnerability | MEDIUM | 5.3 | 79d | Unpatched |
| CVE-2025-9887 | Custom Login And Signup Widget Plugin Vulnerability | MEDIUM | 4.3 | 87d | Unpatched |
| CVE-2025-9849 | Html Social Share Buttons Vulnerability | MEDIUM | 5.3 | 101d | Unpatched |
| CVE-2025-9048 | Wptobe-memberships Plugin Vulnerability | HIGH | 8.1 | 116d | Unpatched |
| CVE-2024-54383 | WooCommerce PDF Vouchers Broken Authentication Vulnerability | CRITICAL | 9.8 | 361d | Unpatched |
| CVE-2025-0969 | Brizy Page Builder Plugin Vulnerability | N/A | - | 2d | Unpatched |
| CVE-2025-13089 | WP Directory Kit SQL Injection | N/A | - | 2d | Unpatched |