Automattic
Security Scorecard
Score
39F
Total CVEs
135
Patch Rate
5%
7 patched
Avg Response
-
days to patch
Critical Gaps
1
exploitable, no detection
Severity Breakdown
Critical1
High10
Medium124
Low0
Patch Status
Patched7 (5%)
Partial/Workaround0 (0%)
Unpatched128 (95%)
CVEs (157)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-8666 | Testimonial Carousel For Elementor Plugin Vulnerability | MEDIUM | 6.4 | 55d | Unpatched |
| CVE-2025-11564 | Tutor LMS Plugin Vulnerability | MEDIUM | 5.3 | 55d | Unpatched |
| CVE-2025-10637 | InstaGallery Plugin Vulnerability | MEDIUM | 5.3 | 55d | Unpatched |
| CVE-2025-10737 | Genesis Framework Theme Vulnerability | MEDIUM | 6.4 | 55d | Unpatched |
| CVE-2025-11257 | Hubspot Blog Import Plugin Vulnerability | MEDIUM | 4.3 | 56d | Unpatched |
| CVE-2025-12136 | Real Cookie Banner SSRF Vulnerability | MEDIUM | 6.8 | 56d | Unpatched |
| CVE-2025-8427 | Beaver Builder Plugin Vulnerability | MEDIUM | 6.4 | 57d | Unpatched |
| CVE-2025-49939 | JetElements For Elementor XSS | MEDIUM | 6.5 | 58d | Unpatched |
| CVE-2025-49932 | CrocoBlock JetBlog XSS | MEDIUM | 6.5 | 58d | Unpatched |
| CVE-2025-11819 | WP Thumbnail Vulnerability | MEDIUM | 6.4 | 58d | Unpatched |