Automattic

Security Scorecard

Score

39F

Total CVEs

135

Patch Rate

5%

7 patched

Avg Response

-

days to patch

Critical Gaps

1

exploitable, no detection

Severity Breakdown

Critical1

High10

Medium124

Low0

Patch Status

Patched7 (5%)

Partial/Workaround0 (0%)

Unpatched128 (95%)

CVEs (157)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-12667	GitHub Gist Shortcode Plugin Vulnerability	MEDIUM	6.4	34d	Unpatched
CVE-2025-12020	Double the Donation Vulnerability	MEDIUM	4.9	34d	Unpatched
CVE-2025-11997	Document Pro Elementor – Documentation & Knowledge Base Plugin Vulnerability	MEDIUM	5.3	34d	Unpatched
CVE-2025-12538	Fleet Manager Plugin Vulnerability	MEDIUM	4.4	34d	Unpatched
CVE-2025-11894	Shelf Planner Plugin Vulnerability	MEDIUM	5.3	34d	Unpatched
CVE-2025-11822	WP Bootstrap Tabs Vulnerability	MEDIUM	6.4	34d	Unpatched
CVE-2025-12125	CVE-2025-12125	MEDIUM	4.4	38d	Unpatched
CVE-2025-12498	EventPrime Events Calendar Booking Tickets Plugin Vulnerability	MEDIUM	4.3	38d	Unpatched
CVE-2025-49909	Penci Bookmark & Follow Cross-site Scripting	MEDIUM	6.1	40d	Unpatched
CVE-2025-49905	Range Slider Addon for Gravity Forms Cross-site Scripting Vulnerability	MEDIUM	6.1	40d	Unpatched