WordPress.org

Security Scorecard

Score

21F

Total CVEs

535

Patch Rate

2%

8 patched

Avg Response

-

days to patch

Critical Gaps

9

exploitable, no detection

Severity Breakdown

Critical6

High36

Medium483

Low2

Patch Status

Patched8 (1%)

Partial/Workaround0 (0%)

Unpatched527 (99%)

CVEs (627)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-12660	CVE-2025-12660	MEDIUM	6.4	24d	Unpatched
CVE-2025-66077	wpWax Legal Pages Exploit	MEDIUM	4.3	24d	Unpatched
CVE-2025-12661	Pollcaster Shortcode Plugin Vulnerability	MEDIUM	6.4	24d	Unpatched
CVE-2025-13135	HotelRunner Booking Widget Plugin Vulnerability	MEDIUM	6.4	24d	Unpatched
CVE-2025-11803	WPSite Shortcode Plugin Vulnerability	MEDIUM	6.4	24d	Unpatched
CVE-2025-11808	Google Street View Plugin Vulnerability	MEDIUM	6.4	24d	Unpatched
CVE-2025-11826	WP Company Info Plugin Vulnerability	MEDIUM	6.4	24d	Unpatched
CVE-2025-12964	Magical Products Display Plugin Vulnerability	MEDIUM	6.4	24d	Unpatched
CVE-2025-66057	CVE-2025-66057	MEDIUM	6.3	24d	Unpatched
CVE-2025-66081	Cross-site Scripting in Head Meta Data Plugin	MEDIUM	5.4	24d	Unpatched