WordPress.org

Security Scorecard

Score

21F

Total CVEs

535

Patch Rate

2%

8 patched

Avg Response

-

days to patch

Critical Gaps

9

exploitable, no detection

Severity Breakdown

Critical6

High36

Medium483

Low2

Patch Status

Patched8 (1%)

Partial/Workaround0 (0%)

Unpatched527 (99%)

CVEs (627)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-12039	BigBuy Dropshipping Connector Vulnerability	MEDIUM	5.3	24d	Unpatched
CVE-2025-10054	ELEX HelpDesk & Customer Ticketing System Plugin Vulnerability	MEDIUM	5.3	-	Patched
CVE-2025-11973	Arbitrary File Read in 简数采集器 Plugin	MEDIUM	4.9	24d	Unpatched
CVE-2025-12169	ELEX WordPress HelpDesk & Customer Ticketing System Plugin Vulnerability	MEDIUM	4.3	-	Patched
CVE-2025-13142	Custom Post Type Plugin Vulnerability	MEDIUM	4.3	24d	Unpatched
CVE-2025-12502	WordPress Plugin Vulnerability	MEDIUM	6.8	25d	Unpatched
CVE-2025-5092	LightGallery Vulnerability	MEDIUM	6.4	25d	Unpatched
CVE-2025-12646	SQL Injection in WordPress Community Events Plugin	HIGH	7.5	25d	Unpatched
CVE-2025-13145	WP Import – Ultimate CSV XML Importer Vulnerability	HIGH	7.2	25d	Unpatched
CVE-2025-6251	CVE-2025-6251	MEDIUM	6.4	26d	Unpatched