WordPress.org
Security Scorecard
Score
21F
Total CVEs
540
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched8 (1%)
Partial/Workaround0 (0%)
Unpatched532 (99%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-12502 | WordPress Plugin Vulnerability | MEDIUM | 6.8 | 25d | Unpatched |
| CVE-2025-5092 | LightGallery Vulnerability | MEDIUM | 6.4 | 25d | Unpatched |
| CVE-2025-12646 | SQL Injection in WordPress Community Events Plugin | HIGH | 7.5 | 25d | Unpatched |
| CVE-2025-13145 | WP Import – Ultimate CSV XML Importer Vulnerability | HIGH | 7.2 | 25d | Unpatched |
| CVE-2025-6251 | CVE-2025-6251 | MEDIUM | 6.4 | 26d | Unpatched |
| CVE-2025-13054 | WP Profile Builder Vulnerability | MEDIUM | 6.4 | 26d | Unpatched |
| CVE-2025-12359 | Responsive Lightbox & Gallery Plugin Vulnerability | MEDIUM | 5.4 | 26d | Unpatched |
| CVE-2025-12349 | Icegram Express Vulnerability | MEDIUM | 5.3 | 26d | Unpatched |
| CVE-2025-12426 | Quiz Maker Plugin Vulnerability | MEDIUM | 5.3 | 26d | Unpatched |
| CVE-2025-12814 | SiteSEO – SEO Simplified Plugin Vulnerability | MEDIUM | 5.3 | 26d | Unpatched |