WordPress.org
Security Scorecard
Score
21F
Total CVEs
540
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched8 (1%)
Partial/Workaround0 (0%)
Unpatched532 (99%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-12842 | WordPress Appointments Time Slot Plugin Vulnerability | MEDIUM | 5.3 | 26d | Unpatched |
| CVE-2025-12535 | SureForms Plugin Vulnerability | MEDIUM | 5.3 | 26d | Unpatched |
| CVE-2025-13085 | SiteSEO – SEO Simplified Plugin Vulnerability | MEDIUM | 4.3 | 26d | Unpatched |
| CVE-2025-13069 | Enable SVG, WebP, and ICO Upload Plugin Vulnerability | HIGH | 8.8 | 26d | Unpatched |
| CVE-2025-8084 | AI Engine Plugin Vulnerability | MEDIUM | 6.8 | 27d | Unpatched |
| CVE-2025-12937 | ACF Flexible Layouts Manager Plugin Vulnerability | MEDIUM | 6.5 | 27d | Unpatched |
| CVE-2025-11265 | Vulnerable WordPress Plugin | MEDIUM | 6.4 | 27d | Unpatched |
| CVE-2025-11267 | VK All in One Expansion Unit Plugin Vulnerability | MEDIUM | 6.4 | 27d | Unpatched |
| CVE-2025-12823 | CSV to SortTable Plugin Vulnerability | MEDIUM | 6.4 | 27d | Unpatched |
| CVE-2025-12962 | Wordfence Wordfence Plugin Vulnerability | MEDIUM | 6.4 | 27d | Unpatched |