WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-12088 | Meta Display Block Plugin Vulnerability | MEDIUM | 6.4 | 27d | Unpatched |
| CVE-2025-12078 | ArtiBot Reflected XSS | MEDIUM | 6.1 | 27d | Unpatched |
| CVE-2025-12404 | Like-it Plugin Vulnerability | MEDIUM | 6.1 | 27d | Unpatched |
| CVE-2025-12079 | WP Twitter Auto Publish Plugin Vulnerability | MEDIUM | 6.1 | 27d | Unpatched |
| CVE-2025-12545 | Pixel Manager WooCommerce Track Conversions and Analytics Plugin Vulnerability | MEDIUM | 5.3 | 27d | Unpatched |
| CVE-2025-12392 | TripleA Cryptocurrency Payment Gateway Vulnerability | MEDIUM | 5.3 | 27d | Unpatched |
| CVE-2025-12639 | wModes Catalog Mode, Product Pricing, Enquiry Forms & Promotions Plugin Vulnerability | MEDIUM | 4.3 | 27d | Unpatched |
| CVE-2025-11734 | CVE-2025-11734 | MEDIUM | 5.4 | 27d | Unpatched |
| CVE-2025-12173 | WP Admin Microblog Plugin Vulnerability | MEDIUM | 4.3 | 27d | Unpatched |
| CVE-2025-12827 | CVE-2025-12827 | MEDIUM | 4.3 | 27d | Unpatched |