WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-9625 | Coil Web Monetization Plugin Vulnerability | MEDIUM | 4.3 | 27d | Unpatched |
| CVE-2025-7711 | WordPress Classified Listing Plugin Vulnerability | MEDIUM | 5.4 | 28d | Unpatched |
| CVE-2025-8994 | WP Project Manager SQL Injection | MEDIUM | 6.5 | 30d | Unpatched |
| CVE-2025-12182 | Qi Blocks Plugin Vulnerability | MEDIUM | 4.3 | 30d | Unpatched |
| CVE-2025-12849 | Contest Gallery Plugin Vulnerability | MEDIUM | 5.3 | 30d | Unpatched |
| CVE-2025-12847 | aIOSEO Pack Vulnerability | MEDIUM | 4.3 | 30d | Unpatched |
| CVE-2025-10686 | Creta Testimonial Showcase WordPress Plugin Vulnerability | HIGH | 7.2 | 30d | Patched |
| CVE-2025-12377 | Envira Gallery Plugin Vulnerability | MEDIUM | 5.3 | 32d | Patched |
| CVE-2025-64380 | Booster XSS Vulnerability | MEDIUM | 6.5 | 32d | Patched |
| CVE-2025-64381 | Wordpress Plugin Cross-site Scripting Vulnerability | MEDIUM | 6.5 | 32d | Patched |