WordPress.org

Security Scorecard

Score

29C

Total CVEs

540

Patch Rate

20%

106 patched

Avg Response

43d

days to patch

Critical Gaps

9

exploitable, no detection

Severity Breakdown

Critical9

High40

Medium489

Low2

Patch Status

Patched106 (20%)

Partial/Workaround0 (0%)

Unpatched434 (80%)

CVEs (632)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-64262	ramon fincken Auto Prune Posts Vulnerability	MEDIUM	6.5	32d	Patched
CVE-2025-64265	nmedia-user-file-uploader Vulnerability	MEDIUM	4.3	32d	Patched
CVE-2025-11260	WP Headless CMS Framework Plugin Vulnerability	MEDIUM	5.3	32d	Unpatched
CVE-2025-11769	WordPress Content Flipper Plugin Vulnerability	MEDIUM	6.4	32d	Unpatched
CVE-2025-12681	Comment Edit Core Vulnerability	MEDIUM	5.3	32d	Unpatched
CVE-2025-12536	SureForms Plugin Vulnerability	MEDIUM	5.3	32d	Unpatched
CVE-2025-12366	Pagelayer Plugin Vulnerability	MEDIUM	4.3	32d	Unpatched
CVE-2025-11454	SQL Injection in Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress	MEDIUM	6.5	33d	Unpatched
CVE-2025-12732	WP Ultimate CSV Importer Vulnerability	MEDIUM	4.3	33d	Unpatched
CVE-2025-12018	WordPress MemberFindMe Plugin Vulnerability	MEDIUM	4.4	33d	Unpatched