WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-12787 | Hydra Booking Plugin Vulnerability | MEDIUM | 5.3 | 34d | Unpatched |
| CVE-2025-12788 | Hydra Booking Plugin Vulnerability | MEDIUM | 5.3 | 34d | Unpatched |
| CVE-2025-12652 | Ungapped Widgets Plugin Vulnerability | MEDIUM | 6.4 | 34d | Unpatched |
| CVE-2025-12711 | Share to Google Classroom Plugin Vulnerability | MEDIUM | 6.4 | 34d | Unpatched |
| CVE-2025-12651 | Live Photos Vulnerability | MEDIUM | 6.4 | 34d | Unpatched |
| CVE-2025-12590 | YSlider Cross-Site Request Forgery Vulnerability | MEDIUM | 6.1 | 34d | Unpatched |
| CVE-2025-12632 | RandomQuotr Plugin Vulnerability | MEDIUM | 5.5 | 34d | Unpatched |
| CVE-2025-12753 | Chart Expert Plugin Vulnerability | MEDIUM | 6.4 | 34d | Unpatched |
| CVE-2025-12658 | Preload Current Images XSS | MEDIUM | 6.4 | 34d | Unpatched |
| CVE-2025-12754 | Geopost Plugin Vulnerability | MEDIUM | 6.4 | 34d | Unpatched |