WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-12038 | Folderly Plugin Vulnerability | MEDIUM | 4.3 | 45d | Unpatched |
| CVE-2025-11740 | wpForo SQL Injection | MEDIUM | 6.5 | 45d | Unpatched |
| CVE-2025-11928 | CSS & JavaScript Toolbox Plugin Vulnerability | MEDIUM | 4.4 | 45d | Unpatched |
| CVE-2025-11927 | Flying Images Plugin Vulnerability | MEDIUM | 4.4 | 45d | Unpatched |
| CVE-2025-11174 | Wordfence Vulnerability | MEDIUM | 5.3 | 45d | Unpatched |
| CVE-2025-12041 | ERI File Library Plugin Vulnerability | MEDIUM | 5.3 | 46d | Unpatched |
| CVE-2025-64354 | Gutenberg XSS | MEDIUM | 6.5 | 46d | Patched |
| CVE-2025-64351 | Wordpress Plugin Vulnerability | MEDIUM | 4.3 | 46d | Patched |
| CVE-2025-64365 | Ohio Extra XSS Vulnerability | MEDIUM | 6.5 | 46d | Patched |
| CVE-2025-12094 | OOPSpam Anti-Spam Vulnerability | MEDIUM | 5.3 | 49d | Unpatched |