WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-62885 | RexTheme WP VR XSS | MEDIUM | 6.5 | 53d | Patched |
| CVE-2025-9322 | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | HIGH | 7.5 | 53d | Unpatched |
| CVE-2025-11269 | Product Filter by WBW Plugin Vulnerability | MEDIUM | 5.3 | 55d | Unpatched |
| CVE-2025-11879 | WordPress GenerateBlocks Plugin Vulnerability | MEDIUM | 6.5 | 55d | Unpatched |
| CVE-2025-11760 | Zoom Webinar & Meeting Plugin Vulnerability | MEDIUM | 5.3 | 55d | Unpatched |
| CVE-2025-11823 | Woolentor Addons Vulnerability | MEDIUM | 6.4 | 55d | Unpatched |
| CVE-2025-11172 | Check Plagiarism Plugin Vulnerability | MEDIUM | 4.3 | 56d | Unpatched |
| CVE-2025-12017 | VNPAY Payment Gateway Plugin Vulnerability | MEDIUM | 6.1 | 56d | Unpatched |
| CVE-2025-12014 | NGINX Cache Optimizer Plugin Vulnerability | MEDIUM | 4.3 | 56d | Unpatched |
| CVE-2025-12016 | qnotsquiz Vulnerability | MEDIUM | 4.4 | 56d | Unpatched |