WordPress.org
Security Scorecard
Score
29C
Total CVEs
540
Patch Rate
20%
106 patched
Avg Response
43d
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical9
High40
Medium489
Low2
Patch Status
Patched106 (20%)
Partial/Workaround0 (0%)
Unpatched434 (80%)
CVEs (632)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-11576 | CSV Injection in AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress | MEDIUM | 4.3 | 56d | Unpatched |
| CVE-2025-11128 | Feedzy RSS Aggregator Vulnerability | MEDIUM | 5.0 | 57d | Unpatched |
| CVE-2025-10705 | MxChat Vulnerability | MEDIUM | 5.3 | 57d | Unpatched |
| CVE-2025-62062 | Easy Post Submission Plugin Vulnerability | MEDIUM | 5.3 | 58d | Patched |
| CVE-2025-62072 | Rustaurius Front End Users Vulnerability | MEDIUM | 4.3 | 58d | Patched |
| CVE-2025-62063 | WP Travel Gutenberg Blocks XSS | MEDIUM | 6.5 | 58d | Patched |
| CVE-2025-62042 | Bastien Ho Event post Cross-site Scripting Vulnerability | MEDIUM | 6.5 | 58d | Patched |
| CVE-2025-62026 | Blockspare Blockspare Vulnerability | MEDIUM | 4.3 | 58d | Patched |
| CVE-2025-59593 | Colibri Page Builder XSS | MEDIUM | 5.9 | 58d | Patched |
| CVE-2025-60151 | WP Gravity Forms HubSpot Plugin Vulnerability | MEDIUM | 4.7 | 58d | Patched |