WordPress.org

Security Scorecard

Score

29C

Total CVEs

540

Patch Rate

20%

106 patched

Avg Response

43d

days to patch

Critical Gaps

9

exploitable, no detection

Severity Breakdown

Critical9

High40

Medium489

Low2

Patch Status

Patched106 (20%)

Partial/Workaround0 (0%)

Unpatched434 (80%)

CVEs (632)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-60134	WP Media Categories CSRF	MEDIUM	5.3	58d	Patched
CVE-2025-60135	WeShare Buttons e-mailit XSS	MEDIUM	5.9	58d	Patched
CVE-2025-53421	PickPlugins Accordion Vulnerability	MEDIUM	6.3	58d	Patched
CVE-2025-49960	LeadBI Plugin Cross-site Scripting Vulnerability	MEDIUM	6.5	58d	Patched
CVE-2025-49933	CrocoBlock JetBlog Cross-site Scripting	MEDIUM	6.5	58d	Patched
CVE-2025-49961	Breeze Checkout Vulnerability	MEDIUM	6.3	58d	Patched
CVE-2025-49929	Ultimate Blocks XSS Vulnerability	MEDIUM	6.5	58d	Patched
CVE-2025-49380	Woo-vehicle-parts-finder Object Injection Vulnerability	MEDIUM	5.3	58d	Patched
CVE-2025-48096	FreshFace Custom CSS Vulnerability	MEDIUM	6.5	58d	Patched
CVE-2025-11825	Playerzbr Plugin Vulnerability	MEDIUM	6.4	58d	Unpatched