WordPress.org
Security Scorecard
Score
21F
Total CVEs
535
Patch Rate
2%
8 patched
Avg Response
-
days to patch
Critical Gaps
9
exploitable, no detection
Severity Breakdown
Critical6
High36
Medium483
Low2
Patch Status
Patched8 (1%)
Partial/Workaround0 (0%)
Unpatched527 (99%)
CVEs (627)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2025-10175 | WP Links Page Plugin SQL Injection | MEDIUM | 6.5 | 70d | Unpatched |
| CVE-2025-10167 | WooCommerce Stock History & Reports Manager Vulnerability | MEDIUM | 6.4 | 70d | Unpatched |
| CVE-2025-10185 | Nex-Forms – Ultimate Forms Plugin SQL Injection Vulnerability | MEDIUM | 4.9 | 70d | Unpatched |
| CVE-2025-11167 | CM Registration – Tailored Tool Vulnerability | MEDIUM | 4.7 | 70d | Unpatched |
| CVE-2025-11197 | Draft List Plugin Vulnerability | MEDIUM | 6.4 | 70d | Unpatched |
| CVE-2025-10249 | Slider Revolution Plugin Vulnerability | MEDIUM | 6.5 | 72d | Unpatched |
| CVE-2025-11171 | Chartify – WordPress Chart Plugin Vulnerability | MEDIUM | 5.3 | 73d | Unpatched |
| CVE-2025-7400 | FIFU Plugin Vulnerability | MEDIUM | 6.4 | 74d | Unpatched |
| CVE-2025-10645 | WP Reset Plugin Vulnerability | MEDIUM | 5.3 | 74d | Unpatched |
| CVE-2025-9710 | Responsive Lightbox & Gallery WordPress Plugin Vulnerability | MEDIUM | 6.3 | 71d | Unpatched |